Privacy & Cookies

This policy explains how we collect, use, store and protect personal data when you use Adult Fantasy Manager (the "Service").

For privacy requests, contact: [email protected]

Who we are

What data we collect

We only collect information that is necessary for the Service to function.

1. Account information
   • Email
   • Username
   • Password (securely hashed)
2. Gameplay data
   • Packs opened
   • Cards owned
   • Marketplace activity
   • Matches played
   • Other in-game actions
3. Technical and security logs
   • IP address — recorded on account registration, login, and significant in-game actions. We store IP addresses specifically to detect and investigate abuse, including multi-accounting, ban evasion, botting, fraud, and other prohibited conduct. IP data may be used to apply IP-level blocks where serious violations are found.
   • Device and browser details
   • Timestamps
   • Error logs
   • Rate limit logs
   • Security events (for abuse prevention)
4. Communications

   If you contact us directly, we may receive your email content and metadata.

5. Chat content
   • Messages you send in the public lobby and direct messages
   • Images and GIFs you upload as chat attachments
   • Reactions, read receipts and typing indicators
   • The pair of users a direct message thread is between (so we can deliver it)
   • Mutual-friendship status, which is used to gate who you can DM
6. Voluntary donations

   If you choose to make a voluntary donation, the payment is processed via PayPal.me, a third-party platform. We do not receive or store your PayPal account details, card numbers, or payment credentials. We only see confirmation that a payment was sent and the associated PayPal transaction record. To identify your in-game account, you are asked to include a short personal code in the PayPal payment note. This code is stored server-side and linked to your account solely for the purpose of crediting Coins.

7. Optional data

   Only if you choose to provide it voluntarily.

We do not collect sensitive biometric data, government IDs or unrelated personal information.

We do not run analytics or ads at this time.

How we use your data and legal bases

We process data for the following purposes:

1. Running the Service

   To create your account, let you log in, maintain your collection and handle all gameplay interactions.
   Legal basis: contract.

2. Security and integrity

   To prevent abuse, cheating, spam, fraud, botting, multi-accounting, ban evasion, account takeovers, DDoS attacks and other harmful activity. This includes using IP addresses to identify patterns of abuse, enforce account bans, and block re-registration by bad actors.
   Legal basis: legitimate interests.

3. Legal compliance

   To comply with age restrictions, safety laws, IP requests or other mandatory regulations.
   Legal basis: legal obligation.

4. Communications

   To send essential service messages such as verification emails or security alerts.
   Legal basis: contract or legitimate interests.

5. Optional consent

   If we ever add non-essential cookies or marketing communications, we will ask for your consent first.
   Legal basis: consent.

We do not use your data for advertising.

Sharing and third party processing

We use trusted service providers to run the Service. They process data only under our instructions and under appropriate security safeguards.

Examples include:

• Hosting and infrastructure providers
• Cloud storage providers
• Email delivery services
• Security and anti abuse tools
• Backup and database providers
• PayPal — used to process voluntary donations. PayPal's own privacy policy governs data collected by their platform during payment.

We do not sell personal data.

We do not share data with advertisers or data brokers.

Transfers outside your region are done with legal safeguards such as SCCs.

Data retention

We retain data only for as long as necessary:

• Account and gameplay

  Kept while your account remains active. If you request deletion, we will delete or anonymise your data unless legal obligations require retention.

• Chat messages and uploaded media

  Retained for 7 days from the moment they are sent, then deleted automatically together with any attached file. Empty direct-message threads are pruned on the same schedule. Backups may briefly retain content per the schedule above.

• Security logs (including IP addresses)

  Kept up to 12 months for security, rate limiting, abuse investigation and troubleshooting. Where an IP address is associated with a serious abuse ban, a minimal record may be retained beyond this period solely to enforce the ban and prevent re-registration.

• Backups

  Encrypted backups rotate on a fixed schedule and eventually expire.

• Deleted accounts

  After deletion, we retain minimal metadata needed to prevent fraud or account abuse. This is common for anti abuse systems.

Your rights

Depending on your region, you may have rights over your personal data. These can include:

• Right to access your data
• Right to correct inaccurate data
• Right to delete your account
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent (if applicable)

To exercise any of these rights, email: [email protected]
We respond within a reasonable time frame.

Children

The Service is strictly for adults.

We do not knowingly collect data from anyone under 18.

If you believe a minor has created an account, contact us and we will delete it.

Security

We apply reasonable technical and organisational measures, including:

• Encryption at rest and in transit
• Strict hashing of passwords
• Rate limiting
• Abuse detection
• Monitoring for suspicious activity
• Access controls and role-based permissions
• Regular updates and patches
• Isolation of critical systems
• No plaintext passwords anywhere

No online service can be fully secure, but we work to reduce risks as much as possible.

Cookies

We currently use only essential cookies necessary for the Service to function.

In-game chat (lobby and direct messages)

The Service includes a public chat lobby and direct messages between mutual friends. When you use chat:

• Messages and uploaded media are stored on our infrastructure for up to 7 days, after which they are deleted automatically together with any attached image or GIF. Backups follow the schedule described in the Data retention section above.
• Lobby messages are visible to every other authenticated user of the Service.
• Direct messages are visible to you and the other participant only. We do not read DMs in the course of normal operations.
• We retain the right to access, review, remove or hand over chat content where required for safety, abuse investigation, legal compliance or DMCA enforcement.
• Image uploads are validated for type and size before storage. We do not perform automated content moderation today; any reliance you place on user-supplied media is at your own discretion and risk.
• Reports about user content can be sent to [email protected].

You are solely responsible for the content you send. See the Terms of Service for the rules governing User Content, including the requirement that uploaded media depicts only publicly recognised adult performers and never private individuals.

International transfers

If your data is transferred outside your country, we rely on legal safeguards such as:

• Standard Contractual Clauses
• Adequacy decisions
• Appropriate security and encryption measures

Changes to this policy

We may update this policy if the Service changes or if required by law. If we make material changes, we will provide a clear notice.

Contact us

For privacy questions or requests, contact: [email protected]