Welcome, valued member of our community.This document represents our solemn pledge to you regarding the stewardship of your personal information. At CODESTORM INTERACTIVE LIMITED ("CODESTORM," "we," "us," or "our"), a company headquartered at UNIT 98 OF FACTORY A 1/F, UNION HING YIP FACTORY BUILDING, NO.20 HING YIP STREET, KWUN TONG, HONG KONG, we understand that trust is the foundation of any great community. The digital worlds we create are built not only on code and creativity but also on the confidence you place in us.

This Privacy Policy (the "Policy" or this "Covenant") is designed to provide you with complete transparency about our data practices. It explains in exhaustive detail what information we collect, why we collect it, how we use and protect it, and the rights and controls you have over your information. This Policy applies to all our products and services, which collectively we refer to as the "Services," including:

Our official websites (the "Websites");

All interactive entertainment products we develop and publish (the "Games");

All associated software, applications, and updates; and

All our community platforms, customer support channels, and official communications.

By using our Services, you signify your understanding and acceptance of the practices described in this Covenant. If you do not agree with this Policy, you must not use our Services. We encourage you to read this document in its entirety, not as a mere formality, but as an open dialogue about how we respect and protect your digital presence in our realms.

Chapter 1: The Core Principles of Our Data Philosophy

Before delving into the specifics, we wish to establish the foundational principles that guide every decision we make concerning your data. These are not just legal requirements; they are our ethical commitments.

1.1. Principle of Transparency:

We believe you have an absolute right to know what information is being collected about you and how it is being used. This Policy is our primary tool for achieving that transparency. We will use clear, unambiguous language to describe our practices, avoiding jargon wherever possible.

1.2. Principle of Purpose Limitation:

We will only collect and process your information for specific, explicit, and legitimate purposes that are clearly outlined in this Covenant. We will not use your data for any purpose that is incompatible with the reasons for which it was originally collected without your explicit consent.

1.3. Principle of Data Minimization:

We are committed to collecting only the information that is strictly necessary to provide and improve our Services, ensure security, and fulfill our legal obligations. We will not collect extraneous data "just in case." Every piece of information we request or gather has a defined and necessary purpose.

1.4. Principle of Security by Design:

The security of your information is paramount. We integrate data protection and security measures into the very fabric of our Services from the earliest stages of development. We employ a multi-layered approach to security, as detailed in Chapter 6, to safeguard your information from unauthorized access, alteration, or destruction.

1.5. Principle of User Control and Empowerment:

We recognize that your personal information belongs to you. We are merely its custodians. We are committed to providing you with accessible tools and clear processes to exercise your rights over your data, including the right to access, correct, and request the deletion of your information.

Chapter 2: The Information We Collect (The "Data Scroll")

To provide a rich, stable, and secure experience, we collect various types of information. We have categorized this information into three scrolls, detailing what we collect and the context of its collection.

Part A: Information You Directly and Voluntarily Provide to Us

This category includes information you knowingly and actively share with us when you interact with our Services.

Account Registration Information:

When you create an account to use our Games or other Services, we collect necessary identifiers. This typically includes a unique username or alias you choose, a password to secure your account, and your email address for verification, communication, and account recovery purposes. We intentionally limit this to the essentials required to establish and maintain your unique presence in our digital realm.

Customer Support Communications:

When you contact our support team for assistance via email at [email protected] or through any in-game support tool, we collect all the information you provide in that communication. This includes the content of your query, any attachments you send (such as screenshots), and the contact information you use. This allows our support agents to understand the context of your issue, investigate it thoroughly, and provide an effective resolution. We maintain a record of these communications to track recurring issues, improve our support processes, and maintain a history of your interactions with us.

Community Platform Interactions:

When you participate in our forums, Discord server, or social media channels, we collect the information you publicly post. This includes your posts, comments, private messages on the platform, and your public profile information on that service. Please remember that these are public or semi-public spaces; any information you share can be seen, collected, and used by others. We advise you to be mindful of the information you disclose about yourself in these environments.

Survey and Feedback Submissions:

From time to time, we may invite you to participate in surveys, playtests, or feedback initiatives to help us improve our Games. If you choose to participate, we will collect your responses. This information is invaluable for us to understand player sentiment, identify areas for improvement, and make data-driven decisions about the future development of our Services. Participation is always voluntary.

