Privacy Policy
Effective Date: January 1, 2026
Your privacy is important to us. This Privacy Policy explains how Starlightweave Labs collects, uses, stores, and protects your personal data when you use Aetherweave Gambit. We are committed to GDPR compliance and transparent data practices.
1. Introduction
This Privacy Policy applies to all users of Aetherweave Gambit and related services operated by Starlightweave Labs. It describes our practices regarding personal data in compliance with:
- The General Data Protection Regulation (GDPR) - EU Regulation 2016/679;
- The ePrivacy Directive 2002/58/EC (as amended);
- Applicable national data protection laws.
By using our services, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Starlightweave Labs
Data Protection Officer: dpo@starlightweave.com
General Inquiries: privacy@aetherweave-gambit.com
3. Data We Collect
3.1 Account Information
When you create an account, we collect:
- Username: Your chosen display name (publicly visible);
- Email Address: Used for account recovery, security notifications, and optional communications;
- Password: Stored using industry-standard hashing (bcrypt); we never store plaintext passwords;
- 2FA Secret: Encrypted storage for two-factor authentication (if enabled).
3.2 Gameplay Data
During gameplay, we collect:
- Character Data: Names, progression, statistics, and customization choices;
- Battle Logs: Records of combat actions for balance analysis and dispute resolution;
- Achievement Data: Progress toward in-game achievements;
- Session Data: Login times, session duration, and activity patterns.
3.3 Technical Data
We automatically collect:
- IP Address: For security, fraud prevention, and approximate geolocation;
- Device Information: Browser type, operating system, and screen resolution;
- Connection Data: WebSocket connection metadata for real-time gameplay.
3.4 Data We Do NOT Collect
We do not collect:
- Payment card numbers (payments processed by third-party providers);
- Government identification numbers;
- Precise GPS location;
- Data from third-party social media accounts (unless you explicitly connect them).
4. Legal Basis for Processing
We process your personal data under the following legal bases (GDPR Article 6):
| Purpose | Legal Basis |
|---|---|
| Account creation and management | Contract performance (Art. 6(1)(b)) |
| Providing the game service | Contract performance (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Game balance and analytics | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
5. How We Use Your Data
We use your personal data to:
- Create and manage your account;
- Provide access to Aetherweave Gambit and its features;
- Authenticate your identity and secure your account;
- Send account-related notifications (password resets, security alerts);
- Analyze gameplay data for balance improvements;
- Detect and prevent cheating, fraud, and Terms of Service violations;
- Respond to your support requests;
- Comply with legal obligations;
- Send marketing communications (only with your consent).
6. Data Storage and Security
6.1 Storage Infrastructure
Your data is stored using the following systems:
- PostgreSQL Database: Used for persistent account data, character information, and historical records. Data is stored with encryption at rest;
- Redis Stack: Used for real-time session management, temporary game state, and caching. Session data is ephemeral and automatically expires.
6.2 Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (TLS 1.3);
- Encryption of sensitive data at rest;
- Password hashing using bcrypt with appropriate cost factors;
- Two-factor authentication option for accounts;
- Regular security audits and vulnerability assessments;
- Access controls limiting employee access to personal data;
- Secure development practices and code review.
6.3 Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify:
- The relevant supervisory authority within 72 hours;
- Affected users without undue delay if the breach is likely to result in high risk.
7. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data (active accounts) | Duration of account existence |
| Account data (inactive accounts) | 2 years after last activity, then anonymized or deleted |
| Gameplay statistics | Duration of account existence |
| Battle logs | 90 days (for dispute resolution), then aggregated anonymously |
| Session data (Redis) | 24 hours after session end |
| Security logs (IP addresses) | 30 days |
| Account deletion requests | Data deleted within 30 days of verified request |
After retention periods expire, data is either permanently deleted or anonymized so it can no longer be associated with you.
8. Data Sharing
8.1 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
8.2 Third-Party Service Providers
We may share data with trusted service providers who assist in operating our service:
- Hosting Providers: Infrastructure for running our servers;
- Email Services: For sending account notifications;
- Analytics: Aggregated, anonymized gameplay data for improvement.
All service providers are bound by data processing agreements compliant with GDPR Article 28.
8.3 Legal Requirements
We may disclose your data if required by law, court order, or government request, or to protect our rights, property, or safety.
9. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of Access (Art. 15) | Request a copy of all personal data we hold about you |
| Right to Rectification (Art. 16) | Request correction of inaccurate or incomplete data |
| Right to Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") |
| Right to Restriction (Art. 18) | Request limitation of processing in certain circumstances |
| Right to Data Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Right to Object (Art. 21) | Object to processing based on legitimate interests |
| Right to Withdraw Consent (Art. 7) | Withdraw consent at any time where processing is based on consent |
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@aetherweave-gambit.com
- Include your username and registered email for verification
We will respond to your request within 30 days. If your request is complex, we may extend this by an additional 60 days with notice.
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your EU member state.
10. Children's Privacy
Aetherweave Gambit is not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction).
We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.
If you believe a child has provided us with personal data, please contact us immediately.
11. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission;
- Adequacy decisions by the European Commission;
- Other legally recognized transfer mechanisms.
You may request information about the specific safeguards applied to your data transfers.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the updated policy on our website;
- Updating the "Effective Date" at the top of this page;
- Sending an email notification for material changes (if you have an account).
We encourage you to review this Privacy Policy periodically.
13. Contact Information
Starlightweave Labs
For privacy-related inquiries:
Data Protection Officer: dpo@starlightweave.com
Privacy Team: privacy@aetherweave-gambit.com
General Support: support@aetherweave-gambit.com