Privacy Policy

Who We Are

The data controller for Shadowrealm: Age of Darkness is Mortek, operated by Maurice Moret, residing in the Netherlands. All inquiries concerning your personal data may be directed to mauricemoret1991@gmail.com.

This policy applies solely to the Shadowrealm: Age of Darkness web application, including all pages, features, and services operated under that name. It does not extend to external websites we may link to; those realms answer to their own laws.

What We Collect

In the course of your passage through the realm we collect the following categories of information:

• Account data. Your email address, chosen username, and character name. These are provided by you at registration and are necessary to identify your account.
• Game data. Your character's progress, rank, statistics, inventory, gold and banked gold, achievements, titles, arena record, guild membership, in-game mail correspondence, and forum posts. This is the substance of your existence in the realm.
• Technical data. Your IP address, browser type, device information, and session authentication tokens. These are collected automatically when you connect and are necessary to deliver the service securely.
• Payment data. When you purchase gems or other offerings, payment processing is handled entirely by Stripe. We receive only a transaction reference and the package purchased. We never receive, process, or store your card number, CVV, or full billing address.
• Support communications. Messages you send through the support contact form, including the content and any attachments, so that the keepers may respond to your petition.

Why We Use It

Under the General Data Protection Regulation we are required to identify a lawful basis for each purpose for which we process your data. The following purposes and their bases govern our use:

• Providing the game and your account. We process your account data and game data to fulfil the contract you enter when you register. Without this processing the service cannot exist for you. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Security, fraud prevention, and abuse detection. We analyse technical data and behaviour patterns to detect unauthorised access, scripting, multi-accounting, and other conduct that threatens the integrity of the realm. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).
• Transactional communications. We send account verification emails, password reset messages, and payment receipts. These are not marketing; they are necessary to operate your account. Legal basis: performance of a contract.
• Retention of payment records. We retain records of purchases as required by Dutch and European tax law. Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).
• Responding to support requests. We use the content of your support messages solely to investigate and respond to your petition. Legal basis: legitimate interests.

Third Parties

We engage a small number of trusted third parties to operate the realm. Each receives only the data necessary for their specific role:

• Stripe — payment processing. Stripe receives your payment details directly and processes them under their own privacy policy and PCI DSS compliance programme. We receive only a transaction reference and status. Stripe's privacy policy is available at stripe.com/privacy.
• Railway — hosting and infrastructure. Our application and database run on Railway's platform. Railway processes data on our behalf as a data processor. Your data does not leave their infrastructure except as described in this policy.
• Resend — transactional email delivery. When we send you an account verification link, a password reset, or a payment receipt, Resend transmits that message on our behalf. They act as a data processor and do not use your email address for any other purpose.

We do not sell your personal data. We do not share your data with advertisers, data brokers, analytics networks, or any party not named above. If we ever engage a new processor we will update this policy before doing so.

Cookies

Shadowrealm uses cookies strictly and only for authentication. When you log in, a session token is stored in a cookie to keep you identified between page loads. This cookie expires when you log out or after the session window closes.

We do not use tracking cookies. We do not use advertising cookies. We do not embed third-party analytics scripts that plant cookies on your device. There are no remarketing pixels, no fingerprinting libraries, and no social media buttons that report your visit to external networks. The realm watches you only enough to know you are you.

Data Retention

We retain your personal data for as long as your account is active and the realm remains open. The following rules govern how long different categories of data are kept after your account is closed or deleted:

• Account and game data. Upon deletion of your account, your personal data — email address, username, IP logs, and session records — will be removed from our systems within 90 days. Game data tied solely to your identity is removed at the same time.
• Payment records. Transaction records are retained for seven years as required by Dutch tax law (Belastingdienst retention obligations). These records contain only transaction identifiers and amounts, not card details.
• Forum posts. Posts you have made in public forum threads may be anonymised — your username replaced with a generic attribution — rather than deleted outright, in order to preserve the coherence of discussions. You may request full deletion of your own posts by contacting us; we will honour such requests where technically feasible and where doing so does not destroy the context of replies made by others.
• Support correspondence. Messages sent through the support form are retained for one year after the issue is resolved, then deleted.

Your Rights

Under the GDPR, residents of the European Economic Area hold the following rights with respect to their personal data. We honour these rights for all users regardless of where they are located.

• Right of access. You may request a copy of all personal data we hold about you, along with information on how it is used and with whom it is shared.
• Right to rectification. If any data we hold is inaccurate or incomplete, you may request that it be corrected.
• Right to erasure. You may request that we delete your personal data. This right is not absolute — it does not extend to data we are legally required to retain — but we will erase all we are able to when a valid request is made.
• Right to restriction. You may ask us to restrict processing of your data while a dispute is being resolved rather than having it deleted outright.
• Right to data portability. You may request your account and game data in a structured, machine-readable format so that you may take it elsewhere.
• Right to object. You may object to processing we carry out on the basis of legitimate interests. We will cease such processing unless we can demonstrate compelling grounds that override your interests.
• Right to lodge a complaint. If you believe your rights have been infringed, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl, or with the supervisory authority of your country of residence.

To exercise any of these rights, send an email to mauricemoret1991@gmail.com with the subject line Privacy Request. Include your username and a description of what you are requesting. We will respond within 30 days.

Age Requirement

Shadowrealm: Age of Darkness is intended for persons aged 18 and over. The realm contains themes of combat, death, gambling, and dark fantasy violence that are not appropriate for minors.

We do not knowingly collect personal data from any person under the age of 18. By registering, you declare that you are 18 or older. If we discover or are credibly informed that an account belongs to a person under 18, we will close that account without notice and delete all associated personal data within 30 days. If you believe a minor has registered, please inform us at mauricemoret1991@gmail.com.

Changes to This Policy

The realm grows and the laws that govern it must grow with it. We may revise this policy when the law requires, when our practices change, or when new risks emerge that demand new protections. The latest version will always be published at this page.

When changes are material — affecting your rights, the data we collect, or the purposes for which we use it — we will announce them in-game before they take effect, so that those who walk the realm are not taken unawares. Continued use of the service after a change takes effect constitutes acceptance of the policy as it then stands. If you do not accept a change, you may close your account before it takes effect and request deletion of your data.