Short version: we don't want your data. We collect the minimum needed to keep the site working and fair, never sell it, and give you full rights to see, correct or erase whatever's tied to you.
Who we are
This site is operated by BAM.LI. For the purposes of UK GDPR and the EU GDPR we are the data controller. You can reach us at [email protected] or via the contact page.
What we collect — and why
BAM.LI works without any account. We don't have signup forms, profiles, or password resets. The data we touch is limited to the minimum needed to make the site fair, fast, and abuse-resistant.
| What | Why | How long |
|---|---|---|
| IP address (hashed) | To prevent abuse and apply per-visitor limits. We never store your raw IP — it is one-way hashed before any record is written, and only the hash is kept. | Up to 30 days for limit windows; permanent only as part of anonymised aggregate counts. |
| Country code | To assign your tap to a country leaderboard and credit a steal to a country. Two letters only (e.g. GB, US). |
Permanent on aggregated counts. |
| Anonymous browser identifier | A random identifier stored locally in your browser so we can apply per-visitor limits without a login. We never see your name or device. | Stays in your browser's local storage until you clear it. |
| Names / messages you submit | To display on the throne and in “previous holders”. You choose what to put here. | Permanent unless you ask us to remove a specific entry. |
| Aggregate click counts | Total taps per country, total taps globally. Pure numbers, no link to any one user. | Permanent. |
| Anti-bot signal | An invisible challenge issued by a third-party anti-bot provider to confirm requests are coming from real browsers, not automated scripts. | Per-request only. Not stored. |
What we don't collect
- Your real name, email, phone number, or address.
- Your contacts, photos, files, or any device permissions.
- Cross-site tracking IDs or third-party advertising profiles linked to you.
- Browsing history outside BAM.LI.
Cookies and similar storage
We use the absolute minimum. The site does not show a cookie banner because we don't drop tracking or marketing cookies by default. Specifically:
- Strictly necessary (always on): a small amount of browser local storage to apply per-visitor limits and remember your country. Both are read only by our own pages and never sent to third parties.
- Anti-bot: our anti-bot provider may set short-lived cookies on its own challenge domain. These are operational only and used solely to distinguish humans from automated scripts.
- Analytics (planned): if we add analytics, we will use a privacy-first provider (no cookies, no cross-site tracking, no personal data shared). This page will be updated if that changes.
- Advertising (planned): if and when display advertising launches, those ads may set their own cookies and use them for measurement and personalisation. If that happens, we will ship an explicit consent banner for users in the UK / EU / California, and respect "Do Not Track" / "Global Privacy Control" headers automatically.
Legal basis (UK / EU GDPR)
- Legitimate interests — for the minimal hashed-identifier data needed to enforce fair play.
- Consent — for any future advertising or non-essential analytics cookies. We will ask before we set them.
- Performance of a service — for the names, messages and country codes you submit, since they are the entire point of using the site.
Your rights (UK & EU residents)
Under UK GDPR and the EU GDPR, you have the right to:
- Access any data we hold that's identifiable to you.
- Correct inaccurate data we hold.
- Erase ("right to be forgotten") your data, including specific names or messages on the throne.
- Object to our processing on legitimate-interest grounds.
- Restrict processing while we resolve a dispute.
- Withdraw consent at any time, where consent was the basis.
- Lodge a complaint with the UK Information Commissioner's Office or your local EU supervisory authority.
Email [email protected] with the subject "Data request" and include enough detail to identify the entry (e.g. the exact name and approximate timestamp on the throne). We aim to respond within 30 days, free of charge.
Your rights (California residents — CCPA / CPRA)
If you live in California you have the right to:
- Know what personal information we collect, where it came from, why we collect it, and who we share it with.
- Delete personal information we hold about you (subject to legal exceptions).
- Correct inaccurate personal information.
- Opt out of sale or sharing of personal information — though for clarity, we do not sell or share personal information for cross-context behavioural advertising.
- Limit use of sensitive personal information — we do not collect any sensitive personal information as defined by the CPRA.
- Non-discrimination — we won't deny you the service or charge you differently for exercising any of these rights.
To exercise any California right, email [email protected]. We may need to verify the request matches activity originating from your IP / browser session.
International transfers
Our database is hosted within the EU. Static pages may be cached and served from a global edge network, including servers outside the UK / EEA. Any transfer outside the UK or EEA relies on Standard Contractual Clauses and adequacy frameworks where applicable.
Children
BAM.LI is suitable for general audiences but is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has submitted information, please email [email protected] and we will remove it.
Security
We use industry-standard transport encryption (HTTPS / TLS) and apply input validation and one-way hashing where appropriate. No system is perfectly secure — if you discover a vulnerability, please report it responsibly to [email protected].
Changes to this policy
If we materially change how we handle your data, we'll update the "last updated" date above and post a brief note at the top of this page for at least 14 days.
Contact
Email [email protected] for any privacy question, including data access, deletion, complaint, or general curiosity. We read every email.