Royal Charter of Privacy
Privacy Policy
How Thronestead collects, uses, retains, and safeguards your information — and the rights and self-service controls you hold over your own data.
Privacy at a glance — a plain-language summary
The four things that matter most. The rest of the policy is the detail.
- Collected with purpose. Only the account, gameplay, and security data needed to run and protect the realm.
- Never sold for coin. We do not sell your personal data. Not to advertisers, not to data brokers.
- Yours by right. Access, correction, deletion, and export are available where your local law provides them.
- Guarded continuously. Security and abuse-prevention may continue where necessary to protect users and the platform.
This summary is for orientation only — it is not a replacement for the full text. The numbered sections below are the binding policy and prevail if anything differs.
1. Scope
This Privacy Policy explains how Thronestead collects, uses, shares, retains, and protects personal information when you use Thronestead websites, game clients, account systems, support channels, and official community spaces.
2. What we collect
We may collect account details (email, username, authentication tokens), gameplay telemetry (match events, progression, alliance interactions), transaction metadata, support correspondence, moderation evidence, browser and device signals, and anti-abuse security logs.
3. How we collect it
Information comes from three sources: data you provide directly, data generated through your use of the Services, and data from trusted partners such as payment providers, fraud-detection services, hosting vendors, and support tooling.
4. Why we process it
We process personal information to operate gameplay features, maintain accounts, authenticate sessions, fulfill purchases, enforce community rules, investigate abuse, provide support, monitor service health, and improve the overall experience.
5. Legal bases
Depending on your jurisdiction, processing may rely on contract performance, legitimate interests, legal obligations, your consent for optional activities, or protection of vital interests related to safety and fraud prevention.
6. Cookies and similar technologies
We use essential cookies for sign-in and security, functional cookies for preferences, and analytics tools for aggregate performance insights. Where required by law, non-essential cookies operate under consent controls.
7. Sharing and disclosure
We may share data with vetted service providers for infrastructure, analytics, payments, communications, customer support, and abuse prevention. We may also disclose data to comply with legal obligations, protect rights and safety, or support merger and acquisition processes.
8. Cross-border transfers
Your data may be processed outside your country of residence. We apply transfer safeguards appropriate to applicable law, including contractual protections, risk assessments, and relevant technical and organizational controls.
9. How long we keep data
We retain data only as long as needed for service operation, legal compliance, fraud prevention, and dispute resolution. Retention periods vary by data category and may be extended for legal holds, investigations, or active appeals.
10. Security
We use layered safeguards including encryption in transit, role-based access controls, audit logging, monitoring, and incident response procedures. No system is perfectly secure, so please protect your credentials and report suspicious activity promptly.
11. Your rights
Subject to local law, you may request access, correction, deletion, data export, objection to processing, restriction, and withdrawal of consent for optional processing. We may verify your identity before fulfilling requests to protect account ownership.
12. Marketing communications
You can opt out of non-essential marketing through account settings or unsubscribe links. Service-critical notices such as security alerts, legal updates, and incident reports may still be sent when operationally required.
13. Children
Thronestead is not directed at children under 13. If we learn that personal data was collected from a child without required consent, we will take reasonable steps to delete that data and restrict the affected account.
14. Automated monitoring
Automated systems and human reviewers work together to detect abuse, exploits, fraud, and policy violations. Significant enforcement outcomes may include temporary restrictions while investigations and appeals proceed.
15. Regional privacy rights
Additional rights may apply under regional frameworks such as GDPR, UK GDPR, US state privacy laws, and equivalent statutes. Region-specific request pathways are available through support and the Legal Hub.
16. Breach response
We maintain breach response procedures to triage, contain, investigate, and remediate incidents. Where required, we notify regulators and affected users within applicable legal timelines.
17. Policy updates
This policy may be updated for legal, technical, or product reasons. Material changes are announced through in-service messages, legal update notices, or direct account communication where legally required.
18. Contact and complaints
Submit privacy requests through Contact Support under “Privacy Request.” You may also contact your local supervisory authority where your law provides that right. All policies are listed in the Legal Hub.
19. Privacy contact point
Where required by law, Thronestead designates a privacy contact channel routed through support to ensure region-aware handling, identity verification, and legally compliant response timelines.
20. Language and interpretation
If a translated version of this policy conflicts with the version designated for your account jurisdiction, the designated version controls unless local law requires otherwise.
21. Verification and response timelines
To prevent unauthorized disclosure, we verify your identity before fulfilling privacy requests. Verified requests are processed within statutory timelines, with extension notices provided when legally permitted due to complexity or volume.
22. Related policies
This Privacy Policy works alongside the Terms of Service and Code of Conduct. Where obligations overlap, the stricter privacy, safety, or legal standard applies.
Exercise your rights
Three direct paths covering the privacy actions most users come here for. Each route preserves identity verification and statutory timelines as described in the policy above.
Access, export, or delete your data
Routed through Contact Support under “Privacy Request,” with identity verification and region-aware handling.
Open Contact Support Self-serviceForget anonymous landing analytics
Wipes the local anonymous identifier and asks the backend to delete associated landing-event rows.
Open the landing page Legal hubRead the rest of the charters
Terms of Service, Code of Conduct, and other governing documents kept alongside this policy.
Open Legal Hub