1. Data We Collect & Protect
We only gather information essential to operate and secure our services. All data is encrypted and stored on secure servers:
- Account Credentials: Email, username, and hashed passwords.
- Gaming Activity: Play history, achievements, preferences—used to personalize securely.
- Technical Details: IP address, device type, browser version—for threat detection.
- Communications: Support tickets and forum posts, encrypted at rest.
2. How We Secure Your Data
We employ industry-leading safeguards to prevent unauthorized access:
- Encryption: TLS for data in transit; AES-256 at rest.
- Access Control: Role-based permissions and multi-factor authentication for staff.
- Regular Audits: Quarterly security reviews and penetration testing.
- Secure Infrastructure: ISO-certified data centres with 24/7 monitoring.
3. Confidentiality & Access Controls
We enforce strict internal policies to ensure your data remains confidential:
- Least Privilege: Staff access only what’s necessary for their role.
- Data Segmentation: Separation of PII and usage analytics.
- Employee Training: Mandatory security and privacy workshops.
- Data Protection Officer: Oversight of compliance with GDPR and UK law.
4. Data Minimization & Anonymization
We limit data collection and anonymize wherever possible:
- Collect only what’s required to deliver services.
- Aggregate and anonymize analytics to protect individual identities.
- Remove personal identifiers once no longer needed.
5. Your Security Rights
You have full control over your data under GDPR and UK GDPR:
- Access: View the data we hold about you.
- Correction: Update any inaccurate information.
- Deletion: Request secure erasure of your data.
- Portability: Receive your data in a standard format.
- Restriction: Limit specific processing activities.
6. Breach Notification
In the unlikely event of a data breach, we will:
- Activate our incident response team immediately.
- Notify the ICO within 72 hours, if required.
- Inform affected users without undue delay.
- Implement corrective measures to prevent recurrence.
7. Third-Party Security
All partners handling your data must meet our security standards:
- Signed Data Processing Agreements (DPAs).
- Regular security assessments and SOC 2 compliance.
- Encrypted data transfers via secure APIs.
8. Data Retention & Secure Disposal
We retain data only as long as necessary, then delete it securely:
- Account info: Retained until account closure or 2 years of inactivity.
- Purchase history: Stored for 7 years for legal compliance.
- Support logs: Archived for 3 years, then purged.
- Analytics: Anonymized and retained indefinitely for insights.
9. Children’s Data Protection
We take extra care when handling minors’ information:
- Services not for users under 13.
- No intentional collection of children’s data.
- Parental controls: Guardians can review or delete data.
10. Policy Review & Updates
We review this policy annually or when laws change. Major updates will be:
- Marked by a new “Last Updated” date.
- Communicated via email and site notifications.
- Subject to renewed consent where required.