Part B: Information We Collect Automatically Through Your Use of the Services

This category includes technical and behavioral information that is generated and collected automatically as you interact with our Services.

Device and System Information:

We automatically collect technical information about the device and operating system you use to access our Services. This includes: your IP (Internet Protocol) address, device type (e.g., PC, iPhone, Android phone), operating system version (e.g., Windows 11, iOS 16), device manufacturer and model, and unique device identifiers (such as IDFA for iOS or Android Advertising ID for Android). This information is crucial for optimizing the Services for your specific hardware, diagnosing technical issues, and ensuring compatibility.

Gameplay and Activity Data:

This is the most extensive category of automatically collected data, as it is core to the gaming experience itself. We collect detailed data about how you play our Games and interact with our Services. This includes, but is not limited to:

Progression Data: Your game progress, levels completed, achievements unlocked, quests undertaken, and the narrative choices you make.

Interaction Data: Your interactions with other players and non-player characters (NPCs), in-game objects, and different areas of the game world.

Performance Metrics: Data on your performance in various game modes, scores, and statistics related to your in-game actions.

Resource Management: Information about the virtual items you acquire, use, and your in-game resource balances.

This data allows us to save your progress, provide persistent experiences, balance gameplay, and identify popular (or unpopular) features to guide future development.

Usage and Telemetry Data:

We collect general data about your interaction with the Services as a whole. This includes timestamps of your logins and logouts, the duration of your sessions, the specific features you use within the game client or on our Website, crash reports, and error logs. Crash reports are particularly vital, as they contain technical information about your system at the moment of a crash, enabling our engineers to identify, reproduce, and fix bugs, thereby improving the stability of the Services for everyone.

General Location Information:

We do not collect precise GPS location data. However, we do derive your approximate geographical location (e.g., country, state, or city) from your IP address. This information serves several critical functions: it helps us comply with region-specific legal requirements, protect against fraud and security threats (e.g., by identifying suspicious login locations), customize content (such as language defaults), and analyze regional trends in our player base.

Cookies and Similar Tracking Technologies:

Like most online services, we use cookies and similar technologies (such as web beacons or pixels) on our Websites. A cookie is a small text file stored on your device that helps us recognize your browser, remember your preferences (like language settings), and understand how you use our Website. We use different types of cookies:

Essential Cookies: These are necessary for the basic functioning of the Website, such as keeping you logged in.

Performance Cookies: These help us collect aggregated and anonymous data about website traffic and user interaction, allowing us to analyze and improve performance.

Functionality Cookies: These remember your choices and provide enhanced, more personal features.

You have control over cookies through your browser settings and can choose to block or delete them, though doing so may impact the functionality of our Websites.

Part C: Information We Receive from Third-Party Sources

We may also receive information about you from third-party platforms and services when you connect them to our Services.

Third-Party Platform Integration:

If you access our Games through a third-party platform like Steam, the Apple App Store, or the Google Play Store, that platform may provide us with certain information from your account with them. This typically includes a unique platform-specific identifier, your public profile information (such as your username or alias), and sometimes your friends list or email address. The specific information shared is governed by the privacy settings you have configured on that platform. We use this information to create and link your CODESTORM account and to enable social features.

Social Media Integration:

If you choose to link a social media account (e.g., Twitter, Facebook) to our Services, we may receive information from that service according to the permissions you grant. This can include your public profile information and friends list, which can be used to facilitate features like finding friends in-game.

Chapter 3: How We Use Your Information (The "Purpose Runes")

Every piece of information we collect is used for a specific and legitimate purpose. We believe in being explicit about these purposes, which we have inscribed below as "Purpose Runes."

To Operate and Provide the Services:

This is our primary purpose. We use your information to: Create and manage your account, allowing you to log in and play. Authenticate your access and protect your account from unauthorized use. Save your game progress, settings, and preferences across sessions. Process your in-game actions and interactions. Provide customer support and respond to your inquiries.

