Privacy Policy

Last Updated: January 15, 2025

Effective Date: January 15, 2025

1. Controller and Data Protection Officer

Controller: Aerra Flow e. U.

Address: Neustraße 7/2, 4522 Sierning, Austria

Email: privacy@aerraflow.com

Commercial Register: FN 628502v, Regional Court of Steyr

VAT ID: ATU76134639

2. Data We Collect

2.1 Automatically Collected Data

We automatically collect:

  • IP address and general location (country/region)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on site
  • Referrer information

2.2 Gaming and Virtual Economy Data

As part of our gaming services and virtual economy:

  • Gameplay Data: In-game achievements and statistics
  • Virtual Currencies: Celestium (purchased), Argentum and Aurum (in-game currencies), and related transactions
  • Community Data: Forum posts, comments, community interactions and reputation
  • Feedback and Support: User feedback posts, error logs, and support communications

3. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance (Art. 6(1)(b) GDPR): Account management, service provision
  • Legitimate Interest (Art. 6(1)(f) GDPR): Website analytics, security, fraud prevention
  • Consent (Art. 6(1)(a) GDPR): Marketing communications, optional features
  • Legal Obligation (Art. 6(1)(c) GDPR): Tax records, legal compliance

4. How We Use Your Data

4.1 Service Provision

  • Creating and managing your user account
  • Providing access to tier-based content
  • Processing achievements and virtual currencies
  • Enabling community features (forums, comments)

4.2 Communication

  • Sending important account and service updates
  • Responding to support requests
  • Newsletter and promotional emails (with consent)
  • Community notifications and mentions

4.3 Analytics and Improvement

  • Understanding how our website is used
  • Improving user experience and features
  • Identifying and fixing technical issues
  • Security monitoring and fraud prevention

5. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

5.1 Service Providers

  • Hosting: Our server provider for website hosting
  • Email: Email service providers for communications

5.2 Legal Requirements

We may disclose data when required by law, court order, or to protect our rights and safety.

6. Data Retention

  • Account Data: Stored as long as your account is active or as needed to comply with legal obligations
  • Session Tokens: Deleted when your session ends
  • Feedback Logs: Retained until the issue is resolved or feedback is no longer relevant
  • Forum Posts: Retained for community continuity (username anonymized on account deletion)
  • Legal/Tax Records: 7 years as required by Austrian law

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent for consent-based processing

To exercise these rights, contact us at privacy@aerraflow.com

8. Cookies and Tracking

We use cookies for:

  • Essential: Session management, authentication, security
  • Analytics: Self-hosted, privacy-focused analytics (no third-party tracking)
  • Preferences: Saving your settings and preferences

See our Cookie Policy for detailed information.

9. International Data Transfers

Your data is primarily processed within the European Union. Any transfers outside the EU are made with appropriate safeguards in place, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

10. Data Security

We implement appropriate technical and organizational measures:

  • Encryption of data in transit and at rest
  • Secure server infrastructure with regular updates
  • Access controls and authentication systems
  • Regular security audits and monitoring
  • Staff training on data protection

11. Age Requirements and Children's Privacy

Our service is restricted to users 18 years of age or older. This global age requirement ensures compliance with international regulations and provides a consistent experience for our worldwide user base.

We do not knowingly collect personal data from individuals under 18. If we become aware of such collection, we will delete the data immediately and terminate the account.

Global Compliance: This 18+ requirement ensures compliance with the most restrictive international regulations and eliminates complex age verification processes across different jurisdictions.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify users of material changes via email or website notice
  • For significant changes, we may seek renewed consent where required

13. Complaints

If you have concerns about our data processing, you can:

  • Contact us directly at privacy@aerraflow.com
  • File a complaint with the Austrian Data Protection Authority (Datenschutzbehörde)
  • Contact any EU supervisory authority in your country of residence

Austrian Data Protection Authority

Website: dsb.gv.at

Email: dsb@dsb.gv.at

14. Contact Us

For any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@aerraflow.com

Mail: Aerra Flow e. U., Neustraße 7/2, 4522 Sierning, Austria

Subject Line: "Privacy Inquiry" for faster processing

15. Hora Game-Specific Data Collection

Our game "Hora" has specific data collection practices separate from our main platform:

15.1 Twitch Integration for Voting System

  • Purpose: Temporary chat data collection for in-game voting system
  • Data Collected: Twitch chat messages during voting sessions
  • Storage: Data is stored temporarily and deleted on the fly
  • Retention: Used only for connecting and validation processes, then immediately deleted
  • Legal Basis: Legitimate interest in providing game functionality

15.2 Steam Integration for Feedback and Bug Reports

  • Purpose: Bug report tracking and feedback management
  • Data Collected: Steam ID when users submit feedback or bug reports
  • Storage: Steam ID stored for feedback tracking purposes
  • Retention: Stored for up to 30 days maximum, then automatically deleted
  • Legal Basis: Legitimate interest in game improvement and technical support

15.3 Error Logs and Crash Reports

  • Purpose: Technical issue identification and game stability improvement
  • Data Collected: Error logs that may contain player names or identifiers
  • Storage: Logs saved automatically when errors occur
  • Retention: Approximately one month, then automatically deleted
  • Legal Basis: Legitimate interest in maintaining game quality and user experience

15.4 Data Rights for Hora

You have the same GDPR rights for Hora-specific data:

  • Right to access your Hora-related data
  • Right to request deletion of your Steam ID from feedback systems
  • Right to object to data processing

Contact us at privacy@aerraflow.com for Hora-specific data requests.

⚠️

Something went wrong

An error has occurred. This application may no longer respond until reloaded.