Privacy Policy

Handheld (handheld.online) is a browser-based platform for playing retro and classic console games online. We respect your privacy and collect only what we need to run the service. This policy explains what data we collect, why, and how we handle it.

The data controller for personal information processed through Handheld is Web Relic LTD. You can reach us at hello@handheld.online for any questions about your data or to exercise your rights described below.

When you sign in with Google, we receive your name, email address, and profile picture from your Google account. This is used solely to identify your account and display your profile.

If you enable cloud sync, your save states and emulator settings are stored on our servers so you can access them across devices.

If you subscribe to the Supporter plan, our payment processor (Stripe) handles your card details directly — we never see or store them. We do store the Stripe customer and subscription IDs Stripe returns so we can mirror your subscription status (active / cancelled / past due) and grant the right tier of access.

We collect basic, anonymous usage analytics (page visits, browser type, country) through Google Analytics to understand how the site is used. We do not collect gameplay content, ROM files, or any record of which specific games you play.

Your Google profile information is used to authenticate your account and to display your name and avatar in the app.

Cloud-synced save states and settings are stored only to provide the sync feature you opted into. We do not analyze, share, or monetize this data in any way.

Subscription identifiers are used to determine your access tier, send billing-related emails (via Stripe), and respond to support requests about your subscription.

Analytics data is used in aggregate form only — to improve features, fix issues, and understand which parts of the site need more attention.

We process the data above on the following legal bases: performance of the contract you enter into by using the service (account authentication, cloud sync, subscription management); your consent (analytics, which you can decline by opting out of cookies in your browser); and our legitimate interest in keeping the service secure and operational.

All game data (ROMs, save states, settings) is stored locally in your browser by default using IndexedDB and the Origin Private File System. This data never leaves your device unless you explicitly enable cloud sync.

Cloud-synced data and account records are stored in our database and are tied to your user account. We retain the data while your account is active and delete it when you delete your account. Billing records held by Stripe are retained per Stripe's own policy and applicable tax law.

We rely on a small number of processors to run the service:

- Google (OAuth sign-in, Analytics) — Google's privacy policy applies. - Stripe (subscription billing) — Stripe's privacy policy applies; card data is sent to Stripe directly from your browser via Stripe Checkout and never touches our servers. - Sentry (error reporting, optional) — used to capture application errors so we can fix bugs. Configured to scrub personal data. - Libretro Thumbnail Repository — game cover art is fetched from a public CDN; no personal data is sent.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We will only disclose information if required to do so by law or in response to a valid legal request.

You have the right to access, correct, export, and delete the personal data we hold about you, and to object to or restrict certain processing. You can delete your account and all associated cloud data at any time from the Dashboard. You can disable cloud sync to keep all data local to your browser. You can clear local browser data at any time through your browser settings. For any other request, contact us at hello@handheld.online and we will respond within 30 days.

Our servers and processors may be located outside your country of residence. Where personal data is transferred internationally we rely on appropriate safeguards (such as Standard Contractual Clauses) to ensure the data continues to receive an adequate level of protection.

We use a minimal session cookie to keep you signed in. This cookie is essential for authentication and cannot be disabled while signed in.

Google Analytics sets its own cookies for anonymous traffic measurement. We do not use advertising cookies or third-party tracking pixels.

Handheld is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will remove it.

We may update this policy from time to time. Material changes will be announced on this page with an updated date. Continued use of Handheld after changes constitutes acceptance of the updated policy.

If you have questions about this privacy policy or how your data is handled, email us at hello@handheld.online.