Privacy & Cookies

This policy explains how we collect, use, store and protect personal data when you use Adult Fantasy Manager (the "Service").

For privacy requests, contact: [email protected]

Who we are

What data we collect

We only collect information that is necessary for the Service to function.

1. Account information
   • Email
   • Username
   • Password (securely hashed)
2. Gameplay data
   • Packs opened
   • Cards owned
   • Marketplace activity
   • Matches played
   • Other in-game actions
3. Technical and security logs
   • IP address — recorded on account registration, login, and significant in-game actions. We store IP addresses specifically to detect and investigate abuse, including multi-accounting, ban evasion, botting, fraud, and other prohibited conduct. IP data may be used to apply IP-level blocks where serious violations are found.
   • Device and browser details
   • Timestamps
   • Error logs
   • Rate limit logs
   • Security events (for abuse prevention)
4. Communications

   If you contact us directly, we may receive your email content and metadata.

5. Voluntary donations

   If you choose to make a voluntary donation, the payment is processed via PayPal.me, a third-party platform. We do not receive or store your PayPal account details, card numbers, or payment credentials. We only see confirmation that a payment was sent and the associated PayPal transaction record. To identify your in-game account, you are asked to include a short personal code in the PayPal payment note. This code is stored server-side and linked to your account solely for the purpose of crediting Coins.

6. Optional data

   Only if you choose to provide it voluntarily.

We do not collect sensitive biometric data, government IDs or unrelated personal information.

We do not run analytics or ads at this time.

How we use your data and legal bases

We process data for the following purposes:

1. Running the Service

   To create your account, let you log in, maintain your collection and handle all gameplay interactions.
   Legal basis: contract.

2. Security and integrity

   To prevent abuse, cheating, spam, fraud, botting, multi-accounting, ban evasion, account takeovers, DDoS attacks and other harmful activity. This includes using IP addresses to identify patterns of abuse, enforce account bans, and block re-registration by bad actors.
   Legal basis: legitimate interests.

3. Legal compliance

   To comply with age restrictions, safety laws, IP requests or other mandatory regulations.
   Legal basis: legal obligation.

4. Communications

   To send essential service messages such as verification emails or security alerts.
   Legal basis: contract or legitimate interests.

5. Optional consent

   If we ever add non-essential cookies or marketing communications, we will ask for your consent first.
   Legal basis: consent.

We do not use your data for advertising.

Sharing and third party processing

We use trusted service providers to run the Service. They process data only under our instructions and under appropriate security safeguards.

Examples include:

• Hosting and infrastructure providers
• Cloud storage providers
• Email delivery services
• Security and anti abuse tools
• Backup and database providers
• PayPal — used to process voluntary donations. PayPal's own privacy policy governs data collected by their platform during payment.

We do not sell personal data.

We do not share data with advertisers or data brokers.

Transfers outside your region are done with legal safeguards such as SCCs.

Data retention

We retain data only for as long as necessary:

• Account and gameplay

  Kept while your account remains active. If you request deletion, we will delete or anonymise your data unless legal obligations require retention.

• Security logs (including IP addresses)

  Kept up to 12 months for security, rate limiting, abuse investigation and troubleshooting. Where an IP address is associated with a serious abuse ban, a minimal record may be retained beyond this period solely to enforce the ban and prevent re-registration.

• Backups

  Encrypted backups rotate on a fixed schedule and eventually expire.

• Deleted accounts

  After deletion, we retain minimal metadata needed to prevent fraud or account abuse. This is common for anti abuse systems.

Your rights

Depending on your region, you may have rights over your personal data. These can include:

• Right to access your data
• Right to correct inaccurate data
• Right to delete your account
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent (if applicable)

To exercise any of these rights, email: [email protected]
We respond within a reasonable time frame.

Children

The Service is strictly for adults.

We do not knowingly collect data from anyone under 18.

If you believe a minor has created an account, contact us and we will delete it.

Security

We apply reasonable technical and organisational measures, including:

• Encryption at rest and in transit
• Strict hashing of passwords
• Rate limiting
• Abuse detection
• Monitoring for suspicious activity
• Access controls and role-based permissions
• Regular updates and patches
• Isolation of critical systems
• No plaintext passwords anywhere

No online service can be fully secure, but we work to reduce risks as much as possible.

Cookies

We currently use only essential cookies necessary for the Service to function.

International transfers

If your data is transferred outside your country, we rely on legal safeguards such as:

• Standard Contractual Clauses
• Adequacy decisions
• Appropriate security and encryption measures

Changes to this policy

We may update this policy if the Service changes or if required by law. If we make material changes, we will provide a clear notice.

Contact us

For privacy questions or requests, contact: [email protected]