BattleSphere
Privacy Policy
This Privacy Policy explains how BattleSphere collects, uses, and protects your personal data. It applies to all users of the BattleSphere platform and any future domains under which the platform is operated.
1. Data Controller
The data controller responsible for the processing of your personal data is:
Benjamin Gruenwald
Austria
Email: benjamin.gruenwald@outlook.com
2. What Data We Collect
We collect only the data necessary to provide the BattleSphere service.
| Category | Data collected | When |
|---|---|---|
| Account data | Email address, display name / username | At registration |
| Campaign & gameplay data | Campaign names and settings, faction names, player assignments, battle records, territory control history, event posts, achievement records, chronicle entries | During use of the platform |
| Authentication data | Encrypted password hash (never stored in plaintext), session token stored in a browser cookie | At login / registration |
| Technical data | IP address, browser type, operating system, timestamp of requests | Automatically, via server and hosting logs |
We do not collect payment data, government identification numbers, health data, or any special categories of personal data as defined under Art. 9 GDPR.
4. Legal Basis for Processing
We process your personal data on the following legal bases under the GDPR:
- Performance of a contract (Art. 6(1)(b) GDPR): Processing your account data, campaign data, and authentication data is necessary to provide the BattleSphere service you have registered for.
- Legitimate interests (Art. 6(1)(f) GDPR): Technical log data is processed to maintain the security, stability, and integrity of the platform. Our legitimate interest is the prevention of abuse, fraud, and unauthorised access.
5. Third-Party Service Providers
To operate BattleSphere, we rely on the following third-party data processors. These providers act on our instructions and are bound by data processing agreements (DPAs) in accordance with GDPR requirements.
Supabase (database & authentication)
Supabase, Inc. provides our database and user authentication infrastructure. Your account data, campaign data, and session tokens are stored on Supabase servers. We use the EU-based Supabase region to ensure data is stored within the European Economic Area. Supabase's privacy policy is available at supabase.com/privacy.
Vercel (hosting & content delivery)
Vercel, Inc. hosts the BattleSphere web application and serves it to users. Vercel may process technical log data (including IP addresses) as part of delivering the service. Vercel is certified under the EU–US Data Privacy Framework and offers a GDPR-compliant Data Processing Addendum. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
We do not sell, rent, or share your personal data with any other third parties, nor do we use your data for advertising purposes.
6. Data Retention
- Account and campaign data is retained for the lifetime of your account. If you request deletion of your account, your personal data will be permanently deleted within 30 days.
- Technical log data is retained for up to 90 days for security and troubleshooting purposes, after which it is automatically deleted or anonymised by our hosting provider.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request that inaccurate data be corrected.
- Right to erasure (Art. 17): Request that your personal data be deleted ("right to be forgotten").
- Right to restriction (Art. 18): Request that we limit the processing of your data in certain circumstances.
- Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
To exercise any of these rights, please contact us at benjamin.gruenwald@outlook.com. We will respond within 30 days. There is no charge for exercising your rights.
8. Minors
BattleSphere is intended for users aged 16 and over. We do not knowingly collect personal data from children under the age of 16. If you are under 16, please do not register or submit any personal information. If we become aware that a user is under 16, we will delete their account and associated data promptly.
Parents or guardians who believe their child has registered on BattleSphere should contact us at benjamin.gruenwald@outlook.com and we will act immediately.
9. Data Security
We take the security of your data seriously and implement appropriate technical measures to protect it, including:
- Encrypted HTTPS connections for all data transmission
- Passwords stored exclusively as secure cryptographic hashes (never in plaintext)
- Row-level security policies in our database, ensuring users can only access their own and shared campaign data
- Session tokens transmitted only via secure, HTTP-only cookies
In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and inform affected users without undue delay.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the platform, applicable law, or our data practices. When we make material changes, we will notify registered users by email and update the "Last updated" date below. Continued use of BattleSphere after the effective date of any changes constitutes acceptance of the revised policy.
11. Contact & Complaints
For any questions, requests, or concerns relating to this Privacy Policy or the handling of your personal data, please contact:
Benjamin Gruenwald
Email: benjamin.gruenwald@outlook.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Austrian data protection authority:
Datenschutzbehörde (DSB)
Barichgasse 40–42, 1030 Vienna, Austria
www.dsb.gv.at · dsb@dsb.gv.at