To Improve and Optimize the Services:

We are constantly working to make our Games and Websites better. We use your information to: Identify and fix bugs, crashes, and other technical issues. Analyze gameplay data and user behavior to understand what features are most engaging and where improvements are needed. Conduct A/B testing and research to evaluate the effectiveness of new features. Balance game mechanics to ensure a fair and enjoyable experience for all players. Gather feedback to inform future updates and new game development.

To Personalize Your Experience:

We aim to make your journey in our digital realms more relevant and engaging. We use your information to: Provide customized content and recommendations within the Services. Remember your language and regional settings. Offer you relevant in-game events and activities based on your progress.

To Communicate With You:

We need to be able to contact you for important service-related reasons. We use your information to: Send you critical service-related announcements (e.g., about maintenance, updates to our Terms or this Policy, or security alerts). Respond to your support requests. If you opt-in, send you marketing communications about our new games, events, and other news. You can opt-out of marketing communications at any time.

To Maintain Security and Fair Play:

A safe and fair environment is essential. We use your information to: Detect, investigate, and prevent cheating, fraud, and other unauthorized or illegal activities. Enforce our Terms of Service and this Privacy Policy. Protect the security and integrity of our Services, our company, and our community. Monitor for and take action against toxic behavior and violations of our Code of Conduct.

For Legal and Compliance Purposes: As a registered company, we have legal obligations. We use your information to: Comply with applicable laws, regulations, legal processes, or government requests. Protect our legal rights and defend against legal claims. Prevent harm to the rights, property, or safety of our company, our users, or the public.

Chapter 4: How We Share Your Information (The "Circles of Trust")

We do not sell your personal information. We only share it with trusted third parties under specific circumstances, as detailed below.

With Service Providers and Partners:

We engage third-party companies and individuals to perform services on our behalf. These partners are our trusted collaborators and are contractually obligated to protect your information and use it only for the specific purposes we direct. These services include: Cloud Hosting and Infrastructure: To host our game servers and databases (e.g., Amazon Web Services, Google Cloud). Analytics Services: To help us understand how our Services are used (e.g., Google Analytics). Customer Support Platforms: To manage and respond to your support tickets. Payment Processors: When you make a purchase, your transaction details are handled directly by a secure third-party payment processor. We do not store your full credit card or financial account information.

With Other Players:

Certain information, such as your username, gameplay statistics, and any content you post in public channels, will be visible to other players as a core part of the interactive experience.

For Legal Reasons and to Protect Rights:

We may disclose your information if we believe in good faith that it is necessary to: Comply with a legal obligation, subpoena, court order, or other lawful request from public authorities. Protect and defend the rights, property, or safety of CODESTORM, our users, or the public. Detect, prevent, or otherwise address fraud, security, or technical issues.

In Connection with a Business Transfer:

If CODESTORM is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information.

With Your Consent:

We may share your information for other purposes if we have obtained your explicit consent to do so.

Anonymized and Aggregated Data:

We may share anonymized or aggregated data, which cannot be used to identify you, with partners for research, analysis, or marketing purposes. For example, we might share a report stating the percentage of players who have completed a certain level.

Chapter 5: Your Rights and Controls (The "Sovereign's Toolkit")

We respect your right to control your personal information. Depending on your region of residence, you may have the following rights under applicable data protection laws (such as the GDPR or CCPA).

The Right to Access:

You have the right to request a copy of the personal data we hold about you.

The Right to Rectification:

You have the right to request that we correct any information you believe is inaccurate or incomplete.

The Right to Erasure (Right to be Forgotten):

In certain circumstances, you have the right to request that we erase your personal data.

The Right to Restrict Processing:

You have the right to request that we restrict the processing of your personal data under certain circumstances.

The Right to Data Portability:

You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The Right to Object:

You have the right to object to the processing of your personal data under certain conditions, particularly for direct marketing purposes.

Rights Related to Automated Decision-Making:

We do not typically engage in automated decision-making that has a legal or similarly significant effect on you. If we do, you have the right to be informed and to request human intervention.

How to Exercise Your Rights:

To exercise any of these rights, please submit a request to our support team at [email protected]. We will respond to your request within the timeframe required by applicable law after verifying your identity to protect your privacy and security.

Chapter 6: Data Security (The "Guardian's Aegis")

We take the security of your information very seriously and implement a range of technical and organizational measures designed to protect it from unauthorized access, loss, misuse, alteration, or destruction.

