Privacy Policy
Last updated: April 7, 2026
NewRock Solutions OÜ ("we", "us", "our") operates the online mind-games platform vint.ee. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have over it.
1. Data Controller
NewRock Solutions OÜ
Email: [email protected]
Website: https://vint.ee
2. Data We Collect
2.1 Account data
When you register you provide:
- Username
- Email address
- Password (stored in hashed form)
You may optionally add to your profile:
- First and last name
- Date of birth
- Country / location
- Gender
- Profile picture
For Verified accounts
We store also your first name, last name and country. This information will be only visible to other verified users.2.2 Activity data collected automatically
- IP address (stored at last login and in the login history log)
- Login method and timestamp (username/password, Google, or Facebook)
- Game results, ratings, and statistics
- Chat messages sent inside game rooms
- Forum posts
- Browser / device information collected by Google Analytics (see §5)
2.3 Payment data
When you purchase credits or a VIP subscription we record the transaction amount, currency, product purchased, and payment status. Bank-transfer payments are processed via Swedbank; card payments via Stripe. We do not store full card numbers or bank account credentials ourselves — these are held by the respective payment processor.
2.4 Push-notification subscriptions
If you allow browser push notifications we store the push endpoint URL and encryption keys provided by your browser. You can revoke this at any time through your browser settings or your vint.ee notification preferences.
3. How We Use Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing and operating the platform (account, games, chat) | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails (password reset, email verification, private-message notifications) | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and managing credits | Performance of a contract (Art. 6(1)(b)) |
| Sending newsletters and birthday messages (if opted in) | Consent (Art. 6(1)(a)) |
| Security: detecting abuse, banning accounts, login monitoring | Legitimate interest (Art. 6(1)(f)) |
| Analytics: understanding how the platform is used | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Cookies
| Cookie name | Purpose | Duration |
|---|---|---|
NewRockCMS | Session identifier (required for login) | Session |
vintlogin | Persistent "remember me" login token | 100 days |
vintlocale | Stores your language preference | 182 days |
oauth_remember_me | Maintains Google / Facebook login state | Session |
Google Analytics cookies (_ga, _gid, …) | Aggregate usage analytics (set by Google) | Up to 2 years |
You can disable non-essential cookies in your browser settings. Disabling the session or login cookies will prevent you from staying logged in.
5. Third-Party Services
- Google Analytics (GA4) — collects anonymous usage statistics. Google's privacy policy: policies.google.com/privacy.
- Google OAuth — optional "Sign in with Google" login; we receive your Google email address.
- Facebook / Meta OAuth — optional "Sign in with Facebook" login; we receive your Facebook email address.
- Google reCAPTCHA v2 — used on the registration form to prevent automated sign-ups.
- Google Fonts — font files loaded from Google's servers; your IP is transmitted to Google.
- Swedbank — processes Estonian bank transfers. Swedbank's privacy notice: swedbank.ee.
- Stripe — processes credit / debit card payments. Stripe's privacy policy: stripe.com/privacy.
- Cloudflare — CDN and DDoS protection; your IP address passes through Cloudflare's network. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
6. Data Retention
We retain your personal data for as long as your account is active. If you delete your account, your personal identifiers are anonymised within a reasonable time. Payment records may be retained for up to 7 years to comply with Estonian accounting law. Login and email logs are retained for security purposes for up to 2 years.
7. Your Rights
Under the GDPR you have the right to:
- Access — obtain a copy of the personal data we hold about you.
- Rectification — correct inaccurate data in your profile settings.
- Erasure — request deletion of your account and personal data.
- Restriction — ask us to stop processing your data in certain circumstances.
- Data portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interest (e.g. marketing).
- Withdraw consent — unsubscribe from newsletters at any time via your account settings.
To exercise any of these rights, or to request deletion of your data, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).
8. Data Security
We use HTTPS (TLS) for all data in transit and access controls to limit who can view personal data internally. Passwords are stored in hashed form and are never transmitted in plain text.
9. Children
The platform is open to users of all ages. Users under 16 should have parental consent before registering. We do not knowingly collect data from children under 13 without parental consent.
10. Changes to This Policy
We may update this policy from time to time. When we do, the "Last updated" date above will change. Continued use of vint.ee after changes constitutes acceptance of the revised policy.
11. Contact
Questions about this Privacy Policy? Email us at [email protected].