Ledgerfall · back to the landing

The privacy policy

UK GDPR and PECR · what we hold and why
Pre-launch draft. The bracketed details are completed, and this notice removed, before anything is sold to the public. The substance below is the operating policy as built.

1 · The short version

We collect the minimum needed to run the game and the store: your email if you create an account, your saved games, your purchase records (never your card number), and first-party usage events. Optional analytics run only if you accept them, and they are cookieless. We do not sell data, run advertising, or profile you.

Controller: [LEGAL ENTITY NAME], [REGISTERED ADDRESS]. Contact: [PRIVACY EMAIL]. Effective date: [DATE].

2 · What we collect and why

Email address
Account creation and sign-in · Authentication (sign-in links) and account identity · Lawful basis: contract
Saved games and settings
Playing while signed in · The service itself · Lawful basis: contract
Purchase and entitlement records
Purchases (amounts, items, Stripe session ids; never card numbers) · Fulfilment, receipts, refunds, fraud prevention · Lawful basis: contract; legal obligation (accounting)
Store credit and referral records
Using the referral programme · Operating the programme and preventing abuse · Lawful basis: contract; legitimate interests
First-party usage events
Using the game and store (sign-up, first turn, store view, purchase steps; a random anonymous id for signed-out play) · Understanding whether the product works; no cookies are set and nothing goes to third parties · Lawful basis: legitimate interests
Aggregate cookieless analytics (Plausible, EU-hosted)
Only after you accept analytics · Page-level usage statistics; no personal profiles, no cross-site tracking · Lawful basis: consent
Technical logs (IP, user agent, timestamps)
All requests · Security, rate limiting, abuse prevention · Lawful basis: legitimate interests

Anonymous play needs no account and no email. Card details go directly to Stripe; we never receive or store them.

3 · Cookies and local storage

Strictly necessary only: a session cookie when you sign in, a consent cookie recording your analytics choice, and a 30-day referral cookie if you arrive on a referral link (it records only the referral code). Game progress and preferences for anonymous play live in your browser's local storage. Our analytics option (Plausible) sets no cookies at all, which is why the consent question is a single choice with reject as easy as accept.

4 · Who processes data for us

Stripe (payments; their own privacy notice applies to card data), Neon (database hosting, AWS eu-west-2, London), Vercel (application hosting and request logs), Resend (transactional email: sign-in links and receipts), Plausible (consented analytics, EU-hosted, cookieless), and Google (only if you choose Google sign-in). Each acts under a data processing agreement; where a processor transfers data outside the UK it does so under UK-recognised safeguards (UK IDTA or the addendum to EU SCCs, or adequacy).

5 · Retention

Account data and saves: while your account exists, then deleted within 30 days of account deletion. Purchase and credit records: 6 years (accounting law). Funnel events: raw events 24 months, then aggregate only. Technical logs: 30 days. Consent records: while the choice is in force plus 12 months.

6 · Your rights

Under UK GDPR you can ask for access, correction, deletion, restriction and portability, and can object to legitimate-interest processing; where we rely on consent you can withdraw it at any time (the Analytics link below reopens the choice). Write to [PRIVACY EMAIL]; we respond within one month. You can complain to the Information Commissioner's Office (ico.org.uk) at any time.

7 · Children

Ledgerfall is not directed at children under 13 and we do not knowingly hold their data.

8 · Changes

We will post material changes here with an updated effective date and, for significant changes, a notice in the product.

The termsThe privacy policy