Information

Privacy Policy

PRE-LAUNCH CONTENT
This policy describes data processing in the Endgame test environment. It does not confirm completion of the legal review required before production launch.

SCOPE AND ONE ACCEPTANCE
The policy applies to the website, account, game, payments, support, and invitation program. It is accepted together with the Terms and Conditions through the single required checkbox at registration. Activating, entering, or using an invitation code does not require a separate agreement or acceptance.

DATA WE PROCESS
For the account and game, we process the account identifier, login, email address, password only in hashed form, recovery and security data, acceptance time, account status, and character data. For security, we may process the IP address, browser or device information, and technical or audit events.

For payments, we process the order, package, amount in EUR, payment, refund or dispute status, and payment-provider references. Full card details are sent directly to the payment provider and are not stored in the website database.

For invitations, we process the code, linked accounts, binding time, purchase eligibility, bonuses, points, MD conversions, reversals, debt, and administrative actions. To prevent abuse, the invitation binding stores a separately keyed HMAC of the IP signal, not the raw IP address. Messages and attachments sent to support are processed to resolve the request.

BROWSER CODE CAPTURE
When you open a valid invitation link, we store only the code and its expiry in localStorage for up to 30 days. The most recent valid code replaces the previous one. The value is removed after successful registration, on expiry, or when you clear site data. We do not use cookies for the invitation code and do not store the inviter's identity in the browser.

PURPOSES, ACCESS, AND DISCLOSURE
We use data to create and protect the account, provide the game, process payments and refunds, calculate and reconcile rewards, prevent fraud and abuse, respond through support, and meet applicable obligations. Access is role-limited. Strictly necessary data may be shared with the payment provider, technical hosting, email and support providers, or authorities when required by law.

In the inviter's interface, we may show the invited player's representative character name, binding date, whether an eligible purchase occurred, and reward activity. We do not show the amount, package, payment time, provider identifiers, IP address, or internal security signals.

RETENTION AND SECURITY
Account and game data is kept while the account is active and afterward only as needed for recovery, security, and applicable obligations. Payment, refund, acceptance, and reward-ledger records are kept as needed for reconciliation, disputes, and legal obligations; separable data that is no longer needed is deleted or anonymized. The invitation IP HMAC expires after no more than 180 days unless a documented investigation is active.

We use hashed passwords, role-based access, protected connections, audit logs, backups, and monitoring. No system removes all risk; confirmed incidents are investigated and handled under applicable obligations.

RIGHTS AND CONTACT
Where applicable, you may request access, correction, deletion, restriction, or objection through the published support channel. Some requests may be limited by account security, the rights of others, or duties to retain financial and audit records. Use the same support channel for questions about data, payments, refunds, or invitations.