One of the most important requirements of a game platform such as the one we've created at Greenleaf Creations is the ability to identify players securely, while not creating unnecessary complexity or hassle when logging in.

In order to accomplish this, Greenleaf Creations uses existing identity providers (referred to as "IdPs" for short) like Google, Apple, Facebook, and others, rather than asking you to create a separate Greenleaf Creations password. These companies have invested tons of time and effort in building secure authentication mechanisms, and have lots of features which we get to take advantage of by using their authentication services instead of building our own, such as password management, two-factor authentication, secure passkeys, anti-fraud, and anti-hacking measures.

However, Greenleaf Creations is also hyper-focused on protecting your privacy and making sure that there is no way your information can be leaked from our database. In order to achieve that, our game platform is built so that we don't store your personal data when you log in.

Instead of recording your name or some other human-readable identifier, we create a player ID using a cryptographically secure hash function. This hash function takes your IdP's name (let's say "google" in this example), and the unique identifier that your IdP uses to identify you (in the case of Google, this is your e-mail address) and produces a unique identifier.

For example, my own player ID is calculated using this formula:

sha256("google:tim@greenleaf.nu")

Which results in the following hashed value:

SV5rJ8NcnZeV5uvLltnmvUk2PVz2y58VXoxwyt3gnW4=

That hashed value is what gets stored in our database. Because of the way the SHA256 function works, it's not possible to decode this value back into its original data. So, even if we published our entire database, or if an attacker got access to it, there is no way anyone would be able to figure out what our player's identities are. While it would be possible to figure out if a specific IdP identity had a player profile or not, it would not be possible to extract a list of all our player's identities.

This solves the problem of storing potentially sensitive data in our database, but we also needed to implement something that allows us to comply with the GDPR Right to be Forgotten without breaking features like leaderboards.

To accomplish this, we use an intermediary database table that maps player's IdP identities to random 256-bit UUIDs, which are used in the the game results tables that store all the history of the games you've played. This intermediary table also contains your player name, avatar, and title.

If you invoke your right to be forgotten, we remove the row in the intermediary table that maps your IdP-based player ID to your player profile and game results. The game results stay in place, but your player name, avatar and title are no longer available, so leaderboards will show "Anonymous Player" instead of your actual profile name. Even if you decide to log back in to Greenleaf Creations at a future date, your old game history will not be re-associated with your new player profile.

This additional intermediary table also allows you to bind your player profile to multiple IdP identities. So, for example, if you have a Google account and an Apple ID, you can link those together, and use either to log in to our games and get access to your data. This also means that if you start with a Google account and later switch to an Apple ID, you can link your new Apple ID to your player profile, and then remove your Google account, and not lose access to any of your game data.

Another consequence of this design is that we do not have access to your e-mail address, so we can't send you e-mail unless you specifically ask us to, for example when you open a support request.

This kind of attention to detail and focus on privacy and security is one of the things that sets Greenleaf Creations apart from a lot of the other app developers who make games.

We built our platform this way because we believe privacy matters, especially when it comes to games that kids play, and we don't need your personal information to deliver an exceptional gaming experience.