Privacy Policy

Important — Please Read Carefully

This Privacy Policy explains how Riftborn Tactics collects, uses, shares, and protects your personal information. By accessing or using Riftborn Tactics — including the game client, website, and all related services — you acknowledge that you have read and understood this Privacy Policy. We encourage you to read this document in its entirety so that you are fully informed about your rights and the choices available to you.

1. Introduction

Riftborn Tactics (“we,” “us,” or “our”) is an online trading card game. We are committed to protecting and respecting your privacy. This Privacy Policy describes the types of personal information we collect, how we use and safeguard that information, and the choices you have regarding your data.

1.1 Scope.

This Privacy Policy applies to all information collected through the Riftborn Tactics game client (desktop, mobile, and any other platforms), our official website, community forums, customer support channels, and any other services or features we operate that link to this Privacy Policy (collectively, the “Services”).

1.2 Agreement.

By creating an account, downloading the game client, or otherwise accessing the Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

1.3 Supplemental Notices.

In some cases, we may provide additional or supplemental privacy notices specific to certain services, regions, or features. Those notices will supplement — and, where they conflict, will take precedence over — this Privacy Policy.

2. Information We Collect

We collect information in several ways: directly from you, automatically when you use our Services, and from third-party sources. The categories below describe the types of information we may collect.

2.1 Information You Provide Directly

When you interact with our Services, you may voluntarily provide the following types of information:

• Account Registration Data: When you create an account, we collect your chosen username, email address, a securely hashed version of your password, and your date of birth (used for age verification and eligibility purposes).
• Payment Information: When you make in-game purchases, we collect transaction details such as purchase amount, date, and item(s) purchased. Full payment card numbers and financial account details are processed directly by our third-party payment processors and are not stored on our servers. We receive only transaction confirmation data, such as the last four digits of a card number and transaction identifiers.
• Customer Support Communications: When you contact our support team, we collect the contents of your messages, any attachments you provide, and related metadata (such as timestamps and ticket numbers).
• Chat Logs and In-Game Messages: We collect and temporarily store text-based communications sent through in-game chat features, including direct messages, team chat, and public lobbies. These logs are used for moderation, safety enforcement, and abuse prevention.
• User-Generated Content: Any content you create, upload, or share through the Services — including custom deck names, profile descriptions, forum posts, and submitted feedback — is collected and stored by us.

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

• Device Information: Hardware model, operating system and version, browser type and version, screen resolution, unique device identifiers, and language preferences.
• IP Address and Geolocation: Your Internet Protocol (IP) address and approximate geolocation data at the country or region level. We do not collect precise GPS-level location data.
• Gameplay Data: Match history, win/loss records, deck compositions, cards owned, in-game currency balances, play patterns, matchmaking ratings, and ranked progression data.
• Session Information: Session duration, frequency of play, login timestamps, and time spent in various game modes or menus.
• Crash Reports and Performance Logs: Diagnostic data including crash dumps, error logs, frame rate data, latency measurements, and hardware performance metrics used to identify and resolve technical issues.
• Referral Source: Information about how you arrived at our Services, such as referring URLs, advertising campaign identifiers, or promotional codes used.

2.3 Information from Third Parties

We may receive information about you from the following third-party sources:

• Social Media Login Data: If you choose to register or log in using a third-party service (such as Google, Apple, Discord, or Steam via OAuth/SSO), we receive basic profile information authorized by that service, which may include your display name, email address, and profile picture.
• Payment Processor Transaction Confirmations: Our payment processors provide us with transaction status confirmations, fraud risk assessments, and limited billing details necessary to fulfill your purchases.
• Anti-Cheat and Fraud Detection Services: Third-party anti-cheat partners may provide us with device integrity signals, risk scores, and flagged activity reports to help us maintain fair play and protect our community.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Maintaining the Services. To operate, deliver, and improve Riftborn Tactics, including creating and managing your account, enabling gameplay features, and delivering purchased content.

3.2 Processing Transactions. To process in-game purchases, verify transactions, and provide purchase confirmations and digital receipts.

3.3 Matchmaking and Game Balance. To pair you with appropriate opponents based on skill level, to analyze gameplay patterns for balancing card mechanics, and to maintain competitive integrity across ranked and casual modes.

3.4 Anti-Cheat Enforcement. To detect, investigate, and prevent cheating, hacking, exploiting, and other violations of our Terms of Service, including the use of unauthorized third-party software or modified game clients.

3.5 Customer Support. To respond to your inquiries, troubleshoot technical issues, resolve disputes, and administer your account.

3.6 Personalization. To customize your experience, including displaying relevant in-game offers, recommending content, and tailoring the user interface to your preferences and play history.

3.7 Analytics and Service Improvement. To conduct internal analytics, monitor usage trends, measure feature adoption, and inform product development decisions that enhance the quality and performance of our Services.

3.8 Communications. To send you service-related messages (such as patch notes, maintenance alerts, and security notifications) and, with your consent or where otherwise permitted, marketing communications about new features, events, or promotions. You may opt out of marketing communications at any time (see Section 8).

3.9 Legal Compliance. To comply with applicable laws, regulations, and legal processes, including responding to lawful requests from public authorities.

3.10 Safety and Security. To protect the safety, rights, and property of Riftborn Tactics, our users, and the public, including investigating potential violations of our Terms of Service and preventing fraud, abuse, and other harmful activities.

4. Cookies, Tracking Technologies, and Analytics

Our website and Services use cookies and similar tracking technologies to enhance your experience and collect information about how you interact with our platforms.

4.1 Types of Cookies Used

• Essential Cookies: These cookies are strictly necessary for the operation of our website and Services. They enable core functionality such as account authentication, session management, and security features. You cannot opt out of essential cookies.
• Functional Cookies: These cookies remember your preferences and settings (such as language selection, display preferences, and region) to provide a more personalized experience.
• Analytics Cookies: These cookies help us understand how users interact with our website and Services by collecting information about pages visited, features used, and navigation paths. This data is aggregated and used to improve the Services.
• Advertising Cookies: These cookies may be used to deliver relevant advertisements and to measure the effectiveness of our advertising campaigns. They may track your activity across different websites.

4.2 Third-Party Analytics Services

We use third-party analytics services to help us analyze how users engage with our Services. These providers may collect information sent by your device or our Services, including the pages you visit, session data, and other usage information. The information generated is used to evaluate use of the Services and to compile statistical reports on activity.

4.3 Cookie Consent and Management

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or customize your cookie preferences. You may modify your cookie settings at any time through the cookie preferences link in the footer of our website or through your browser settings. Please note that disabling certain cookies may limit your ability to use some features of the Services.

4.4 Do Not Track Signals

Some browsers offer a “Do Not Track” (“DNT”) signal. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, our Services do not respond to DNT signals. However, you may manage your tracking preferences through the cookie management tools described in Section 4.3.

4.5 Pixel Tags and Similar Technologies

We may also use pixel tags (also known as web beacons or clear GIFs), embedded scripts, and similar technologies in our emails and on our website to collect information about your interactions, such as whether you opened an email or visited a particular page. This information is used to improve our communications and to measure the effectiveness of our outreach efforts.

5. How We Share Your Information

We do not sell your personal information. We may share your information with third parties only in the following circumstances:

5.1 Service Providers. We share information with trusted third-party vendors and service providers who perform services on our behalf, including hosting and infrastructure providers, payment processors, analytics providers, anti-cheat and fraud detection partners, customer support platforms, and email delivery services. These providers are contractually obligated to use your information only as necessary to perform services for us and in accordance with this Privacy Policy.

5.2 Legal Obligations. We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud or respond to a government request.

5.3 Business Transfers. In the event that Riftborn Tactics is involved in a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

5.4 With Your Consent. We may share your information with third parties when you have given us your explicit consent to do so, including when you choose to connect your account with third-party services or platforms.

5.5 Aggregated and De-Identified Data. We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Such data may be used for industry analysis, research, marketing, and other purposes without restriction.

5.6 Public Gameplay Data. Certain gameplay information is publicly visible by design, including your username, match results, leaderboard rankings, and competitive statistics. By participating in ranked play, tournaments, or other public features, you acknowledge that this information may be visible to other users and the general public.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

6.1 Active Account Data. Information associated with your account (including profile data, gameplay history, and preferences) is retained for the duration of your account's active existence.

6.2 Post-Deletion Retention. When you request deletion of your account, we initiate a soft-delete process. Your account will be deactivated immediately and your personal data will be marked for deletion. The following retention periods apply:

• Soft-Delete Period: Your account data is retained in a deactivated state for thirty (30) days following your deletion request, during which time you may contact us at support@riftborntactics.com to restore your account.
• Backup Retention: After the soft-delete period, your data is purged from active systems. However, residual copies may persist in encrypted backup systems for up to ninety (90) days before being permanently overwritten.

6.3 Transaction Records. Records of financial transactions (including purchase history, payment confirmations, and refund records) are retained for the period required by applicable tax, financial, and accounting laws, which may extend beyond the deletion of your account.

6.4 Moderation and Safety Records. Records related to enforcement actions (such as bans, suspensions, and abuse reports) may be retained for a reasonable period following account deletion to maintain the safety and integrity of the Services and to prevent re-offending.

6.5 Anonymized Analytics Data. Data that has been fully anonymized and aggregated such that it can no longer be associated with an identifiable individual may be retained indefinitely for analytical, research, and service improvement purposes.

7. Data Security

We take the security of your personal information seriously and implement a range of technical and organizational measures designed to protect it against unauthorized access, alteration, disclosure, or destruction.

