Privacy Policy
This policy explains what personal data AdventureWorld (https://adventureworld.online) processes, why, on what legal basis, and what rights you have. We follow the principle of data minimization: we collect only what the game needs to run.
1. Controller
The controller responsible for data processing (Art. 4(7) GDPR) is:
Emilian-Vasile Cristea
Hauptstrasse 112
97909 Stadtprozelten
Germany
E-Mail: cristeaemilianvasile@gmail.com
2. What we process
- Account data: your email address and a salted, one-way password hash (never your plain password), used to create and secure your account.
- World saves and play data: your saved worlds, play time, and game progress, stored so you can continue your game across devices.
- Anonymous client IDs: a random identifier generated on your device so the anonymous free tier works without registration.
- Local storage: session tokens, save data, and settings are stored in your browser's localStorage. This is technically necessary to run the game and keep you logged in — no tracking, no analytics, no advertising cookies or similar technologies are used at all.
3. Processors
- Stripe (Stripe Payments Europe, Ltd.): payments. Stripe acts as merchant of record for purchases — your payment data (card details, billing data) is processed directly by Stripe; we never see or store your card data. See stripe.com/privacy.
- Cloudflare (Cloudflare, Inc.): hosting and content delivery. Cloudflare processes technical connection data (e.g. IP address, request metadata) in server logs as necessary to deliver and secure the service. See cloudflare.com/privacypolicy.
4. Purposes and legal bases
- Art. 6(1)(b) GDPR — performance of a contract: providing the game and your account, storing your world saves, processing purchases and delivering the digital content you bought.
- Art. 6(1)(c) GDPR — legal obligation: retaining transaction and invoice records where German commercial and tax law requires it.
- Art. 6(1)(f) GDPR — legitimate interest: keeping the service secure and available (e.g. abuse prevention, security-relevant server logs). Our interest is limited to what is strictly necessary for operation.
5. Retention
We keep your personal data until you delete your account or ask us to erase it. Where legal retention duties apply (e.g. German tax and commercial record-keeping for purchase transactions), the affected records are kept for the statutory period and then deleted.
6. Your rights
Under the GDPR you have the right to:
- access your personal data (Art. 15),
- rectify inaccurate data (Art. 16),
- erasure of your data (Art. 17),
- restriction of processing (Art. 18),
- data portability (Art. 20),
- object to processing based on legitimate interests (Art. 21), and
- withdraw any consent you have given, at any time, with effect for the future (Art. 7(3)).
You also have the right to lodge a complaint with a supervisory authority. For us this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany — www.lda.bayern.de.
7. International transfers
Our processors Stripe and Cloudflare may process data outside the EU/EEA. Such transfers are covered by adequacy safeguards under Chapter V GDPR (e.g. the EU–US Data Privacy Framework and/or Standard Contractual Clauses).
8. Minors
AdventureWorld is not directed at children under 16. Account creation requires an age declaration; accounts for players under 16 require the consent of a parent or legal guardian. If you believe a child has created an account without such consent, contact us and we will delete it.
9. Privacy requests and deletion
For any privacy request — access, export, correction, or deletion of your data — email cristeaemilianvasile@gmail.com or support@adventureworld.online. To delete your account and all associated data, email us from the address registered with your account; we will confirm the deletion once it is complete.
← Back to AdventureWorld