Privacy Policy
Revised May 13, 2026
This Privacy Policy for Tessy Games LLC ("we," "us," or "our") describes how and why we access, collect, store, use, and share ("process") your personal information when you use our services ("Services"), including when you:
- Visit our website at https://tessy.fun or any website of ours that links to this Privacy Policy
- Engage with us in other related ways, including any marketing or events
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. We are responsible for decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you have questions, please contact us at help@tessy.fun.
Summary of key points
This summary highlights the most important points in plain language. The full policy follows.
- What we collect. Account information you provide (username, email, password hash), acknowledgment of payments via third parties (but not the payment details like credit card numbers themselves), and technical information automatically collected (IP address, device and browser details, approximate IP-based location, and product usage events).
- Sensitive information. We do not process sensitive personal information.
- Third-party data. We do not collect information about you from third parties.
- Why we process it. To run accounts, deliver the Services, process payments, prevent fraud, communicate with you, and improve the product. We rely on your consent for optional analytics.
- Who we share with. A small set of service providers (which provide product analytics; and payments). We do not sell personal information and do not share it for targeted advertising.
- Cookies. We use first-party cookies for authentication, preferences, and (with consent) analytics. Some embedded third-party services (such as our payment processor on payment pages) also set their own cookies on their own domains. See our Cookie Policy for the current list of cookies and providers.
- Your rights. Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to opt out of certain processing. Email help@tessy.fun to exercise them.
- Security. We use reasonable technical and organizational measures, but no system can be guaranteed 100% secure.
1. What information do we collect?
Personal information you disclose to us
In short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register for the Services, participate in activities on the Services, or otherwise contact us. The personal information we collect may include:
- usernames (handles or nicknames)
- email addresses
- password hashes (we never store plaintext passwords)
Sensitive information. We do not process sensitive information.
Payment data. If you make a purchase, we collect the information necessary to process your payment. All payment data is handled and stored by Stripe; you can review their privacy notice at https://stripe.com/privacy.
Social media login data. If we offer the option to register using a social media account (for example, Google), we will receive certain profile information from that provider, as described below in the section on social logins.
All personal information you provide must be true, complete, and accurate, and you must notify us of any changes.
Information automatically collected
In short: Some information — such as your IP address and browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not, by itself, reveal your identity, but it may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, approximate IP-based location, and information about how you use our Services. This information is primarily used to maintain the security and operation of our Services and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. You can learn more in our Cookie Policy.
The information we collect includes:
- Log and usage data. Service-related, diagnostic, usage, and performance information that our servers automatically collect when you access or use our Services, including IP address, device information, browser type, settings, pages viewed, actions taken (such as which features you use), timestamps, and error reports.
- Device data. Information about the computer, phone, tablet, or other device you use to access the Services, including IP address (or proxy server), device and application identifiers, browser type, hardware model, operating system, and system configuration information.
- Location data. IP-based approximate location (city or region only), used for analytics and security. We do not use GPS or other precise-location technologies.
Google APIs
Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. How do we process your information?
In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for the following purposes, depending on how you interact with our Services:
- To facilitate account creation and authentication and otherwise manage user accounts so you can create and log in to your account and keep it in working order.
- To deliver the Services you request.
- To respond to inquiries and provide support.
- To send administrative information, such as details about our products, changes to our terms or policies, and similar service messages.
- To fulfill and manage your orders, payments, refunds, and other transactions made through the Services.
- To prevent fraud and protect the security of our Services and our users.
- To monitor errors and crashes so we can detect, diagnose, and fix bugs and keep the Service reliable (only with your analytics consent).
- To save or protect an individual's vital interests, such as to prevent harm, where necessary.
3. What legal bases do we rely on to process your information?
In short: We only process your personal information when we have a valid legal reason to do so under applicable law.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following:
- Consent. We process your information when you have given us permission for a specific purpose (for example, optional product analytics). You can withdraw your consent at any time, as described below.
- Performance of a contract. We process your information when necessary to provide the Services you request or to take steps prior to entering into a contract with you.
