Website usage data
Like most websites, the site may log IP address, browser or device metadata, and security events needed for troubleshooting and abuse prevention.
Privacy Policy
A plain-English look at what data is used and why.
This page explains how the live site and in-person cafe operations handle data today. If those workflows change, this policy should change with them.
Contact Data
Only when needed
Staff may collect names or contact details for receipts, support, or guardian coordination.
Payment Data
No full card storage
Full card details are handled by payment processors rather than stored on cafe servers.
Retention
As required
Retention depends on whether the record is financial, operational, or needed for a dispute.
Deletion Requests
Redaction where possible
Required financial and dispute records may remain after optional details are redacted.
Collection
What we collect
The categories below reflect the public website and in-person cafe operations.
Visit details
In-person records may include customer name, optional contact details, setup type, play duration, payment total, and staff notes needed to run the floor.
Guardian and player data
For younger guests, player names or adult contact details may be recorded only when needed for operational clarity.
Payment records
Receipts and payment records may include totals, tax, payment status, and processor references. Full card numbers are not stored by cafe servers.
Use
How we use your information
Personal information is used to run in-person sessions, handle receipts, and keep operational records accurate.
Cafe operations
We use information to seat guests, track paid time, support staff handoffs, and answer visit questions.
Receipts and support
Contact details may be used for receipts, refund questions, dispute support, or follow-up requested by the guest.
Support and issue resolution
Payment status, duration, setup details, and operational notes may be used to resolve disputes, refunds, equipment issues, or other support needs.
Security and fraud prevention
We use website, payment, and operational data to reduce abuse, investigate suspicious activity, and protect guests, staff, and cafe systems.
Providers
Services that help run the experience
Some parts of the product depend on third-party services. Their role is limited to the part of the workflow they support.
Cloudflare
Cloudflare hosts the site and supports infrastructure like Workers, D1, Queues, and related platform services.
Payment processors
Payment processors handle card payment authorization and related processor records. JB Gaming Cafe does not store full payment card details on its own servers.
If you open a directions link or map card on the site, Google may receive the address you choose to open.
Minors
How guardian and child data is handled
The cafe is designed to minimize child data and keep an adult responsible whenever younger players are involved.
No child website identity
Players under 13 do not need a public website identity to play.
Guardian remains the contact
For under-13 players, the parent or guardian is the contact point for payment, refunds, conduct, and pickup questions.
Only needed child data
Child or player names are collected only when operationally necessary and are treated as optional operational data.
Public site and operator tools
The public site avoids exposing station details, while protected operator tools only surface what is necessary to run the floor.
Retention
How long data is kept
Different categories of information have different retention windows because some records are required for financial compliance, dispute support, or operational audit history.
Financial and visit records
Financial snapshots, payment totals, refund records, and audit logs may be retained for financial compliance and dispute support.
Optional operational fields
Fields such as customer phone, player names, and staff notes may be redacted or deleted when they are no longer needed, unless tied to an unresolved dispute, refund, or legal hold.
Temporary operational data
Temporary operational data may be cleared after the main service and dispute windows pass.
Guardian and child data
Minor-related data follows the same minimized retention approach and is kept no longer than necessary for the visit and retention rules above.
Requests
Deletion and redaction requests
Privacy requests are handled with the understanding that some data can be removed while other records must be preserved for legal or financial reasons.
Deletion requests
When possible, deletion requests remove or redact optional non-financial data.
Records that may remain
Required visit, payment, refund, and audit records may remain because those records support financial compliance, fraud review, and dispute handling.
Active dispute limits
Open disputes, refunds, chargebacks, or legal holds may delay deletion or redaction.
Policy changes
If retention rules or operational workflows change, this page should be updated alongside the product behavior so the public explanation stays accurate.
Security
Security measures and policy updates
No system can promise perfect security, but the platform includes layered controls to protect customer and operational data.
Access control
Protected operator tools are separated between admin and owner surfaces, with Cloudflare Access gating entry before the app loads and the app itself limiting owner-only pages.
Payment safeguards
Payment records use processor references and operational reconciliation to keep money and visit records aligned.
Operational auditability
Sensitive actions like manual check-ins and visit note changes create audit records inside the protected admin system.
Page updates
This privacy page is updated whenever public website or cafe operations change in a way that affects personal data.
Last Updated
May 30, 2026
This page reflects the current live privacy behavior. If public website, payment, or retention workflows change, this page should be revised alongside those changes.