Privacy Policy
Last updated: February 2026 | Version 1.0
1. Who We Are
Board Game Mondays ("we", "our", "us") operates this website. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Data We Collect
We collect and process the following personal data:
Account Information
- Username: Your chosen login name
- Email address: Used for password recovery and account notifications
- Display name: The name shown to other members
- Password: Stored securely using industry-standard hashing
Profile Information (Optional)
- Profile photo/avatar
- Profile tagline
- Favourite game
- Play style description
- Fun fact about yourself
Activity Data
- Game night attendance records
- Game results and scores
- BGM Coin balance and transactions
- Bets placed and outcomes
- Reviews and ratings submitted
- Want-to-play votes
Technical Data
- IP address (for security and consent audit purposes)
- Browser type and version (user agent)
- Consent records and timestamps
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| Providing and maintaining your account | Contract performance |
| Tracking game night attendance and results | Legitimate interests (community features) |
| Displaying leaderboards and statistics | Legitimate interests (community engagement) |
| Sending password reset emails | Contract performance |
| Sending email confirmation requests | Contract performance |
| Security and fraud prevention | Legitimate interests |
We do not sell your personal data to third parties or use it for marketing purposes without your explicit consent.
4. Cookies
We use cookies to operate the website. Here's what we use:
Essential Cookies (Always Active)
| Cookie Name | Purpose | Duration |
|---|---|---|
bgm.auth |
Keeps you logged in to your account | Session / Persistent (if "remember me") |
bgm_cookie_consent |
Remembers your cookie preferences | 1 year |
.AspNetCore.Antiforgery.* |
Security protection against cross-site request forgery | Session |
Optional Cookies
We currently do not use any analytics or advertising cookies. If this changes, we will update this policy and request your consent.
You can manage your cookie preferences at any time by clicking "Cookie Settings" in the website footer, or by clearing cookies in your browser settings.
5. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of Access: You can request a copy of all personal data we hold about you.
Export My Data - Right to Rectification: You can update or correct inaccurate data via your account settings.
Account Settings - Right to Erasure ("Right to be Forgotten"): You can request deletion of your account and personal data.
Delete My Account - Right to Data Portability: You can receive your data in a machine-readable format (JSON).
- Right to Object: You can object to processing based on legitimate interests.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, use the links above or contact us using the details in Section 8.
6. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data (username, email, display name) | Until account deletion + 30 days grace period |
| Profile information | Until account deletion |
| Game statistics and results | Anonymised upon account deletion (preserved for community records) |
| Consent records | 3 years (legal compliance) |
| Security logs (IP addresses) | 90 days |
7. Data Security
We implement appropriate technical and organisational measures to protect your data:
- Passwords are hashed using industry-standard algorithms
- All data transmission is encrypted using HTTPS/TLS
- Authentication cookies are secured with HttpOnly, Secure, and SameSite flags
- Rate limiting protects against brute-force attacks
8. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Email: [Insert contact email]
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: https://ico.org.uk/make-a-complaint/
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by updating the version number and "last updated" date at the top of this page. Where required by law, we will request your consent to material changes.