Privacy at Boardless
Last updated: 14 July 2026
Boardless turns a shared screen and everyone's phones into a board game table. This page explains what we actually collect (very little), where it lives, and when it disappears. No legalese, just the facts.
The short version
- Players never create accounts. A room code and a nickname is all it takes.
- Hosts sign in with Google only to start a table. We receive your name, email address and avatar picture, nothing more.
- Games, chat and scores live in the game server's memory and vanish when the table closes. Nothing is recorded.
- No analytics, no advertising, no tracking. One cookie, and it is about cookies.
Hosts: signing in with Google
Starting a table needs a signed-in host, so tables cannot be created anonymously in bulk. Sign-in runs through Supabase, our identity provider, using your Google account. From that we receive your name, your email address and the web address of your Google profile picture. Supabase stores those details for us; we use them only to confirm who is starting a table, to show your name to you while you are signed in, and to apply fair-use limits. We do not email you, sell your details or share them with anyone else.
Players: no account, no email
Joining a game asks for a room code and a nickname. The nickname is shown to everyone at your table, exactly as you typed it, and that is the whole story. We never ask players for an email address, a password or anything else.
Your games are not recorded
Game rooms, the in-game chat and everything that happens during play live only in the memory of the game server while the table is open. When the table closes, or everyone leaves, it is gone. There is no database of past games, no chat logs and no play history. The server also briefly uses your device's IP address in memory to apply rate limits that stop abuse; it is not kept afterwards.
What we keep on your device
Boardless sets exactly one cookie: cc_cookie, which remembers your answer to our cookie banner for about six months. The rest is ordinary browser storage that stays on your device; we cannot read it remotely, and clearing your browser data removes all of it:
- Host sign-in session: kept on the device so a host stays signed in between visits (for Google sign-in this is stored by Supabase's library; the local dev sign-in uses its own token). Removed when you sign out.
- Reconnection token: a per-tab token that lets you rejoin your seat if you refresh or briefly lose connection. It lives only for that tab and disappears when the tab closes.
- Music preference: whether you turned the lobby music on or off.
- Character preference: the character or avatar look you last picked, so the table remembers you next time.
- Cookie banner choice: the one cookie described above.
- Two housekeeping notes: a per-tab cached copy of the server's sign-in settings, and a one-shot note of which game you picked when hosting, which is read once and immediately removed.
No analytics, no advertising
We run no analytics, no advertising networks and no tracking pixels. There is no Google Analytics, no social media pixel and nothing watching how you play. If that ever changes, we will update this policy first and the cookie banner will ask you again before anything new is set.
Who else is involved
Two third parties, both only when a host signs in: Google (the sign-in itself) and Supabase (which handles the sign-in and stores host accounts). Players joining a table talk only to our game server. The fonts, artwork and code are served by us, not from third-party networks.
Your choices
Hosts can stop using Boardless at any time; ask us and we will have your account details removed from Supabase. Players have nothing to delete, because nothing was kept. You can clear the on-device storage listed above through your browser's settings whenever you like.
Questions
The quickest way to reach us is through our Buy Me a Coffee page, which takes messages without requiring a purchase. When we change this policy, the date at the top changes with it.