Last updated: 20/02/2026
1. Introduction
The bird song recognition game (hereinafter "we", "our", "us") is committed to protecting users' personal data. This policy describes the data processed, the purposes, the retention periods, and your rights.
2. Data processed
When creating and managing an account, we process in particular:
- Identifier (username in the format Species_Number)
- First name, last name, email address
- Country, language, communication preference
- Password in hashed form (never in clear text)
When using the game, we also process:
- Scores, results, progress, statistics and rankings
- Level, region, continent and game language
- Technical session data (session ID, login timestamps, expiration, last activity)
- Security and anti-abuse data (IP address, user-agent, request limiting, login attempts)
- Technical tokens (registration validation, password reset)
In anonymous mode, no account is created. Completed series may still feed technical usage logs.
3. Purposes
Processing is carried out in order to:
- Provide the service (login, progress tracking, score saving, rankings display)
- Secure the service (authentication, abuse prevention, error diagnostics)
- Handle user requests (registration, profile, forgotten password)
- Produce internal usage statistics, without advertising purpose
4. Legal basis
- Performance of the service: account, login, scores, progress
- Consent: optional communications if you accept them
- Legitimate interest: security, abuse prevention, technical improvements
5. Cookies, local storage, and similar technologies
The game uses strictly necessary trackers for operation and display preferences:
- session_id: session cookie to keep you logged in
- ui_lang: interface language preference cookie (maximum duration: 12 months)
- Learning display preferences: browser local storage (and fallback cookie) to remember image and option-text display settings
The game does not use advertising cookies and does not perform cross-site tracking for marketing purposes.
6. Data retention
- Accounts, scores and statistics: automatic deletion after 1 year of continuous inactivity
- Sessions: short technical retention, until session expiry then cleanup
- IP-based anti-abuse limiting: short technical window (about one hour)
- Password reset tokens: valid for 24 hours
- Game usage logs: monthly technical log files kept for operations and security, then removed during maintenance cycles
7. Recipients
Data is neither sold nor rented. It is accessible only to authorized persons for technical administration and support.
8. Security
We implement appropriate security measures (HTTPS, hashed passwords, access controls, anti-abuse protections).
9. Your rights
Under GDPR, you have rights including access, rectification, erasure, restriction, objection, and portability. You may also withdraw consent for optional communications.
You can exercise your rights via the site's contact form.
10. Complaint
If you believe your rights are not respected, you may lodge a complaint with the competent supervisory authority (CNIL).
11. Changes
This policy may change. The update date is displayed at the top of this page.
12. Contact