Privacy Policy

The BIG Games Index (the "Service") is operated by Big Games LLC ("Big Games", "we", "us", or "our"), a Delaware limited liability company and the creator of Pet Simulator 99. For privacy matters, Big Games is the data controller for personal information processed through the Service. You can reach us at support@biggames.io. This policy works alongside our Terms of Service.

The public database, wiki, and leaderboards can be viewed by anyone and do not require an account or collect personal information from visitors. Accounts and sign-in are limited to users 13 and older. The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Roblox likewise requires a 13+ account to authorize any third-party application, including ours.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it. If you are a parent or guardian and believe your child has provided us personal information, contact us at support@biggames.io and we will promptly delete it. Users between 13 and 17 should review this policy with a parent or guardian.

Account information. When you create an account we collect your email address (and a normalized form of it), whether your email is verified, and — if you set a password — a securely hashed version of it (we never store your password in plain text).

Google sign-in data. If you sign in with Google, we request the basic openid, email, and profile scopes and receive your email address, your Google account identifier, and whether your email is verified. We do not request access to your Gmail, Drive, Contacts, or any other Google service.

Roblox account data. If you sign in with or link a Roblox account, we receive and store your Roblox user ID, username, display name, and avatar image URL, along with the OAuth access (and, where applicable, refresh) tokens needed to fetch data you authorize. Those tokens are stored encrypted at rest.

Player game data (only with your consent). When you grant specific scopes — to us or to a third-party developer application — we fetch and cache the corresponding Pet Simulator 99 player data from Roblox on your behalf. Depending on the scopes granted, this can include profile and progression stats, currencies, mastery and achievements, inventory and equipped items, item index, trade history, booth activity, in-game mail, and extended profile data such as gamepasses, products, and Robux spent. We only access the views you have explicitly approved.

Session, device, and security data. We set a session cookie when you log in, and we record session timestamps. To protect the Service we log IP addresses and request metadata for rate limiting and abuse detection, and we keep audit logs of Player API access (which application accessed which scope, when, and from what IP).

Communications. We send transactional emails (email verification, security notices, and developer notifications) and keep records of them.

Developer information. If you register an application, we collect the app name, icon and homepage URLs, redirect URIs, declared scopes, a hashed client secret, and your acceptance of our Terms.

We use the information above to:

• Create and authenticate your account and keep you signed in.
• Provide the features you request, including player, clan, and league stats and the data views you have consented to share.
• Operate the developer platform and the Player API, including issuing tokens and enforcing the scopes a player has approved.
• Send transactional emails such as email verification and security alerts.
• Maintain the security and integrity of the Service — rate limiting, fraud and abuse detection, and investigating violations of our Terms.
• Comply with legal obligations and enforce our Terms.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the user-facing sign-in and account features of the Service.
• We do not sell Google user data, and we do not transfer it to third parties such as advertising platforms, data brokers, or information resellers.
• We do not use Google user data for advertising, including retargeting, personalized, or interest-based advertising.
• We do not use Google user data to train generalized artificial intelligence or machine-learning models.
• We allow humans to read Google user data only with your affirmative consent, when necessary for security or to comply with law, or where the data has been aggregated and anonymized.

We use Roblox account and player data only to operate the features you have authorized and to display the stats you have chosen to make available. We collect Roblox data with your consent and use it only for the purposes described in this policy. We do not provide your personally identifiable information to Roblox except as you direct or as expressly agreed with Roblox in writing, and we do not use the Service to assess Roblox's usage, revenue, or business. The Service is not affiliated with, endorsed by, or sponsored by Roblox Corporation.

We do not sell your personal information. We share information only in these limited ways:

• Third-party applications you authorize. When you approve a developer application's requested scopes on our consent screen, we share the corresponding player data with that application. The developer's own privacy policy governs their use of it. You can review and revoke these grants in your account settings.
• Service providers (subprocessors). We use trusted vendors that process data on our behalf: MongoDB Atlas (database hosting), Vercel (application hosting and Vercel Blob image storage), Resend (transactional email), Google and Roblox (authentication), and the BIG Games public game API at biggamesapi.io (public game data).
• Legal and safety. We may disclose information if required by law, to enforce our Terms, or to protect the rights, safety, or property of Big Games, our users, or the public.
• Business transfers. If Big Games is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.

We use a small number of strictly necessary cookies and local storage: a secure, HTTP-only session cookie to keep you signed in, short-lived state cookies during the Google and Roblox sign-in flows, and a theme preference stored in your browser. We do not use third-party advertising or analytics cookies, and the Service does not include third-party tracking or analytics scripts.

• Account data — kept until you delete your account or ask us to delete it.
• Sessions — expire after about 30 days.
• Cached player data — refreshed and retained only as long as needed for the consented feature, and generally no more than 30 days after a grant ends.
• Audit logs of Player API access — retained for about 90 days, then automatically deleted.
• Email verification tokens — valid for about 24 hours.
• Rate-limit records with IP data — kept only briefly (typically minutes, up to 30 days for abuse investigation).

We protect data in transit with HTTPS and apply technical and organizational safeguards. Passwords are stored as salted, peppered hashes; OAuth access and refresh tokens and Open Cloud credentials are encrypted at rest; client secrets and API keys are stored hashed; and access to systems is restricted. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Depending on where you live, you may have some or all of the following rights. To exercise any of them, email support@biggames.io; we will verify your request and respond within the time required by applicable law. You can also delete most data directly by unlinking accounts, revoking app grants, or requesting account deletion.

EEA / UK (GDPR). You have the right to access, correct, delete, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time. We rely on these lawful bases: performance of our contract with you (to provide accounts and features), your consent (for Google/Roblox data and player-data scopes), and our legitimate interests (security and abuse prevention). You also have the right to lodge a complaint with your local data-protection supervisory authority.

California (CCPA/CPRA). You have the right to know what personal information we collect and how we use it (described above), to request access to or deletion of it, to correct it, and to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law, and we will not discriminate against you for exercising your rights.

We operate in the United States, and our service providers may process data in the United States and other countries. If you access the Service from outside the United States, you understand that your information may be transferred to and processed in countries whose data-protection laws may differ from those of your country. Where required, we rely on appropriate safeguards for such transfers.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date above and, for material changes, take additional steps where required by law. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

For privacy questions or to exercise your rights, contact us at support@biggames.io or through biggames.io/contact.