- Legal obligations. We process your information where necessary to comply with our legal obligations, cooperate with a regulatory authority, or exercise or defend our legal rights.
- Vital interests. We process your information where necessary to protect your vital interests or those of another person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us express consent, or where consent can be inferred (implied consent). You can withdraw your consent at any time, as described below.
In some exceptional cases, applicable law may permit us to process your information without your consent, including:
- where collection is clearly in your interests and consent cannot be obtained in time;
- for investigations and fraud detection and prevention;
- for business transactions that meet certain conditions;
- where required to comply with a subpoena, warrant, or court order;
- where the information is publicly available and specified by regulation.
4. When and with whom do we share your personal information?
In short: We share information only with a small set of service providers and in the specific situations described in this section.
Vendors and service providers. We may share your data with third-party service providers who perform services for us and require access to that information to do their work. We have contracts in place designed to safeguard your personal information; service providers may only use the information on our instructions and must protect and retain it as we direct.
We share personal information with service providers in the following categories. We may add or change vendors within these categories from time to time; the list below reflects current vendors and will be updated as it changes. Adding a new vendor in an already-disclosed category (for example, a second analytics tool or a new error-monitoring service) does not change the purposes for which we process your information.
- Analytics — to understand how the Service is used. Current vendor: PostHog. Only set with your consent.
- Payments — to process subscription payments. Current vendor: Stripe.
- Error monitoring and crash reporting — to detect and fix bugs and keep the Service reliable. Current vendor: PostHog.
We may also share your personal information in the following situation:
- Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
International data transfers
In short: Your information is processed in the United States. If you are located outside the United States, transferring your information to us involves a cross-border transfer.
Tessy Games LLC is established in the United States, and our service providers (including our analytics and payment providers) process personal information in the United States. If you access the Services from outside the United States — including from the European Economic Area (EEA), the United Kingdom, or Switzerland — your personal information will be transferred to, stored in, and processed in the United States.
Where a transfer of personal information from the EEA, UK, or Switzerland to a third country requires an appropriate safeguard under applicable law, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), incorporated into our agreements with the relevant service providers. You may request a copy of the relevant safeguards by emailing help@tessy.fun.
5. Do we use cookies and other tracking technologies?
In short: We use a limited set of cookies, and we do not use cookies for advertising.
We use first-party cookies for authentication, preferences, and (with your consent) analytics. Some embedded third-party services (such as our payment processor on payment pages) also set their own cookies on their own domains. We do not use cookies for advertising and do not sell or share information for targeted advertising. See our Cookie Policy for the current list of cookies and providers.
6. How do we handle your social logins?
In short: If you choose to register or log in using a social media account, we may receive certain profile information about you.
If we offer the ability to register or log in using a third-party social media account (for example, Google), we will receive certain profile information from your social media provider. The profile information we receive may include your name, email address, and profile picture, as well as other information you make public on that platform.
We will use the information we receive only for the purposes described in this Privacy Policy or otherwise made clear to you. We do not control how your social media provider processes your personal information; please review their privacy notice to understand their practices.
7. How long do we keep your information?
In short: We keep your information for as long as necessary to fulfill the purposes described in this Privacy Policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this policy will require us to keep your personal information for longer than the period in which you have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if not possible (for example, because it has been stored in backup archives), securely store it and isolate it from any further processing until deletion is possible.
8. How do we keep your information safe?
In short: We aim to protect your personal information with reasonable organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the personal information we process. However, no electronic transmission or storage technology can be guaranteed to be 100% secure, so we cannot promise that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our Services is at your own risk; you should only access the Services within a secure environment.
9. What are your privacy rights?
In short: Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to opt out of certain processing.
In some regions (such as the EEA, UK, Switzerland, and Canada), you have rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information; (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) where applicable, to data portability; and (v) not to be subject to automated decision-making. If a decision producing legal or similarly significant effects is made solely by automated means, we will inform you, explain the main factors, and offer a simple way to request human review. You can make such a request by contacting us using the contact details described below.
