Privacy policy

Last updated: [TODO: date]

This policy explains what personal information we process when you use this game, why, on what legal basis, who receives it, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR). It is written to match exactly what the service does — we run no advertising or analytics trackers, we store your password only as an argon2id hash (never in plain text), and we store your session token only as a SHA-256 hash.

1. Who is responsible (controller)

The controller responsible for processing your information is:

[TODO: operator legal name and legal form]
[TODO: postal address — street and number, no PO box]
Contact e-mail: [TODO: contact e-mail]
Privacy contact / DPO (if appointed): [TODO: DPO contact, or “not required”]

2. What we process, why, and on what basis

Account

When you register we store your e-mail address and your password — the password only as an argon2id hash; the plain-text password is never written to our database. We also store a last-active timestamp so the account can be managed and inactive accounts identified.

Legal basis: performance of a contract (GDPR Art. 6(1)(b)) — running your account so you can play.

Sign-in sessions

For each active sign-in we store only a SHA-256 hash of the session token (never the raw cookie), its creation, last-seen and expiry times, plus the first and last client IP address and the browser user-agent. The IP and user-agent are kept to detect bot sign-ups and multi-account abuse from a single address.

Legal basis: contract (Art. 6(1)(b)) for the session itself; our legitimate interest in service security and abuse prevention (Art. 6(1)(f)) for the IP and user-agent.

Abuse prevention and rate limiting

We use your IP address to enforce request rate limits and to analyse request cadence (a short-lived log of method, route template, IP and user-agent) so we can tell automated traffic from real players.

Legal basis: legitimate interest in keeping the service available and fair (Art. 6(1)(f)).

Content you create

Planet names, your player display name and notes, and the messages you send (in-game mail and chat) are stored and may be reviewed by moderators. Any bug reports you submit are stored. Moderation and administrative actions are logged.

Legal basis: contract (Art. 6(1)(b)) to provide the social features; our legitimate interest in moderation and a safe community (Art. 6(1)(f)).

Error capture

When the service hits an error we record the route template, HTTP method, status, an error message and a truncated stack trace. We deliberately capture no request bodies and no e-mail addresses here. These error records are copied to a separate internal analytics database used only for our engineering error dashboard.

Legal basis: legitimate interest in operating and fixing the service (Art. 6(1)(f)).

Transactional e-mail

We send transactional e-mail only — for example a password-reset or account-confirmation link. These are sent through an outbound SMTP relay provider. We send no marketing e-mail.

Legal basis: contract / pre-contract steps (Art. 6(1)(b)).

Browser push notifications (optional)

If you turn on push notifications, your browser gives us a push-service endpoint URL and two browser-minted keys, which we store (one record per device) so we can deliver notifications. These records are deleted with your account, and you can withdraw this consent at any time by disabling notifications.

Legal basis: your consent (Art. 6(1)(a)), given when you enable notifications.

3. Who receives your information

Our outbound e-mail (SMTP) provider, only for transactional mail: [TODO: SMTP provider name].
Your browser vendor’s push service (for example Google, Mozilla, Apple or Microsoft), only when a notification you opted into is delivered.
An internal analytics database (our own infrastructure) that mirrors error records for our engineering dashboard.

We do not sell your information and we do not share it with advertising or analytics networks.

4. How long we keep it

Session records: until the session expires or you sign out.
Request-cadence / rate-limit logs: a fixed rolling window of [TODO: N days], then automatically pruned.
Error records: [TODO: error-analytics retention window].
Account information and content you created: until you delete your account (some content may be retained in anonymised form where another player’s record depends on it).

5. Your rights

Under the GDPR you have the right to:

access the information we hold about you;
have inaccurate information corrected;
have your information erased;
restrict or object to certain processing;
receive your information in a portable format;
withdraw consent for push notifications at any time; and
lodge a complaint with a supervisory authority — the competent authority is [TODO: supervisory authority and contact].

To exercise any of these rights, contact us at [TODO: contact e-mail]. A self-service account deletion and data-export option is planned.

See also our cookie notice, terms of service and imprint.