Privacy Policy

We respect your privacy. MogPit is built around the principle that your face and your conversations belong to you. This policy explains, in plain English, what we collect, why, and what we never store.

1. Who we are

The data controller for this service is the operator listed in our Imprint. For any privacy-related questions you can reach us at privacy@mogpit.example.

2. What we never store

By design, MogPit never persists the following:

• Raw video frames from your camera.
• Audio from your matches.
• Recordings of your live opponents.
• Biometric face embeddings beyond the lifetime of your session.

Frames captured for your baseline scan are sent to our scoring service in memory, scored, and discarded. Live video between you and your opponent is peer-to-peer (WebRTC) and never transits our servers.

3. What we do store

Account

An account is required to play. We store your email (normalized to lower case) and a salted scrypt password hash — never the plaintext password. Your ELO, scans, and match history are bound to this account. A login session is tracked via an httpOnly cookie backed by Redis.

Match results

For each match we keep:

• Numeric scores (1.0–9.9) for both players
• Outcome (win / loss / draw / aborted)
• ELO change
• Brief textual feedback generated by Panoptes
• Timestamps

Baseline scan

When you complete an Initiatio, we cache a baseline score and a small derived embedding for up to 30 minutes so we can pair it with your live performance during matches. After 30 minutes the cache is cleared. You can also clear it manually at any time from your profile.

Operational data

Standard server logs (IP address, user-agent, request timestamps) are kept for up to 14 days for security, abuse prevention, and debugging. IP addresses are not joined to your match history.

4. Why we process this data

Legal basis under the GDPR is Art. 6(1)(b) — performance of a service you requested — for everything required to play matches and show your results, and Art. 6(1)(f) — legitimate interest — for fraud, abuse, and security logging.

5. Sharing

We do not sell your data. We do not share it with advertisers. We use a limited number of processors to operate the service:

• Hosting infrastructure (server, database, Redis cache)
• STUN/TURN relays for WebRTC connectivity

These processors only handle the data necessary to keep the service running and are bound by data processing agreements where required by the GDPR.

6. Cookies

We use exactly one strictly necessary cookie: an authenticated session identifier. We do not use marketing or tracking cookies. We do not embed third-party analytics or social trackers.

7. Your rights

Under the GDPR you have the right to:

• Access the data we hold about your account
• Request correction of inaccurate data
• Request deletion of your account and associated match history
• Object to processing based on legitimate interest
• Lodge a complaint with your local supervisory authority

To exercise any of these rights, contact privacy@mogpit.example from the email address tied to your account so we can verify the request.

8. International transfers

Our infrastructure is hosted in the European Union. We do not intentionally transfer personal data outside the EU/EEA. If a third-party processor is located outside the EU, it will be subject to appropriate safeguards (e.g. Standard Contractual Clauses).

9. Minors

MogPit is not intended for users under the age of 18. By using the service you confirm that you are at least 18 years old.

10. Changes to this policy

We may update this policy as the product evolves. Material changes will be announced on the landing page. The current version is always available at this URL.