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or the UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent. If we are relying on your consent to process your personal information, you have the right to withdraw it at any time. You can withdraw consent by emailing us at help@tessy.fun, or, for analytics consent, by changing your choice in our Cookie banner or Cookie Policy controls. Withdrawal does not affect the lawfulness of processing before withdrawal, nor processing carried out on legal bases other than consent.
Opting out of marketing and promotional communications. You can unsubscribe from our marketing emails at any time by clicking the unsubscribe link in those emails or by contacting us. You will still receive service-related messages necessary for the administration of your account.
Cookies and similar technologies. Most web browsers are set to accept cookies by default. You can usually configure your browser to remove or reject cookies. If you remove or reject cookies, some features of our Services may not work as intended. For more information, see our Cookie Policy.
If you have questions or comments about your privacy rights, you may email us at help@tessy.fun.
10. Controls for Do-Not-Track features
Global Privacy Control. We recognize and honor Global Privacy Control (GPC) signals. If you use a browser or extension that supports GPC, we treat that signal as a valid request to opt out of the sale or sharing of your personal information for targeted advertising under applicable state privacy laws, including the California Consumer Privacy Act (CCPA). When we detect a GPC signal from your browser, we automatically apply your opt-out preference without requiring any additional action. For more information about GPC and how to enable it, visit globalprivacycontrol.org.
Do-Not-Track. Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference. No uniform technology standard for recognizing and implementing DNT signals has been finalized. Because there is no industry or legal consensus on how to honor DNT signals, we do not currently respond to them.
11. Do United States residents have specific privacy rights?
In short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you, correct inaccuracies, obtain a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.
Categories of personal information we collect
The table below shows the categories of personal information we have collected in the past twelve (12) months. The examples are illustrative and do not necessarily reflect every kind of personal information we collect from you. For a full inventory, see the section above on what information we collect.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Contact details such as alias, unique personal identifier, online identifier, Internet Protocol address, email address, and account name | YES |
| B. Personal information as defined in the California Customer Records statute | Name, contact information, education, employment, and financial information | NO |
| C. Protected classification characteristics under state or federal law | Gender, age, date of birth, race and ethnicity, national origin, marital status | NO |
| D. Commercial information | Transaction information, purchase history, and payment information | YES |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other similar network activity | Product usage events, page views, interactions with our Services, and error/crash reports | YES |
| G. Geolocation data | Approximate location derived from IP address (IP-based, approximate) | YES |
| H. Audio, electronic, sensory, or similar information | Images and audio, video, or call recordings | NO |
| I. Professional or employment-related information | Business contact details, work history, and professional qualifications | NO |
| J. Education information | Student records and directory information | NO |
| K. Inferences drawn from collected personal information | Inferences drawn from the categories above to create a profile or summary | NO |
| L. Sensitive personal information | Social security numbers, precise geolocation, racial or ethnic origin, religious beliefs, biometric data, and health information | NO |
We may also collect other personal information outside these categories when you interact with us in person, online, by email, or by mail in the context of:
- receiving help through our customer support channels;
- participating in surveys or contests; and
- facilitation in the delivery of our Services and to respond to your inquiries.
We will use and retain the collected personal information as needed to provide the Services or:
- Category A - as long as you have an account with us.
- Category D - as long as required for tax, accounting, and audit purposes.
- Categories F and G - retained for analytics and security purposes for the period set by our analytics provider's configuration.
Sources of personal information
We collect personal information directly from you, automatically when you use the Services, and from our service providers acting on our behalf. See the section above on what information we collect for details, and the section on with whom we share personal information for the current list of service providers.
How we use and share personal information
See the section above on how we process your information for the purposes for which we use personal information. We collect and share your personal information through service providers in the categories described above (analytics, payments, error monitoring). We do not "share" personal information for targeted advertising.
Will your information be shared with anyone else? We may disclose your personal information to our service providers under written contracts. See the section above on with whom we share personal information for the categories of recipients.
We may use your personal information for our own business purposes, such as undertaking internal research for technological development and demonstration. This is not considered a "sale" of your personal information.
We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to service providers for a business or commercial purpose in the preceding twelve (12) months:
- Category A. Identifiers — disclosed to service providers in the categories described in the section above on with whom we share personal information. This is not a "sale" under applicable state law.
