Compliance

How we meet our legal obligations

GDPR

Puzzle Post B.V. is committed to full compliance with the General Data Protection Regulation (EU) 2016/679. We act as a data processor on behalf of the publishers who use our platform; the publisher is the data controller for their reader data. For details on what data is collected and how it is used, see our Privacy Policy.

We maintain a processing agreement (DPA) with each publisher partner. Our infrastructure is hosted in the European Union. Personal data is not transferred outside the EEA without appropriate safeguards.

Cookie compliance

We use Cookiebot to manage cookie consent on all Puzzle Post pages. You can review and change your cookie preferences at any time by clicking Privacy settings.

We use only strictly functional cookies and local storage. No advertising, analytics, or social media tracking cookies are placed without your explicit consent.

Data retention

We retain personal data only as long as necessary for the purpose it was collected:

• Account data — until you delete your account.
• Anonymous game data — 90 days.
• Security / access logs (IP addresses) — up to 12 months.

Deleted accounts and their associated personal data are removed within 30 days of deletion.

Security

All communication between your browser and our servers is encrypted using TLS. Passwords are stored as one-way bcrypt hashes. Our infrastructure is accessible only to authorised personnel and is regularly reviewed for security risks.

Responsible disclosure

If you discover a security vulnerability in the Puzzle Post platform, please report it responsibly to security@puzzlepost.nl. We commit to acknowledging all reports within 5 business days and to keeping you informed of the steps we take.

Contact

For compliance and data protection enquiries: privacy@puzzlepost.nl.
For legal matters: legal@puzzlepost.nl.