Technical Measures:

These include using encryption to protect data in transit (using protocols like SSL/TLS) and at rest, employing firewalls and intrusion detection systems, and regularly conducting security assessments and penetration testing.

Organizational Measures:

Access to your personal information is strictly limited to authorized CODESTORM employees and contractors who have a legitimate business need to access it. These individuals are bound by strict confidentiality obligations. We conduct regular data security and privacy training for our staff.

Your Role in Security:

While we do our utmost to protect your data, no system is impenetrable. The security of your account also depends on you. You are responsible for keeping your password confidential and for using a strong, unique password.

Data Breach Response:

In the unlikely event of a data breach that affects your personal information, we have a response plan in place. We will take immediate steps to contain the breach and will notify you and the relevant authorities in accordance with our legal obligations.

Chapter 7: Data Retention (The "Sands of Time")

We will retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected, as outlined in this Policy. The criteria used to determine our retention periods include:

The duration your account is active: We retain most of your data as long as you have an active account with us to provide you with our Services.

Our legal and regulatory obligations: We may need to retain certain information for a specific period to comply with legal requirements (e.g., for tax and accounting purposes).

The need to resolve disputes and enforce agreements: We may retain information to resolve potential disputes, enforce our Terms of Service, and protect our legal rights.

Once your information is no longer needed for these purposes, we will securely delete or anonymize it.

Typical Retention Periods:

Account Data: Retained for the duration of your account's activity. If your account is inactive for a period of three (3) years, we may delete it and associated data.

Customer Support Communications: Retained for three (3) years from the date of the last communication.

Transaction and Payment Data: Retained for seven (7) years to comply with financial and tax regulations.

Gameplay Data: Retained for the life of the account to ensure continuity of service, unless deletion is requested.

Technical Logs: Retained for one (1) year for security and operational analysis.

Upon expiration of the applicable retention period, or upon your request where permissible, we will securely delete or anonymize your personal data.

Chapter 8: International Data Transfers (The "Global Nexus")

CODESTORM is based in Hong Kong, but we operate on a global scale. As such, your personal information may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer your information internationally, we take steps to ensure that it is protected in accordance with this Privacy Policy and applicable laws. We rely on legal mechanisms such as Standard Contractual Clauses (SCCs) and adequacy decisions to ensure a sufficient level of data protection for such transfers.

Chapter 9: Children's Privacy (The "Young Explorer's Charter")

Our Services are not directed to children under the age of 13 (or the relevant age of digital consent in your region, such as 16 in parts of Europe). We do not knowingly collect personal information from children. If we learn that we have inadvertently collected personal information from a child, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and you believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected], and we will work with you to address the issue.

Chapter 10: Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by posting the revised policy on our Websites and, where appropriate, through other means such as an in-game notification, before the changes become effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Chapter 11: Governing Law and Dispute Resolution

Governing Law:

This Privacy Policy and any disputes related thereto shall be governed by and construed in accordance with the laws of the Hong Kong Special Administrative Region of the People's Republic of China ("Hong Kong"), without regard to its conflict of law principles.

Dispute Resolution:

Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, or the breach, termination, or invalidity thereof, shall be settled through amicable negotiations. If the dispute cannot be resolved through negotiations within sixty (60) days, either party may submit the dispute to the Hong Kong International Arbitration Centre (HKIAC) for arbitration in accordance with the HKIAC's rules in effect at the time of applying for arbitration. The seat of arbitration shall be Hong Kong, the number of arbitrators shall be one, and the language of the arbitration shall be English. The arbitral award shall be final and binding on both parties.

Chapter 12: Contact Information

Your trust is important to us. If you have any questions, concerns, or feedback about this Privacy Policy or our data practices, please do not hesitate to contact our Data Protection team.

CODESTORM INTERACTIVE LIMITED

Address: UNIT 98 OF FACTORY A 1/F, UNION HING YIP FACTORY BUILDING, NO.20 HING YIP STREET, KWUN TONG, HONG KONG

Contact Email: [email protected]

Thank you for being a part of our community and for placing your trust in CODESTORM. We are committed to honoring that trust by protecting your privacy.