← Back to Grindveil

PRIVACY POLICY

Last updated: 4 April 2026

Grindare Studio Limited ("we", "us", "our"), a company registered in England and Wales, operates the Grindveil game and website at grindveil.com ("Service"). This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. DATA CONTROLLER

The data controller is:

Grindare Studio Limited
United Kingdom
Email: [email protected]

2. DATA WE COLLECT

DATA	PURPOSE	LEGAL BASIS
Email address	Account creation, authentication, password recovery, Alpha Tester verification	Contract performance
IP address	Anti-abuse (referral fraud detection), security	Legitimate interest
Game state data	Character progress, items, stats, guild membership, chat messages, PvP history	Contract performance
Device/browser info	Analytics (via Google Analytics), compatibility, debugging	Legitimate interest / Consent
Payment data	Processing purchases via Stripe (we do NOT store card numbers)	Contract performance
Cookies & local storage	Session management, preferences (language, dismissed banners), authentication tokens	Legitimate interest / Consent

3. HOW WE USE YOUR DATA

• Provide the Service — authenticate you, save game progress, enable multiplayer features (chat, guilds, PvP, arena).
• Process payments — facilitate optional in-game purchases via Stripe.
• Prevent abuse — detect multi-accounting, bot usage, exploits, and referral fraud.
• Improve the Service — analyse usage patterns, fix bugs, balance game mechanics.
• Communicate — send important service announcements (e.g., maintenance, Terms changes). We do not send marketing emails unless you opt in.

4. THIRD-PARTY SERVICES

We use the following third-party services that may process your data:

SERVICE	PURPOSE	DATA SHARED	PRIVACY POLICY
Firebase (Google)	Authentication, database, cloud functions, hosting	Email, game data, IP	firebase.google.com/support/privacy
Google Analytics	Usage analytics	Anonymised browsing data, device info	policies.google.com/privacy
Stripe	Payment processing	Payment info (handled by Stripe directly)	stripe.com/privacy
GitHub Pages	Static site hosting	IP address (server logs)	docs.github.com

We do not sell, rent, or trade your personal data to any third party.

5. COOKIES & LOCAL STORAGE

Essential (always active)

• Firebase auth tokens — keep you logged in.
• localStorage keys — language preference, dismissed UI elements, session state. These are strictly necessary for the Service to function.

Analytics (consent-based)

• Google Analytics cookies (_ga, _gid) — help us understand how the Service is used. These are loaded only after you interact with the Service.

You can disable cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

6. DATA RETENTION

• Account & game data — retained for as long as your account exists. If you request deletion, data is removed within 30 days.
• Chat messages — retained for up to 90 days, then automatically pruned.
• IP logs — retained for up to 90 days for anti-abuse purposes.
• Payment records — retained as required by UK tax and accounting law (up to 6 years).

7. YOUR RIGHTS (UK GDPR)

You have the right to:

• Access — request a copy of your personal data.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your account and associated data ("right to be forgotten").
• Restriction — request that we limit processing of your data.
• Data portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. DATA SECURITY

We implement appropriate technical and organisational measures to protect your data, including:

• All data transmitted over HTTPS (TLS encryption).
• Firebase Security Rules restricting database access.
• Server-side validation of all game actions (anti-cheat).
• Access to production systems limited to authorised personnel.

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.

9. INTERNATIONAL TRANSFERS

Our infrastructure is hosted on Google Cloud (Firebase) and GitHub, which may process data in the United States and other countries. These transfers are protected by Standard Contractual Clauses (SCCs) and the providers' compliance with applicable data protection frameworks.

10. CHILDREN

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or our Discord server. The "Last updated" date at the top reflects the most recent revision.

12. COMPLAINTS

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ico.org.uk/make-a-complaint

13. CONTACT

For any privacy-related questions or requests:

• Email: [email protected]
• Discord: discord.gg/DwaJruTCjr