⚠️ Template — needs lawyer review before production launch.
This page accurately describes what we currently collect and how we handle it,
but the legal language has not been reviewed by a qualified attorney. Do not
rely on this for compliance with GDPR, CCPA, COPPA, or any other regulation
until a real lawyer signs off.
Privacy Policy
Last updated: 2026-04-24. Effective date: 2026-04-24.
What we collect
We try to collect as little as possible. The current set:
Account data (required to play)
- Email address — used for login and password reset. Never sold or shared.
- Password hash — bcrypt-hashed, never stored in plaintext, never recoverable in clear by us.
- 2FA secret + recovery codes (if you enable 2FA) — stored server-side, used for verifying TOTP codes.
Gameplay data
- Heroes, gear, currencies, levels, stages cleared
- Battle history (logs, outcomes, teams used) — used for replays + balance work
- Guild membership + chat messages
- Arena match history
- Daily login + quest progress
- Event participation, currency balances, redeemed milestones
- Inventory cap usage and mailbox overflow
Operational data
- Server-side request logs — method, path, status, latency, request ID. IPs are stored short-term for rate-limiting + abuse detection.
- Error reports (Sentry) — stack traces of unhandled exceptions. We filter known-personal-data fields out of these.
- Aggregate metrics (Prometheus) — counters of API calls, battle outcomes, summon results. No per-user data.
Payment data (only if you make a purchase)
Payments are processed by Stripe (web), Apple StoreKit (iOS), or Google Play Billing (Android). We never see your full card number. We do receive and store:
- Transaction ID + processor (Stripe / Apple / Google)
- Amount + currency code + product SKU
- Purchase timestamp + state (pending / completed / refunded)
- Last 4 digits of your card and card brand (provided by Stripe; for refund support only)
What we don't collect
- No cross-site tracking pixels
- No advertising IDs
- No third-party social login data (we don't have social login)
- No biometric data
- No location beyond the IP-derived country your requests come from
- No microphone, camera, contacts, or any other device-level sensor data
How we use it
- Run the game — display your roster, save your progress, match you with arena opponents
- Honor your purchases — credit currencies and grant heroes when you buy something
- Detect abuse — rate-limiting, ban evasion, refund-fraud detection
- Fix bugs — when an error happens, the request ID + stack trace go to Sentry so we can debug
- Improve balance — we look at aggregate gameplay stats (no per-user identifiers) to tune drop rates
We do not sell your data. We do not share your data with marketers. We do not use your data to train AI models.
Where it lives
Our database is hosted in [REGION TBD — production deployment pending Phase 4]. Backups are encrypted and stored in the same region. Sentry is hosted on Sentry's infrastructure (US-region). Stripe / Apple / Google handle payment data on their own infrastructure under their own privacy policies.
How long we keep it
- Active account data: as long as the account exists.
- Deleted account data: hard-deleted within 24 hours of account deletion (DELETE /me). The audit log retains a record that the account was deleted (id + timestamp + reason if banned) for 90 days for fraud-prevention, then is purged.
- Server request logs: 30 days, then aggregated and purged.
- Sentry error reports: 30 days.
- Payment records: 7 years for tax + dispute purposes (regulatory requirement).
Your rights
You can:
- Access your data — most of it is visible in-game on the /me tab. For a full export, email support@hero-proto.local.
- Correct your email — currently support-mediated; self-serve in Phase 2.
- Delete your account — POST /me from the dashboard or email support.
- Object to processing — email support; we'll work with you.
- Withdraw consent for optional features (2FA, marketing emails — though we don't send marketing emails) at any time.
Under GDPR (if you're in the EU/UK) and CCPA (if you're in California), you have additional rights. Email support and we'll honor them.
Children's privacy
This game is not directed at children under 13. We do not knowingly collect data from anyone under 13. If we discover an account belongs to a child under 13, we delete it. If you're a parent who believes your child has registered, email support and we'll handle it.
Cookies + local storage
We use:
- localStorage for your JWT (auth token), sound preferences, and which tab you last visited. These never leave your browser.
- No cookies for tracking or advertising.
- The Service Worker caches our static assets for offline use. It does not track behavior.
Changes to this policy
If we change what we collect, we'll update this page and bump the "last updated" date at the top. Significant changes will surface in the in-app announcement system. We won't materially weaken your privacy without your explicit consent.
Contact
Privacy questions: privacy@hero-proto.local
General support: see support page.