Privacy Policy

Effective: April 30, 2026

This Privacy Policy explains what data Lord Of Chains ("we", "us", "the game") collects from you, how we use it, who we share it with, and your rights over it. By creating an account or playing the game, you agree to the practices described here.

1. Who runs the game

Lord Of Chains is operated by an independent operator based in Belgium. For privacy questions, account deletion requests, or to exercise your rights described below, contact us at support@lordofchains.com.

2. Data we collect

Account data

• Your email address (login, password reset, account recovery)
• Your username and display name
• A hashed copy of your password (we never see or store the plaintext)
• Optional: your timezone (used to display server times correctly)
• Account status, registration date, last login date

Connection data

• Your IP address at registration and each login (used for security and abuse detection)
• A device fingerprint generated from non-personally-identifying browser characteristics, used to detect multi-accounting and ban evasion. We do not collect MAC addresses or other hardware identifiers.
• Session and device cookies, including loc_session (your active login session) and loc_device (a long-lived identifier used in the device fingerprint).

Gameplay data

• Everything you do in the game: army composition, attacks, espionage, market trades, clan membership, messages, achievements, statistics, ranks, notifications generated for your account.

Linked accounts (optional)

• If you sign in with Google: your Google account email and a Google-issued user ID.
• If you sign in with Discord: your Discord username and a Discord-issued user ID.

Mobile app

• If you install the Lord Of Chains Android app, we collect a Firebase Cloud Messaging (FCM) token issued by Google, used to deliver push notifications. You can revoke this at any time by disabling notifications in the app's settings or uninstalling the app.

Payments

• If you purchase Coins, the payment provider (PayPal or Stripe) handles your card or bank details directly. We never see your full card number. We do receive transaction confirmations, an order ID, and the amount paid, which we store to fulfill the purchase and prevent disputes.

What we do NOT collect

• Real names, postal addresses, or phone numbers.
• Geolocation beyond the country-level inferences your IP address may reveal.
• Behavior on third-party sites.
• Children's data (see Section 7).

3. How we use your data

• To operate the game (let you log in, save your progress, dispatch notifications you've opted into).
• To detect cheating, multi-accounting, and abuse, using IP addresses, device fingerprints, and behavior patterns.
• To process your payments and prevent payment fraud.
• To communicate important account or game updates by email.
• To investigate and respond to support requests.

We do not sell your data. We do not use your data for third-party advertising or behavioral ad targeting.

4. Lawful bases for processing (GDPR)

Where the GDPR applies to you, we rely on the following lawful bases:

• Contractual necessity for running the game (account, gameplay, payments).
• Legitimate interest for security, fraud prevention, and abuse detection (IP logging, device fingerprinting).
• Consent for push notifications and any optional features you turn on.
• Legal obligation for retaining payment records as required by tax and consumer-protection law.

5. Who we share your data with

We share data only with service providers essential to running the game:

• Google (Firebase Cloud Messaging, OAuth) for push notification dispatch and optional Google sign-in.
• Discord (OAuth, bot integration) for optional Discord sign-in and clan integration.
• PayPal if you choose PayPal for purchases.
• Stripe if you choose Stripe for purchases.
• Our hosting provider, which runs the servers the game runs on.
• Email provider for transactional email (registration confirmation, password reset).

Each provider only receives the minimum data they need. They are bound by their own privacy policies and our agreements with them.

We will also disclose data if required by law (subpoena, court order) or to protect users from harm.

6. Where data is stored

Data is stored on servers in the European Union. Account passwords are hashed with bcrypt before storage. Database access is restricted, and connections to the website are encrypted with HTTPS. We do not export data outside our infrastructure except to the service providers listed above.

Some service providers (notably Google's Firebase and Stripe) may process data outside the EU. These transfers are governed by the providers' own GDPR-compliant frameworks (Standard Contractual Clauses, adequacy decisions where applicable).

7. Your rights

You have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Correction: ask us to fix anything that's wrong.
• Deletion: request that we delete your account and associated data.
• Restriction: ask us to stop processing your data while a question is being resolved.
• Objection: object to specific kinds of processing.
• Portability: request your data in a machine-readable form.
• Withdraw consent at any time where processing is based on your consent (for example, push notifications).
• Lodge a complaint with a supervisory authority. In Belgium, that is the Autorité de protection des données / Gegevensbeschermingsautoriteit (dataprotectionauthority.be). Users in other EU/EEA countries may complain to their local authority.

To exercise any of these, email support@lordofchains.com from the email address on your account. We aim to respond within 30 days. Some data may be retained for legal reasons even after deletion (for example, payment records for tax purposes).

8. Children

The game is not directed at children under 13. We do not knowingly collect data from anyone under 13.

For users in the EU/EEA, the minimum age is 16, in accordance with GDPR Article 8. By creating an account in the EU/EEA, you confirm you are at least 16 years old.

If you believe a child has registered, contact us at support@lordofchains.com and we will close the account.

9. Cookies

We use a small number of strictly-necessary cookies. None of them are used for advertising or cross-site tracking.

• loc_session - your login session.
• loc_device - a device identifier used for security and fraud detection.
• Two-factor authentication cookies if you've enabled 2FA.

10. Data retention

• Active accounts: data is kept while the account is active.
• Inactive accounts: data is kept indefinitely unless you request deletion.
• Deleted accounts: most data is removed immediately. Some records (logs, payment confirmations) may be retained for up to 90 days for fraud detection or longer where required by tax or accounting law.
• Aggregated, anonymized statistics may be retained indefinitely.

11. Mobile app permissions

The Lord Of Chains Android app requests these system permissions:

• Internet: required to communicate with the game server.
• Notifications: required to display push notifications you've opted into.

The app does not request access to your contacts, photos, location, microphone, camera, or any other system feature.

12. Changes to this policy

We may update this policy from time to time. When we do:

• We post the updated policy at this same URL with a new effective date.
• For material changes, we send a notification to your account email.
• Continued use of the game after changes go into effect constitutes your acceptance.

13. Contact

For privacy questions, account deletion requests, or any concerns about your data:

Email: support@lordofchains.com