7.1 Technical Safeguards.

Our security measures include, but are not limited to:

• Encryption of data in transit using Transport Layer Security (TLS) protocols.
• Encryption of sensitive data at rest using industry-standard encryption algorithms.
• Secure hashing of passwords — we never store passwords in plaintext.
• Role-based access controls limiting employee and contractor access to personal information on a need-to-know basis.
• Multi-factor authentication for internal administrative access to systems containing personal data.

7.2 Organizational Safeguards.

We conduct regular security audits and vulnerability assessments, maintain an incident response plan for potential data breaches, and provide security awareness training to our personnel.

7.3 Incident Response.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities in accordance with applicable law, including information about the nature of the breach, the data involved, and the steps we are taking to address it.

7.4 No Guarantee.

While we strive to protect your personal information, no method of transmission over the Internet and no method of electronic storage is completely secure. We cannot guarantee the absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

8. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights and making it easy for you to exercise them.

8.1 Access and Portability. You have the right to request a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format. To submit an access or portability request, please contact us at support@riftborntactics.com.

8.2 Correction. You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You may update certain account information directly through your account settings; for other corrections, please contact our support team at support@riftborntactics.com.

8.3 Deletion. You have the right to request the deletion of your account and associated personal data. Deletion requests are subject to the retention periods described in Section 6 and any legal obligations that require us to retain certain information. To request deletion, visit the account management section of the Settings menu or contact us directly at support@riftborntactics.com.

8.4 Opt-Out of Marketing Communications. You may opt out of receiving promotional emails by clicking the “unsubscribe” link included in each marketing email or by adjusting your communication preferences in your account settings. Please note that even after opting out, you will continue to receive transactional and service-related communications (such as security alerts and patch notifications).

8.5 Cookie Preferences. You may manage your cookie preferences through the cookie management tools on our website or through your browser settings, as described in Section 4.3.

8.6 Withdraw Consent. Where we rely on your consent as the legal basis for processing your personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

8.7 Right to Lodge a Complaint. If you believe that we have not handled your personal information in accordance with applicable law, you have the right to lodge a complaint with a supervisory authority in your country or region of residence.

8.8 Additional Rights for EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to restriction of processing of your personal data.
• The right to object to processing based on legitimate interests or for direct marketing purposes.
• The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
• The right to lodge a complaint with your local Data Protection Authority.

8.9 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we have collected, used, disclosed, and sold (if applicable) about you.
• The right to delete your personal information, subject to certain exceptions.
• The right to correct inaccurate personal information.
• The right to opt out of the sale or sharing of your personal information. As stated in Section 5, we do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.
• The right to limit the use and disclosure of sensitive personal information.

8.10 Additional Rights for Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including:

• The right to access personal information we hold about you and to be informed of its use and disclosure.
• The right to challenge the accuracy and completeness of your personal information and to have it amended as appropriate.
• The right to withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions.
• The right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

9. Children's Privacy

9.1 Age Restriction. Riftborn Tactics is not directed at children under the age of thirteen (13). We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will take steps to delete such information from our systems as promptly as possible.

9.2 Parental Consent for Users Aged 13-17. Users between the ages of 13 and 17 may use the Services only with the consent of a parent or legal guardian. In jurisdictions that require a higher minimum age for data processing (such as 16 in certain EU member states), we will comply with the applicable local requirements. We may require verifiable parental consent before allowing certain features or data collection for users in this age group.

9.3 Parental Rights. If you are a parent or legal guardian and believe that your child under the age of 13 has provided personal information to us without your consent, or if you wish to review, correct, or request deletion of your child's personal information, please contact us at support@riftborntactics.com. We will respond to verified parental requests in accordance with applicable law, including the Children's Online Privacy Protection Act (COPPA) in the United States and equivalent legislation in other jurisdictions.

9.4 International Compliance. We are committed to complying with applicable child protection laws worldwide, including COPPA (United States), the Age Appropriate Design Code (United Kingdom), and the GDPR's provisions on children's consent (European Union).

10. International Data Transfers

10.1 Cross-Border Processing. Riftborn Tactics is operated in Canada. Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction.

10.2 Safeguards. When we transfer personal data across borders, we implement appropriate safeguards to ensure that your information receives an adequate level of protection, regardless of where it is processed. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules, where applicable.
• Certification under recognized data transfer frameworks.
• Obtaining your explicit consent for specific transfers, where required by law.

10.3 Further Information. For more information about the specific safeguards we apply to international data transfers, or to obtain a copy of the relevant transfer mechanisms, please contact us at support@riftborntactics.com.

11. Changes to This Privacy Policy

11.1 Right to Update. We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Last Updated” date at the top of this document.

11.2 Notification of Changes. We will provide notice of changes through one or more of the following methods:

• Posting the updated Privacy Policy on our website.
• Sending an email notification to the address associated with your account.
• Displaying an in-game notice or banner upon login.

11.3 Material Changes. For material changes that significantly affect your rights or the way we use your personal information, we will provide at least thirty (30) days' advance notice before such changes take effect. Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree to the revised Privacy Policy, you should discontinue use of the Services and may request deletion of your account.