privacy policy

1. controller and data protection officer

2. data we collect

2.1 automatically collected data

we automatically collect:

• ip address and general location (country/region)
• browser type and version
• device type and operating system
• pages visited and time spent on site
• referrer information

2.2 gaming and virtual economy data

as part of our gaming services and virtual economy:

• gameplay data: in-game achievements and statistics
• virtual currencies: celestium (purchased), argentum and aurum (in-game currencies), and related transactions
• community data: forum posts, comments, community interactions and reputation
• feedback and support: user feedback posts, error logs, and support communications

3. legal basis for processing

we process your personal data based on:

• contract performance (art. 6(1)(b) gdpr): account management, service provision
• legitimate interest (art. 6(1)(f) gdpr): website analytics, security, fraud prevention
• consent (art. 6(1)(a) gdpr): marketing communications, optional features
• legal obligation (art. 6(1)(c) gdpr): tax records, legal compliance

4. how we use your data

4.1 service provision

• creating and managing your user account
• providing access to tier-based content
• processing achievements and virtual currencies
• enabling community features (forums, comments)

4.2 communication

• sending important account and service updates
• responding to support requests
• newsletter and promotional emails (with consent)
• community notifications and mentions

4.3 analytics and improvement

• understanding how our website is used
• improving user experience and features
• identifying and fixing technical issues
• security monitoring and fraud prevention

5. cookies and tracking technologies

we use cookies and similar technologies to enhance your experience and understand how our website is used.

for detailed information about our use of cookies, including:

• what cookies we use and why
• how to manage your cookie preferences
• your rights regarding cookies
• technical details and retention periods

please see our dedicated cookie policy.

6. data sharing and disclosure

we do not sell your personal data. we may share data with:

6.1 service providers

• hosting: our server provider for website hosting
• email: email service providers for communications

6.2 legal requirements

we may disclose data when required by law, court order, or to protect our rights and safety.

7. data retention

• account data: stored as long as your account is active or as needed for legal obligations
• session tokens: deleted when your session ends
• feedback logs: retained until issue resolution
• forum posts: retained for community continuity (username anonymized on account deletion)
• legal/tax records: 7 years as required by austrian law

for cookie retention periods, see our cookie policy.

8. your rights (gdpr)

you have the right to:

• access: request a copy of your personal data
• rectification: correct inaccurate or incomplete data
• erasure: request deletion of your data ("right to be forgotten")
• restriction: limit how we process your data
• portability: receive your data in a machine-readable format
• object: object to processing based on legitimate interest
• withdraw consent: withdraw consent for consent-based processing

to exercise these rights, contact us at privacy@aerraflow.com

9. international data transfers

your data is primarily processed within the european union. any transfers outside the eu are made with appropriate safeguards:

• standard contractual clauses (sccs)
• adequacy decisions by the european commission
• other appropriate safeguards as required by gdpr

10. data security

we implement appropriate technical and organizational measures:

• encryption of data in transit and at rest
• secure server infrastructure with regular updates
• access controls and authentication systems
• regular security audits and monitoring
• staff training on data protection

11. age requirements

our service is restricted to users 18 years of age or older. this global age requirement ensures compliance with international regulations and provides a consistent experience for our worldwide user base.

we do not knowingly collect personal data from individuals under 18. if we become aware of such collection, we will delete the data immediately and terminate the account.

12. hora game-specific data collection

our game "hora" has specific data collection practices:

12.1 twitch integration for voting system

• purpose: temporary chat data collection for in-game voting
• data collected: twitch chat messages during voting sessions
• retention: used for connection validation, then immediately deleted

12.2 steam integration for feedback

• purpose: bug report tracking and feedback management
• data collected: steam id when submitting feedback
• retention: stored for up to 30 days maximum

12.3 error logs and crash reports

• purpose: technical issue identification and game stability
• data collected: error logs that may contain player identifiers
• retention: approximately one month

13. changes to this policy

we may update this privacy policy to reflect changes in our practices or legal requirements. we will:

• post the updated policy on our website
• update the "last updated" date
• notify users of material changes via email or website notice
• for significant changes, seek renewed consent where required

14. complaints

if you have concerns about our data processing:

• contact us directly at privacy@aerraflow.com
• file a complaint with the austrian data protection authority
• contact any eu supervisory authority in your country

15. contact us

for questions about this privacy policy or our data practices: