Privacy Policy

We collect the following categories of information:

• Account information — name, email address, and password when you register.
• Organisation data — workspace name, slug, member roles, and project configuration you create within the Service.
• Usage data — pages visited, features used, timestamps, and browser/device metadata collected automatically via server logs and analytics.
• Payment information — billing name, address, and card details processed securely by our payment provider (Stripe). We do not store full card numbers on our servers.
• Communications — emails or support messages you send us.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process transactions and send related information (receipts, invoices).
• Send transactional and administrative emails (account verification, password reset, plan changes).
• Respond to enquiries and provide customer support.
• Monitor and analyse usage to improve and develop the Service.
• Detect and prevent fraud or security incidents.
• Comply with our legal obligations.

We do not sell your personal data. We do not use your data to train machine-learning models without your explicit consent.

We share your personal data only in the following limited circumstances:

• Service providers — trusted third-party vendors who assist us in operating the Service (e.g. cloud hosting, authentication, payment processing, email delivery). These providers have access to your data only as necessary to perform their functions and are contractually required to protect it.
• Within your workspace — workspace admins and members can see the names and email addresses of other members of the same workspace.
• Legal requirements — where we are required to disclose data by law, court order, or governmental authority.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We use strictly necessary cookies to maintain your authenticated session and remember your preferences. We may also use analytics cookies to understand how users interact with the Service. You can control cookie settings through your browser; however, disabling certain cookies may affect Service functionality.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (TLS), access controls, and regular security reviews.

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security and encourage you to use strong, unique passwords.

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (e.g. financial records).

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your personal data.
• Restriction — request that we limit how we use your data.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to processing of your data for certain purposes.

To exercise any of these rights, contact us at ludovite@hiddenstate.games. We will respond within 30 days. If you are located in the EEA or UK and believe we have not adequately addressed your request, you have the right to lodge a complaint with your local data protection authority.

Your data may be processed and stored on servers located outside your country of residence. Where we transfer personal data out of the UK or EEA, we ensure appropriate safeguards are in place (such as standard contractual clauses) in accordance with applicable data protection law.

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected such data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new effective date and, where appropriate, by email. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact our data controller: