joycheck.io

Privacy

JoyCheck Privacy: Zero Data, Verified in DevTools

Updated on 2026-05-26 by Taimoor Bamazai, founder of Elites Algorithm Limited (a registered tech company in Dublin, Ireland).

JoyCheck sends zero controller data anywhere. Every button press, analog reading, and vibration trigger stays inside your browser tab. The tester reads from the W3C Gamepad API the browser already exposes, writes to DOM elements only, and never opens a network connection for input. You can confirm this in DevTools in under a minute, without trusting our word for it.

Zero data sent EU · GDPR ▲ Open audit
01 · Claim

Zero data sent

JoyCheck does not transmit any controller data to any server. No analytics on the widget, no fingerprinting, no third parties.

02 · Mechanism

W3C Gamepad API

Every input is processed in-browser via navigator.getGamepads(). The browser handles USB/Bluetooth; JoyCheck never touches the network for input.

03 · Verify

Verifiable in DevTools

Open F12 → Network. Press any button. Five lines of network log; zero hits to joycheck.io for input events. See the verification block below.

DevTools · Network · verify the no-data claim
Chrome DevTools Network tab on joycheck.io showing 0 XHR, 0 fetch, 0 WebSocket requests, zero telemetry confirmed

F12 → Network → press any button. Zero requests from JoyCheck for input events.

TL;DR

Key takeaways

  • Zero controller data is transmitted to any server, ever.
  • All input handling runs in-browser through navigator.getGamepads() [1].
  • You can verify this yourself in DevTools, Network tab, in under one minute.
  • We operate from Dublin under GDPR. Access, deletion, and portability rights apply to any data tied to an account.

◆ Verified Open DevTools (F12), switch to the Network tab, press any button on your controller. Zero requests fire from joycheck.io for input events. Source: W3C Gamepad API specification.

01

Does JoyCheck collect any controller data?

No. JoyCheck does not transmit controller input to any server, ever. The tester reads from navigator.getGamepads() on every animation frame and writes only to DOM elements on the page. There is no fetch(), no XMLHttpRequest, and no WebSocket touching controller state.

In 15 years of building browser tools, I have not shipped a single line of code that sends gamepad input upstream from JoyCheck. The architecture would not survive a code review if it did, because the W3C spec lets us avoid the network entirely.

This separates us from a category of online controller-test sites that proxy input through their servers for analytics or A/B testing. Those sites can see every button you press while the tab is open.

JoyCheck cannot, by design. The full request-flow walkthrough lives on our how-it-works page, and the API itself is documented on the MDN Gamepad API reference.

02

How can I verify JoyCheck sends nothing?

Open your browser's DevTools, switch to the Network tab, and exercise the tester for thirty seconds. No requests fire from joycheck.io for controller input events, because the Gamepad API resolves entirely inside the browser process. The check below takes under one minute, requires no install, and works on any modern browser.

  1. Open joycheck.io in Chrome or Firefox.
  2. Press F12 or right-click and choose Inspect.
  3. Click the Network tab and clear the log.
  4. Press any button on your controller and exercise the sticks for 30 seconds.
  5. Watch the Network panel; no requests fire from JoyCheck for controller events.

You will see a small number of static requests on first page load: fonts, CSS, the page HTML itself. After that, the tab stays silent for as long as you test. Any future request that did appear would be immediately visible with full headers and payload.

03

What about website analytics and cookies?

JoyCheck the tester widget has zero analytics, zero cookies, and zero third-party scripts. JoyCheck the website has minimal standard logging: server access logs for security, the WordPress session and cache cookies the platform itself sets, and nothing else. There are no Google Analytics, Facebook Pixel, or remarketing trackers anywhere on the site.

  • Server access logs. IP address, user-agent, page requested, response code. Retained 30 days for security and abuse prevention. Never tied to widget activity.
  • No third-party advertising trackers. No Facebook Pixel, no Twitter pixel, no LinkedIn Insight Tag, no Google Ads remarketing.
  • No third-party analytics scripts. If we add page analytics in future, we will use a privacy-respecting platform such as Plausible or Fathom, both cookieless and EU-hosted, and disclose it here first.
  • WordPress session cookies. The site runs on WordPress, which may set session or caching cookies on certain page loads. These carry no tracking identifiers and are never shared with third parties.

For the broader product story, see our trust comparison page.

04

What changes if I sign up for the planned Pro account?

If we launch the Pro tier (saved controller profiles plus advanced DualSense metrics, around $5 a month), the data story shifts only for users who explicitly opt in at signup. The anonymous browser-only experience stays unchanged, and the free tester continues to operate without any account requirement.

Even for paying account holders, we store profile preferences (deadzone, calibration, layout name), never raw input streams. Profiles save locally first, in your browser.

  • Profiles save locally first in your browser (IndexedDB and LocalStorage).
  • Sync to an account server is opt-in only at signup.
  • Synced data is limited to deadzone settings, custom calibration values, and saved layout names. Input streams stay in-browser as today.
  • Account-level data is covered by the GDPR rights below.
05

What GDPR rights do I have?

We operate from Dublin, Ireland, so the General Data Protection Regulation applies. Every user gets the same three rights worldwide: access to any data tied to your email, deletion of that data on request, and portability in machine-readable JSON. We respond to a request within two business days at no cost.

  • Right of access (GDPR Article 15). Receive a copy of any data tied to your email within 30 days.
  • Right to erasure (GDPR Article 17). Delete any data tied to your email within 30 days.
  • Right to data portability. Receive your stored profiles in a machine-readable format (JSON).

Email support@joycheck.io for any of these requests, or use our contact page. We respond within two business days, on-record.

06

When did this policy last change?

This page was last updated on 2026-05-26. Material changes are noted at the top of the page with the new effective date, and we update this policy whenever we change what data the site or widget touches, not on a fixed schedule. The full terms-of-use are kept on the separate JoyCheck terms page.

FAQ

Frequently asked questions

Does JoyCheck work in incognito or private browsing mode?

Yes. The Gamepad API is available in both regular and incognito sessions across Chrome, Firefox, Edge, and Safari. Nothing about JoyCheck's behavior changes between modes because we never write to disk or transmit data in either case.

Does JoyCheck see my controller's serial number?

No. The Gamepad API exposes a generic id string (a vendor:product identifier like 054c:0ce6 for a DualSense) on the in-page Gamepad object, but JoyCheck never transmits this. It is read in-frame and used only to display the controller model name.

Can I use JoyCheck behind a VPN?

Yes. Since no requests fire from the tester, a VPN makes no difference to privacy and adds nothing to anonymity. We mention this because every privacy-aware audience asks.

What happens to my data if Elites Algorithm shuts down?

The free tester continues to work in any browser as long as the W3C Gamepad API exists, because it has no server dependency. If we ever cease operations, we would publish a 60-day notice and, for any future account holders, a one-click export of their stored profile data.

Who do I contact about privacy concerns?

Email support@joycheck.io. For formal GDPR requests, you can also reach the Irish Data Protection Commission directly. We cooperate with any such inquiry within statutory deadlines.

REF

Sources & references

  1. W3C Gamepad API specification, w3c.github.io/gamepad
  2. MDN Web Docs, “Gamepad API”, developer.mozilla.org/Gamepad_API
  3. Plausible Analytics privacy policy, plausible.io/privacy
  4. Fathom Analytics privacy policy, usefathom.com/privacy
  5. MDN Web Docs, “IndexedDB API”, developer.mozilla.org/IndexedDB_API
  6. GDPR Article 15, Right of access by the data subject, gdpr-info.eu/art-15-gdpr
  7. GDPR Article 17, Right to erasure, gdpr-info.eu/art-17-gdpr