Privacy Policy GDPR Compliant

Effective Date: March 1, 2026 — Last Updated: March 10, 2026

1. Data Controller

The data controller for this Service is:

• Project: The Backend of Luck / AcmetoCasino Educational Simulation
• Email: info@thebackendofluck.com
• Website: thebackendofluck.com
• Jurisdiction: Netherlands

As AcmetoCasino is an educational simulation that does not collect or process personal data on any server, the role of data controller is minimal. This policy is provided for transparency and to demonstrate GDPR-compliant privacy practices as part of the book's educational content.

2. What Data We Collect

AcmetoCasino is designed with a privacy-first architecture. We collect virtually no data about our users.

2.1 Data We Do NOT Collect

• No names, email addresses, or contact information
• No payment information or financial data
• No government-issued identification
• No IP address logging or tracking
• No behavioral analytics or user profiling
• No location data or device fingerprinting
• No social media account information

2.2 Data Stored Locally in Your Browser

The following data is stored exclusively in your browser's localStorage and never transmitted to our servers:

You have full control over this data and can delete it at any time by clearing your browser's storage (see Section 5).

2.3 Server Logs

Our web server may automatically log standard HTTP request information (IP address, timestamp, requested URL, user agent) as part of normal web server operation. These logs are used solely for security monitoring and are automatically purged after 14 days. They are not linked to any user identity or used for tracking purposes.

3. Cookies

AcmetoCasino uses only essential cookies required for basic website functionality. We do not use:

• Tracking cookies
• Analytics cookies (no Google Analytics, no Matomo, no similar)
• Advertising or marketing cookies
• Social media cookies
• Third-party cookies (except Google Fonts, see below)

For complete details about our cookie practices, please see our Cookie Policy.

3.1 Google Fonts

We load fonts from Google Fonts, which may set cookies or log requests on Google's servers. Google's privacy policy applies to that data processing. For more information, see Google's Privacy Policy.

4. Legal Basis for Processing

Under Article 6 of the GDPR, the legal basis for any minimal data processing that occurs is:

• Legitimate Interest (Art. 6(1)(f)): Providing an educational demonstration of casino system architecture. The simulation serves an educational purpose aligned with the book The Backend of Luck.
• Consent (Art. 6(1)(a)): By choosing to use the simulation, you consent to the minimal localStorage usage required for the games to function.

Given that no personal data is collected or processed on our servers, the scope of data processing is negligible.

5. Data Retention

Since all user-facing data is stored client-side in your browser:

• You control your own data. All game data exists only in your browser's localStorage.
• We retain nothing. No user data is stored on our servers beyond standard web server logs (14-day retention).
• Deletion is immediate. Clearing your browser data or localStorage removes all simulation data permanently.

How to Delete Your Data

1. Open your browser's Developer Tools (F12 or Ctrl+Shift+I).
2. Navigate to the Application or Storage tab.
3. Select "Local Storage" and find entries for this domain.
4. Right-click and select "Delete" or "Clear All."

Alternatively, use your browser's "Clear browsing data" function and select "Cookies and site data" or "Local Storage."

6. Your Rights Under GDPR

Under the General Data Protection Regulation (EU) 2016/679, you have the following rights. While most are not practically applicable given our minimal data processing, we list them for completeness and transparency:

6.1 Right of Access (Art. 15)

You have the right to obtain confirmation of whether personal data concerning you is being processed. As we do not store personal data on our servers, we can confirm that no personal data is held.

6.2 Right to Rectification (Art. 16)

You have the right to have inaccurate personal data corrected. Since all data is stored in your browser, you can modify it directly.

6.3 Right to Erasure (Art. 17)

You have the right to have your personal data deleted. You can exercise this right immediately by clearing your browser's localStorage for this domain.

6.4 Right to Data Portability (Art. 20)

You have the right to receive your data in a structured, machine-readable format. Your browser's localStorage data is already in JSON format and can be exported using browser developer tools.

6.5 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interest. You can exercise this right by simply not using the Service.

6.6 Right to Restriction of Processing (Art. 18)

You have the right to restrict processing of your data. As all processing occurs client-side, you have inherent control over this.

6.7 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. For the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority):

• Website: autoriteitpersoonsgegevens.nl
• Phone: +31 (0)70 888 8500

7. Children's Privacy

AcmetoCasino is intended for users aged 18 and older. While no real gambling takes place, the educational content discusses gambling systems and is designed for an adult audience.

We do not knowingly collect any personal information from children under 16 years of age (the GDPR age of consent for data processing in the Netherlands). Since we do not collect personal information from any users, this risk is inherently mitigated.

If you believe a child under 16 has provided personal data to us, please contact us at info@thebackendofluck.com and we will take steps to address the situation.

8. International Data Transfers

AcmetoCasino does not transfer personal data internationally. Since user data is stored exclusively in the browser's localStorage:

• No data is transmitted to our servers.
• No data is shared with third parties in any jurisdiction.
• No cross-border data processing occurs.

The only exception is the loading of Google Fonts, which involves requests to Google's servers. Google may process these requests according to their own privacy policy and data transfer mechanisms.

9. Data Security

We implement appropriate technical measures to protect the Service:

• TLS 1.2/1.3 encryption for all data in transit.
• Security headers (Content-Security-Policy, X-Frame-Options, etc.).
• Server hardening with fail2ban, SSH key authentication, and firewall rules.
• Automatic SSL certificate renewal via Let's Encrypt.

Since no personal data is stored on our servers, the security risk profile for user data is minimal. Your browser's localStorage is protected by your browser's same-origin policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

Since we do not collect email addresses or contact information, we cannot notify users individually of changes. We encourage you to review this page periodically.

Material changes that significantly affect user privacy (such as introducing server-side data collection) will be prominently announced on the main website.

11. Data Protection Officer Contact

For any questions, concerns, or requests related to data protection and this Privacy Policy, you may contact our Data Protection Officer:

• Email: info@thebackendofluck.com
• Subject Line: "Privacy / DPO Inquiry"
• Website: thebackendofluck.com

We aim to respond to all privacy-related inquiries within 30 days, as required by the GDPR.