Karthwyld

Karthwyld · Legal

Privacy Policy

How we handle your information.

Effective 2026-05-09

This Privacy Policy explains how Karthwyld Ltd (Limited Company) collects, uses, and protects information when you use Karthwyld (the “Service”). For the purposes of GDPR and similar regimes, we are the data controller.

1. What We Collect

We collect only what we need to run the game:

  • Account data · the email address you sign up with (or the auth provider identifier if you use a third-party login), and any display name you choose.
  • Game state · your wizard, party, items, progress, currency balances, and ledger of in-game transactions.
  • Payment metadata · for purchases of Aether Shards, we receive from Stripe a session id, the amount, the currency, and a payment status. We never see or store your card number, CVV, or full bank details.
  • Operational logs · server-side logs of requests for security and debugging, retained for up to 90 days.

2. What We Don’t Collect

  • We do not run third-party advertising trackers.
  • We do not sell your data.
  • We do not collect physical address, phone number, or government ID.

3. Why We Collect It

The data above is used solely to:

  • Authenticate your account and protect it from abuse.
  • Save and load your game progress across sessions.
  • Process Aether Shard purchases and refunds.
  • Maintain a leaderboard, where you opt in.
  • Diagnose and fix bugs and performance issues.

4. Sub-processors

We rely on a small set of trusted third parties to operate the Service. They process data on our behalf under their own privacy terms:

  • Supabase · database and authentication (US-hosted Postgres).
  • Vercel · web hosting and edge delivery.
  • Stripe · payment processing (PCI-DSS Level 1).
  • Cloudflare · bot mitigation (Turnstile) and edge caching.
  • Upstash · rate-limit counters (Redis).

5. International Transfers

Some sub-processors store data outside your country (typically the United States). Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Cookies and Local Storage

We use cookies and browser local storage for the minimum needed to keep you signed in, remember UI preferences (audio mute, combat mode, etc.), and run anti-abuse challenges. We do not use third-party advertising cookies.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct it.
  • Ask us to delete your account and associated data.
  • Object to or restrict certain processing.
  • Receive a copy in a portable format.
  • Withdraw consent (where we rely on consent as a legal basis).
  • Lodge a complaint with your local data-protection authority.

Send any request to support@karthwyld.com. We aim to respond within 30 days.

8. Data Retention

We retain account data for as long as your account is active. After account deletion, identifiable data is removed within 30 days, except that financial records (purchase history) are retained for up to 7 years where required by tax and accounting law. Operational logs are pruned every 90 days.

9. Children

The Service is not directed at children under 13. If we learn that a user under that age has created an account, we will close the account and delete associated personal data. Parents who believe their child has signed up should contact us at support@karthwyld.com.

10. Security

We use industry-standard measures (TLS in transit, encrypted at rest at the database layer, scoped access tokens, and least- privileged service keys) to protect your data. No system can be guaranteed perfectly secure, but we will inform affected users promptly in the event of a confirmed breach involving their personal data, in line with applicable law.

11. Changes

We may update this Privacy Policy. Material changes will be announced and reflected by an updated effective date at the top of this page.

12. Contact

Privacy questions or requests: support@karthwyld.com.