Last updated: June 24, 2026
During the current beta, we do not offer paid purchases and do not collect payment card details.
1. Introduction
Ai.Libi ("we," "our," or "us") operates https://www.ai-libi.com and related services (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights available to you.
For privacy requests (access, correction, deletion, or portability), contact us using the details in Section 14.
1.1 Data Controller
Under the GDPR, the data controller responsible for your personal data is:
- Controller: Matteo Cadei
- Address: Via Silvio Pellico 8, 73020, Uggiano La Chiesa, Italy
- Privacy contact: ailibisolvethecase@gmail.com
2. Information We Collect
2.1 Information You Provide
- Nickname or display name used in game rooms
- Email address when you create an account, sign in with Google, or join our waitlist / newsletter
- Room names, investigation progress, and game session data
- Chat messages, NPC questions, story submissions, and evidence-board activity
2.2 Automatically Collected Information
- Device fingerprint derived from browser characteristics (hashed locally) for guest sessions, rate limiting, and abuse prevention
- IP address, browser type, operating system, and language settings
- Pages viewed, features used, game events, and performance metrics
- Server-side beta analytics: game funnel events, hashed device fingerprint, room/player identifiers, and truncated NPC questions stored in PostgreSQL
- Cookies, local storage, and similar technologies (see our Cookie Policy)
- Server and application logs from our Railway-hosted backend
2.3 AI Processing Data
When you interact with AI-powered NPCs or use AI story features, your prompts and related game context may be transmitted to third-party AI providers (such as OpenAI, Anthropic, Together AI, and ElevenLabs) solely to generate in-game responses, narrative content, or media. Do not submit sensitive personal data in game chat.
3. How We Use Your Information
- Provide, operate, and improve the multiplayer mystery game experience
- Enforce free usage limits and prevent abuse
- Enable real-time rooms, WebSocket communication, and session persistence
- Authenticate users via email or Google OAuth and link guest sessions to accounts
- Manage waitlist sign-ups and product updates you request
- Monitor reliability, debug errors (with consent where required), and analyze aggregated usage
- Detect fraud, abuse, and security incidents
- Respond to support requests and send service-related communications
4. Legal Basis for Processing (EEA/UK)
- Contract: to deliver the Service you request, including multiplayer sessions
- Consent: for non-essential analytics (Sentry in the browser), marketing emails, and optional cookies
- Legitimate interests: security, fraud prevention, service improvement, and guest session management
5. How We Share Information
We do not sell your personal information. We share data only as described below:
- Other players in your room see your nickname, messages, and shared investigation content
- Infrastructure and subprocessors that help us run the Service (listed in Section 12)
- AI providers receive prompts and context needed to generate game responses
- Authorities or parties when required by law or to protect rights, safety, and security
- A successor entity in connection with a merger, acquisition, or asset sale
6. International Data Transfers
We and our subprocessors may process data in the European Economic Area, the United Kingdom, and the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses and vendor data-processing terms. Vercel hosts the frontend; Railway hosts the backend, PostgreSQL, and Redis; several AI providers are US-based.
7. Data Retention
We retain data only as long as necessary for the purposes below:
- Active game sessions (Redis): up to 30 days after last room activity
- Chat messages and story submissions: up to 90 days
- Account profile and game metadata (PostgreSQL): for the life of the account plus a reasonable wind-down period
- Waitlist / newsletter emails: until you unsubscribe or request deletion
- Browser-stored fingerprints: until you clear site data
- Error and performance data (Sentry): up to 90 days
- Beta funnel analytics events (PostgreSQL): up to 12 months during beta, then reviewed or deleted
- Truncated NPC question logs for beta analysis (PostgreSQL): up to 12 months during beta, then reviewed or deleted
8. Data Security
We use HTTPS, access controls, hashed identifiers where appropriate, and reputable hosting providers. No method of transmission or storage is completely secure; please use a strong, unique password if you create an account.
9. Your Privacy Rights
Depending on your location, you may have the right to:
- Access a copy of personal data we hold about you
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Restrict or object to certain processing
- Receive portable data in a structured format
- Withdraw consent for analytics or marketing at any time
- Lodge a complaint with your local supervisory authority (EEA/UK users)
California residents may also request disclosure of categories of data collected, request deletion, and opt out of "sale" or "sharing" as defined by CPRA. We do not sell personal information.
To exercise these rights, email ailibisolvethecase@gmail.com. We respond within 30 days and may verify your identity.
10. Cookies and Similar Technologies
We use essential cookies and local storage for sessions, authentication, and game state. Analytics cookies (including browser-side Sentry, Vercel Web Analytics, and Speed Insights) are loaded only after you consent. See our Cookie Policy.
11. Children's Privacy
The Service is not directed to anyone under 16. We do not knowingly collect personal data from anyone under 16. Contact us if you believe someone under 16 has provided data and we will delete it.
12. Third-Party Services and Subprocessors
We use the following categories of providers:
- Vercel: Frontend hosting, CDN, Web Analytics, and Speed Insights. Privacy Policy
- Railway: Backend API hosting. Privacy Policy
- PostgreSQL (via Railway): Persistent account and game metadata storage. Privacy Policy
- Redis (via Railway): Real-time game sessions, caching, and waitlist data. Privacy Policy
- Sentry: Error tracking and performance monitoring (browser, with your consent). Privacy Policy (browser only, with consent)
- PostHog: Product analytics, funnels, and optional session replay (browser, with your consent). Privacy Policy (browser only, with consent)
- Google: Optional OAuth sign-in. Privacy Policy
- OpenAI: AI text, image, and audio generation for game content. Privacy Policy
- Anthropic: AI narrative and NPC dialogue generation. Privacy Policy
- Together AI: AI model inference (fallback provider). Privacy Policy
- ElevenLabs: AI voice generation for character audio. Privacy Policy
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Continued use after changes become effective constitutes acceptance where permitted by law.