Privacy Policy for Realm of Dungeons

§1. General Provisions

This Privacy Policy governs the processing of personal data in the Realm of Dungeons application (hereinafter "Application") operated by Krzysztof Zaleski (hereinafter "Administrator")[1][3]. The Policy constitutes an integral part of the Terms of Use and complies with EU General Data Protection Regulation (GDPR) requirements[2][3].

§2. Data Controller

The Administrator of your personal data is:
Krzysztof Zaleski
Contact email: webzaleski@gmail.com[1][4]

§3. Data Collection and Processing

3.1 Types of Processed Data

The Application collects and processes:

Account Data: Username and password (hashed using bcrypt library)[5]
Gameplay Data: Character statistics, inventory, and progression
Technical Data: IP address, device information, and session cookies[1][4]
Local Storage: Session maintenance data stored directly on user devices[5]

3.2 Legal Basis

Data processing occurs under Article 6(1)(b) GDPR for service performance[1][3]. Session storage is essential for application functionality[5].

§4. Data Security Measures

The Administrator implements technical safeguards including:

Password Hashing: BCrypt algorithm with salt rounds for credential protection[5]
Network Security: TLS encryption for data in transit
Access Controls: Role-based server access restrictions
Regular Audits: Security vulnerability assessments every 90 days[4]

§5. Data Storage and Retention

Server Storage: User accounts and character data persisted in private databases until account deletion[5]
Device Storage: Session tokens automatically cleared after 30 days inactivity[5]
Backups: Encrypted daily backups retained for 90 days[4]

§6. User Rights

Under GDPR, users may:

Access: Request full data export in machine-readable format
Rectification: Update account information through application settings
Erasure: Delete account and associated data permanently
Restriction: Temporarily freeze account processing
Portability: Obtain game progress data for transfer[3][4]

Exercise rights via email to webzaleski@gmail.com with "GDPR Request" in subject[1][4].

§7. Third-Party Services

The Application uses:

Analytics: Aggregated usage statistics without personal identifiers
Hosting: EU-based servers with GDPR-compliant providers[4]
Payment Processors: External services handling financial transactions separately[2]

§8. Cookies and Local Storage

The Application utilizes:

Session Cookies: Authentication tokens valid until browser closure[1]
Local Storage: Persistent game settings and preferences[5]
Strictly Necessary: No marketing or tracking cookies employed[3]

Adjust settings through browser preferences while noting certain features may become unavailable[2][4].

§9. Policy Updates

Users will receive email notification of material changes 30 days prior to effect[4]. Continued use constitutes acceptance of revised terms[1].