- Category D. Commercial information — disclosed to our payment processor for payment processing. This is not a "sale" under applicable state law.
- Categories F and G. Internet or other similar network activity and geolocation data — disclosed to our analytics provider for product analytics and error monitoring (with your consent). This is not a "sale" under applicable state law.
Your rights
You have rights under certain US state data protection laws. These rights are not absolute, and in some cases we may decline your request as permitted by law. These rights include:
- Right to know whether we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request the deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to non-discrimination for exercising your rights
- Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California's privacy law), the sale of personal data, or profiling with legal or similarly significant effects
Depending on where you live, you may also have the following rights:
- Right to access the categories of personal data being processed (where permitted by applicable law, including in Minnesota)
- Right to obtain a list of the categories of third parties to which we have disclosed personal data (where permitted by applicable law, including in California, Delaware, and Maryland)
- Right to obtain a list of specific third parties to which we have disclosed personal data (where permitted by applicable law, including in Minnesota and Oregon)
- Right to obtain a list of third parties to which we have sold personal data (where permitted by applicable law, including in Connecticut)
- Right to review, understand, question, and (depending on where you live) correct how personal data has been profiled (where permitted by applicable law, including in Connecticut and Minnesota)
- Right to limit use and disclosure of sensitive personal data (where permitted by applicable law, including in California)
- Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (where permitted by applicable law, including in Florida)
How to exercise your rights
To exercise these rights, email us at help@tessy.fun or use the contact details at the bottom of this document.
We honor opt-out preferences when you enable the Global Privacy Control (GPC) signal in your browser.
Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof of valid authorization.
Request verification
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. If we cannot verify your identity from information already maintained by us, we may request additional information for verification, security, or fraud-prevention purposes.
If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing the request, and the agent will need to provide written and signed permission from you to submit the request on your behalf.
Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at help@tessy.fun. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of our reasons. If your appeal is denied, you may submit a complaint to your state attorney general.
12. Do other regions have specific privacy rights?
In short: You may have additional rights based on the country you reside in.
Australia and New Zealand
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (the Privacy Acts).
This Privacy Policy satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and the recipients of your personal information.
If you do not wish to provide the personal information necessary to fulfill these purposes, it may affect our ability to provide our Services, in particular our ability to:
- offer you the products or services that you want;
- respond to or help with your requests;
- manage your account with us; and
- confirm your identity and protect your account.
At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us using the details described below.
If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of the New Zealand Privacy Commissioner.
Republic of South Africa
At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us using the details described below.
If you are unsatisfied with the manner in which we address any complaint regarding our processing of personal information, you can contact the office of the regulator:
The Information Regulator (South Africa)
General enquiries: enquiries@inforegulator.org.za
Complaints (complete POPIA/PAIA form 5): PAIAComplaints@inforegulator.org.za and POPIAComplaints@inforegulator.org.za
13. Do we collect information from children?
In short: Our Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16.
Our Services are not directed to children under 16. We do not knowingly collect or solicit personal information from anyone under 16, and we do not knowingly allow such persons to register for the Services. This threshold is stricter than the US Children's Online Privacy Protection Act (COPPA), which sets a minimum age of 13, and is aligned with the General Data Protection Regulation (GDPR), which generally requires parental consent for children under 16. If you are under 16, please do not provide any personal information through the Services. If we learn that we have collected personal information from a child under 16 without verifiable parental consent, we will take reasonable steps to delete that information as soon as practicable. If you believe a child has provided personal information to us, please contact us at help@tessy.fun.
14. Do we make updates to this policy?
In short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Policy. If we make material changes, we may notify you either by prominently posting a notice or by sending you a direct notification. We encourage you to review this Privacy Policy frequently to stay informed of how we protect your information.
15. How can you contact us about this policy?
If you have questions or comments about this policy, you may email us at help@tessy.fun or contact us by post at:
1500 N Grant St Ste N
Denver, CO 80203
United States
16. How can you review, update, or delete the data we collect from you?
Based on the applicable laws of your country or US state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, email us at help@tessy.fun.