This is the internet, so yeah, we know the IP that hits the server.
It is a personal hobby project with no lawyers around. If you think we are doing something wrong, please say it, don't sue.
It can be used without the user providing any really personal information, such as email address, real name or address.
It can be used with the user providing their e-mail address. This e-mail address can be used for Play-by-email games. It is also needed to sign up and keep your games more or less public, but it doesn't have to be a real e-mail address.
It allows you to enter a player name when starting a game, to personalize your game experience.
That name, along with a password and some config options are also saved in your browser. If it is a public device, you user and password for the game are also public. You may remove that info and the only consequence would be that you'd have to reenter it the next time you play.
We use Track.js to detect and log Javacript errors.
We use Google reCAPTCHA in signups and password resets to prevent spam. That means Google collect some information. Per their policy for this service, that is only used to give the service and enhance it, not for their personalized ads.
The servlets use a session cookie: JSESSIONID. As its name implies, it dies with the session. We are not currently using it for anything, and it may be removed some day.
Support for the game is provided by mailing lists and online forums.
If all of GDPR and similar laws apply to this site... Well... Erm... We are not keeping records of consent to save and process personal information, for example. On the other hand, you are not required to give it. Again, read the other points here. Even if you sign up for play-by-email games, we don't need a real name and you can set up a mail address just to play here. I think that only leaves the IP, and you can use a proxy for that. Oh, and what you write in the game may be saved in the savegame. You can delete them, and you should not publish personal information in random chats.