login register

15 members already joined!

browse games rules contact

Privacy Policy

Last updated: 29 May 2026

This privacy policy describes how firebo.lt ("the site", "we", "us") collects, uses, and protects your personal data. firebo.lt is a tabletop RPG matchmaking platform serving players and Game Masters in Lithuania, Latvia, Estonia, and Finland.

1. Data we collect

1.1 Account data

When you register, we collect:

  • Username (display name) — shown publicly on listings, messages, and your profile
  • Password — stored as a one-way hash; we never see or store your plaintext password

You may also optionally provide:

  • Email address — used for account verification, password resets, and email-change confirmations; not shown publicly
  • Avatar image — resized to a maximum of 256 × 256 px and stored on our servers; shown publicly on your profile
  • Other information — such as custom information about yourself, contact information, and your homecity which is stored on our servers; shown publicly on your profile

Legal basis: performance of a contract (account registration and use of the service).

1.2 Listing data

When you post a game listing, we collect:

  • Listing title, game system, language, play format (online/in-person/hybrid), payment arrangement, number of seats, and a description
  • Scheduled game date and time
  • Location (latitude and longitude) — optional; used to display a map pin so players can see the approximate venue. This data is publicly visible on the listing.

Legal basis: performance of a contract (providing the matchmaking service).

1.3 Private messages

Messages you send to other users are stored in our database. You can delete messages you have sent. Message content is not shown publicly and is only accessible to the sender and recipient.

Legal basis: performance of a contract.

1.4 Analytics (server-side)

We run our own analytics system — we do not use any third-party tracking service.

For each visitor we store:

Data How it is used
A SHA-256 hash derived from your IP address, user-agent, and hostname Identifies unique visitors without storing raw IP addresses; the hash cannot be reversed to recover your IP
User-agent string Detects bots and understands browser/device types
Approximate geolocation (country, region, city, timezone) Derived from your IP address via the ip-api service; used to understand our audience
Abuse score Fetched from AbuseIPDB to detect malicious traffic
Pages visited and timestamps Understanding site usage
External referrer URL (only when originating from a different domain) Understanding how visitors discover the site

Legal basis: legitimate interests (security, spam/bot prevention, understanding site usage). We balance this against your privacy interests by hashing IP addresses rather than storing them in plain text.

1.5 Contact form

When you use the contact form, we collect your name, email address, and message text. This information is forwarded to the site administrator by email and is not stored long-term in the database.

Legal basis: legitimate interests (responding to user enquiries).

2. Who we share data with

We share data with the following processors only to the extent necessary to operate the site:

  • ip-api.com — receives your IP address to resolve approximate geolocation for our internal analytics.
  • AbuseIPDB.com — receives your IP address to retrieve an abuse score used for bot and spam detection.

We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.

We may disclose data if required to do so by law or a binding legal process.

3. How long we keep your data

Category Retention
Account data (username, email, password hash) Until you delete your account
Avatar Until you remove it or delete your account
Additional account data (email, additional info) Until you delete your account
Listings Closed listings are retained for a reasonable period for platform integrity
Private messages Until you and the other party delete them
Analytics (visitor hash, geolocation, user-agent) Retained for a reasonable operational period
Analytics hit log (page views) Retained for a reasonable operational period
Contact form messages Not retained in the database; email retention depends on the administrator's email client

4. Security

We take reasonable technical and organisational measures to protect your data, including:

  • Password hashing (plaintext passwords are never stored)
  • HTTPS for all traffic
  • Honeypot and timing-based bot protection on registration and contact forms
  • Rate limiting on requests
  • IP-based abuse scoring to block malicious actors
  • Restricted directory access via .htaccess files.

5. Children

This site is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us and we will delete the account.

6. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page will always reflect the most recent revision. Significant changes will be communicated via a site notice.

7. Contact

For any questions, requests, or concerns about this privacy policy or your personal data, please contact Flavius via personal messages, the contact links in the profile, or using the contact form.