18+ only  |  Free social game — no real money, no prizes  |  Play Responsibly
Legal

Privacy Policy

Last updated: 22 May 2026. How NiagaraForest collects, processes, and protects information about visitors to this site.

1. Who We Are

NiagaraForest is a free-to-play social adventure game operated from 847 King St E, Hamilton, Ontario, L8P 2X8, Canada. We are the data controller for all information described in this policy. Our contact for privacy matters is [email protected]. We do not employ a formal Data Protection Officer, but the contact above handles all privacy requests within seven business days.

NiagaraForest is not a gambling operator. No money is collected or processed at any point. All virtual credits are fictional tokens. There are no payment processors, no financial data processors, and no Know-Your-Customer (KYC) systems because none are needed or permitted on this platform.

2. What We Collect

We collect only the minimum information necessary to deliver the site. Specifically:

Server logs: When your browser requests a page from our server, our hosting provider records your IP address, user-agent string, referrer URL, page requested, and timestamp. These logs are retained for up to 14 days for security and debugging purposes, then deleted. We do not link server log data to individual identities.

Cookies and localStorage (with consent): We write a session persistence cookie (kn_age_ok) to remember your age confirmation, and a consent record (kn_consent_v2) to store your cookie preferences. Both are also mirrored in localStorage to ensure cross-page persistence when the site is accessed via file:// during quality assurance. If you accept analytics cookies, we additionally load Google Analytics (GA4), which sets its own cookies as described in the Cookie Policy.

Contact form submissions: If you email us at the address above, we receive your email address and the content of your message. These are retained for up to 12 months for support purposes, then deleted unless a legal obligation requires longer retention.

3. What We Do NOT Collect

We do not collect names, postal addresses, phone numbers, date of birth, national identity numbers, payment card details, bank account information, or any government-issued identification numbers. We do not collect photographs, biometric data, or health information. We do not collect location data beyond the country-level inference possible from an IP address. We do not collect data about minors — the site is for adults only, and we make no deliberate attempt to gather data from visitors under 18.

We do not maintain a registered-user database. There are no accounts, no profiles, and no login system. Virtual credits exist only in your browser session and are not stored on our servers.

4. How We Use the Data

Server log data is used solely to identify and respond to security incidents, diagnose server errors, and comply with our hosting provider’s technical requirements. It is not used for marketing, profiling, or targeting.

Cookie and localStorage data is used to persist your age confirmation and cookie preferences across page navigations, so that the age gate and cookie banner do not re-appear every time you visit a new page. This is a functional necessity, not a tracking activity.

If you have accepted analytics cookies, anonymised page-view and event data are transmitted to Google Analytics to help us understand which pages are most visited and improve site performance. This data is not used for advertising.

Contact form data is used only to respond to your enquiry.

5. Third-Party Processors

We share data with the following third-party processors under appropriate agreements:

Hosting provider: Our hosting infrastructure processes server log data on our behalf. The provider is bound by a data processing agreement and operates servers in Canada or the United States.

Google LLC (Google Analytics / GA4): If you accept analytics cookies, your anonymised page-view data is transmitted to Google Analytics servers, which may be located in the United States or other jurisdictions. Google LLC acts as a data processor under our GA4 agreement. Google’s privacy policy is available at policies.google.com/privacy. We have enabled IP anonymisation in our GA4 configuration.

Google Fonts: Page stylesheets load Cinzel and Nunito Sans from Google Fonts CDN. Google’s servers receive your IP address as part of the CDN request. We do not control what Google does with this data; their privacy policy applies. No personally identifiable information beyond the IP address is transmitted.

jsDelivr CDN: Bootstrap grid CSS is loaded from the jsDelivr CDN. jsDelivr receives your IP address as part of the CDN request. jsDelivr’s privacy policy applies. No personally identifiable information beyond the IP address is transmitted.

We do not share data with advertising networks, data brokers, or any third party for commercial purposes.

6. Cookies and localStorage

Our full cookie inventory is documented in the Cookie Policy. In brief: we use two strictly-necessary cookies (kn_age_ok and kn_consent_v2) and, with your consent, Google Analytics cookies. Both strictly-necessary cookies are mirrored in localStorage as a technical fallback for cross-page persistence. If you access this site through a QA or preview environment, only localStorage may be available. The two values store no personal information — they are a single bit (“1”) for the age flag and a small JSON object for consent preferences.

7. Data Retention

Server logs: 14 days from creation, then deleted automatically by the hosting provider.

Age-gate cookie and localStorage entry (kn_age_ok): 180 days from acceptance, then expires automatically. No action needed from you.

Consent cookie (kn_consent_v2): 180 days from last preference save. Re-prompt occurs when the consent version increments or when the cookie expires.

Google Analytics session and hit data: up to 14 months by default in Google’s GA4 retention settings, after which Google deletes it. We periodically verify this setting is not longer than 14 months.

Contact emails: 12 months from receipt, then deleted from our mailbox, unless we have an ongoing obligation to retain the correspondence.

8. Your Rights Under Canadian and International Law

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario’s equivalent framework give you the right to: access the personal information we hold about you; request correction of inaccurate information; withdraw consent for non-essential processing; and lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

If you are in a jurisdiction subject to the General Data Protection Regulation (GDPR) — such as a Canadian resident exercising rights under EU adequacy frameworks — you additionally have the right to erasure, restriction of processing, data portability, and to object to automated decision-making. NiagaraForest does not conduct automated decision-making that has legal or significant effects on individuals.

To exercise any of these rights, email us at [email protected] with the subject line “Privacy Request.” We will respond within seven business days and complete your request within 30 days.

9. Security Posture

We apply the following technical and organisational measures to protect the limited data we hold: TLS encryption in transit (HTTPS); server-side access controls restricting log access to named administrators; no database of personal information (the virtual credits engine is entirely client-side); no payment card or financial data storage (none is collected); and regular review of third-party dependencies for known vulnerabilities.

Because we collect so little data, the surface area for a meaningful data breach is minimal. We do not hold usernames, passwords, or personal profiles. A breach of our server logs would expose IP addresses and page URLs — both of which are already processed by your ISP and any CDNs your browser contacts.

10. International Data Transfers

NiagaraForest is operated from Canada. Some of our third-party processors (Google, jsDelivr) may process data on servers in the United States or other countries. Where this occurs, we rely on Standard Contractual Clauses or the adequacy decision applicable to Canada under GDPR to ensure appropriate safeguards are in place.

11. Changes to This Policy

We may update this Privacy Policy when we add new features, change processors, or when applicable law requires it. Material changes will be indicated by a new “Last updated” date at the top of this page, and where the change significantly affects your rights, we will display a notice on the homepage. Continued use of the site after the update date constitutes acceptance of the revised policy.

We maintain an internal change log of all substantive Privacy Policy revisions. If you would like a copy of the previous version, contact us at the address below.

12. Contact

For all privacy-related enquiries, corrections, access requests, or erasure requests:
NiagaraForest Privacy
847 King St E, Hamilton, ON L8P 2X8, Canada
Email: [email protected]
Phone: +1 (905) 483-2710

Cookie Settings

We use essential cookies to remember your age confirmation and optional analytics to improve the experience.