Privacy Policy

Last updated: 14 May 2026

Independence notice. openfront.app is an independent, non-commercial project operated by a private individual in France. It is not affiliated with, endorsed by, or sponsored by OpenFront.io, OpenFront LLC, OpenFront Inc., or any related entity. This service is an independent fork of an open-source project; the source code is publicly available at the repository linked from the home page.

1. Controller

The data controller is the private individual operator of openfront.app, based in France. Contact: [email protected].

2. Service status

The openfront.app service is non-commercial and scheduled to be taken offline on 8 June 2026, on natural expiry of the openfront.app domain. No new data collection is initiated beyond what is described below.

3. Data we collect

We collect the minimum data necessary to operate the service:

Technical logs: IP address, browser type, timestamps, requested URLs. Used for security and debugging. Retained up to 90 days.
Game session data: temporary data needed to run a multiplayer session (player identifier within a game, in-game actions). Deleted when the session ends.
Cookies: only essential cookies for session management. No analytics or advertising cookies.

We do not sell, share, or monetize personal data. No advertising is served on this site.

4. Third parties

Hetzner Online GmbH (Germany, EEA) — server hosting. Privacy policy.
Cloudflare, Inc. (USA) — CDN, DDoS protection. Standard Contractual Clauses apply for transfers outside the EEA. Privacy policy.

5. Legal basis (GDPR)

Processing is based on legitimate interests (Article 6(1)(f) GDPR) for service operation, security, and abuse prevention, balanced against your rights.

6. Your rights

Under GDPR you have the rights of access, rectification, erasure, restriction, objection, and portability. To exercise any of these rights, contact [email protected]. You may also lodge a complaint with the CNIL (www.cnil.fr).

7. Data security

HTTPS/TLS is used for all data in transit. Access to server data is limited to the operator. No method is 100% secure; users should use a unique password if creating any local credential.

8. Children

This service is not directed at children under 16. If you believe a minor has provided personal data, contact us for removal.

9. Changes

This policy may be updated. The "last updated" date at the top reflects the current version. Given the planned service shutdown on 8 June 2026, significant changes are unlikely.

10. Contact

Email: [email protected]. Response within 30 days as required by GDPR.