Privacy Policy

1) Data controller

2) Personal data we collect

• Account data: email, username, authentication data (e.g., password hash), account settings.
• Gameplay/usage telemetry: in-game actions, session times, feature use, error events, performance metrics.
• Device & log data: IP address, device identifiers, browser/app version, OS, timestamps, referral/URL, cookies or similar identifiers.
• Payments (if you buy virtual coins/items): transaction identifiers, purchase status, and limited billing details from payment providers/app stores. We do not store full card details.
• Support communications: messages you send to us and related metadata.

3) Purposes and GDPR lawful bases

• Provide the service (create/login to accounts, deliver gameplay, provide virtual items): Contract (Art. 6(1)(b)).
• Security, fraud prevention, and abuse detection: Legitimate interests (Art. 6(1)(f)) and, where required, Legal obligation (Art. 6(1)(c)).
• Analytics and service improvement: Legitimate interests (Art. 6(1)(f)); for non-essential cookies/SDKs, Consent (Art. 6(1)(a)).
• Payments and accounting (records, chargebacks, taxes): Contract and Legal obligation (Art. 6(1)(b),(c)).
• Customer support: Contract and Legitimate interests (Art. 6(1)(b),(f)).

4) Sharing and recipients

We share personal data only as needed with: (a) hosting, analytics, and security providers; (b) payment processors/app stores for purchases; (c) professional advisers (e.g., accountants); (d) authorities if required by law; and (e) parties in a merger or asset sale (with appropriate safeguards).

5) International transfers

If data is transferred outside the EEA, we use recognised safeguards such as European Commission adequacy decisions or Standard Contractual Clauses and apply additional security measures where appropriate.

6) Retention

• Account data: for as long as your account is active; then deleted or anonymised within a reasonable period unless required otherwise.
• Logs/security records: typically up to 12 months (longer if needed for incident investigation).
• Telemetry: kept for the period needed for analytics and improvement (often aggregated/anonymised).
• Purchase and accounting records: generally up to 10 years where required by law.

7) Your rights (EEA/LV)

You may request access, rectification, erasure, restriction, portability, and you may object to processing based on legitimate interests. Where processing is based on consent, you can withdraw consent at any time (without affecting prior processing). To exercise rights, contact us at contact@luckralv.com.

You also have the right to lodge a complaint with Latvia’s supervisory authority: Datu valsts inspekcija (DVI).

8) Security

We use technical and organisational measures designed to protect personal data (e.g., access controls, encryption in transit, monitoring). No system is 100% secure.

9) Children

Our services are not intended for children. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us so we can take appropriate action.

10) Changes

We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date.