GDPR and WebRTC – Webmasters Stack Exchange

What do I need to say on my website to cover GDPR rules, or the US equivalent?

I am in the process of nearly completing a small web-game that allows players to play each other using WebRTC. It is turn based … on the same kind of lines as chess.

One player hosts the game and gives a randomly generated code (billions of possibilities) to their mate they want to play. eg ABCDEFGHIJKL.

The Guest player types this code into their own computer and hey-presto, the two computers can talk to each other. All this magic is done through a server. The connection details are temporarily stored in the server’s ram, only for the time the game is being played. No other data (such as turn moves) goes through the server, that is all done machine to machine. The server is only used again if the connections are lost and the two laptops/phones need to work out how to connect to each other again.

A new code will be generated the next time the mates want to play the game. The old code is discarded and valueless shortly after the present game is terminated.

The connection details, ie the info needed for the laptops/phones to know how to send data to each other, are only stored on the server while the game is played. Those details are removed a short time afterwards.

The game is only really meant to be played between 2 players on different machines in the same room – such as mates. Theoretically two mates in different houses could email their code to each other.

I do nothing on my server to broker connections between people who do not know each other. The people playing the game have to know each other before hand and must both agree to the game.

So what do I need to say on my website to cover GDPR rules, or the US equivalent?