← Back

Last updated: December 14, 2025

Privacy & Cookie Policy

This page explains how AtroPELLO Games (Oshura Domo) handles personal data when you access the landing and its related domains.

1. Controller

Owner: Oshura Domo (AtroPELLO Games). Contact: obfuscated email shown inside the "Legal" section.

2. Data & purposes

Overview
Source Data Purpose Legal basis
AWS Cognito ID Token, Access Token, `username`, `email`, alias Authenticate users and enable saves/sessions Pre-contractual steps / legitimate interest
`atropello-session` cookie Signed copy of the ID Token + alias Share the session across AtroPELLO domains Legitimate interest
`session.cookie.hmac.v1` Local HMAC key Sign/verify the shared cookie Legitimate interest (security)
`auth.return.state` Allowed return URL + `state` token Complete secure redirects Legitimate interest
`game.logging.v1` Logging preferences Enhance the interface experience Implied consent
Saved Games Identity + tokens while calling REST endpoints Sync slots (once the API is live) Pre-contractual steps

We do not collect personal analytics nor install third-party trackers. Game metrics are shared only with each studio.

3. Cookies & storage

  • `atropello-session`: 1-hour lifetime, domain `.atropello-games.es`, `SameSite=None`, `Secure`.
  • `session.cookie.hmac.v1`: derived key stored in localStorage.
  • `game.auth.session`, `auth.return.state`: sessionStorage entries to avoid re-login after refresh.
  • `game.logging.v1`: optional debugging preferences.

No third-party cookies, behavioral ads, or commercial profiling are used.

4. Legal bases

We execute the requested service (access & saves), rely on legitimate interest to keep our sessions secure, and store optional preferences with implied consent.

5. Retention

Cognito tokens expire in about one hour and vanish upon logout. You may clear localStorage/sessionStorage anytime.

6. Sharing

AWS (Cognito) runs in `us-east-1`. We do not sell or disclose data outside the AtroPELLO ecosystem.

This relationship is governed by Spanish law and the courts of Barcelona.

7. Rights

To exercise your rights (access, rectification, erasure, etc.) email the address shown in the Legal section and include the approximate date plus your Cognito email. You may also contact the Spanish Data Protection Agency.

8. Shared metrics

Each studio receives aggregated stats (downloads, active sessions, created slots). They never include emails or personal identifiers.

9. Updates

We will publish any change together with the updated date. Continued use of the site implies acceptance.