Privacy Policy

Last updated: March 1, 2026

1. Introduction

EH ("we," "us," or "our") operates Crimson Syndicate, a free-to-play browser-based RPG available at crimsonsyndicate.se. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our game and related services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and United Kingdom.

2. Data We Collect

We collect the following categories of data:

Account Data

Username, email address, and password (encrypted)
Registration date and last login
Account preferences and settings

Gameplay Data

In-game progress, stats, inventory, and achievements
Messages sent in chat or mail
Actions taken within the game (e.g., transactions, fights)

Technical Data

IP address
Browser type and version, user-agent string
Device and operating system information
Log data (e.g., access times, pages visited)

Cookies and Similar Technologies

Session cookies for authentication and game functionality
Preference cookies for settings
Analytics cookies (where we use analytics services)

3. How We Use Your Data

We use your data to:

Provide, operate, and maintain Crimson Syndicate
Authenticate your identity and manage your account
Process and deliver in-game transactions
Enforce our Terms of Service and Game Rules
Detect and prevent fraud, cheating, and abuse
Respond to support requests and communications
Analyze usage to improve the game and user experience
Send service-related notifications (e.g., password resets, security alerts)
Comply with legal obligations

4. Legal Basis for Processing (GDPR Article 6)

For users in the EEA and UK, we process your personal data on the following lawful bases:

Contract performance: To provide the game and fulfill our Terms of Service.
Consent: Where you have given explicit consent (e.g., marketing emails, optional cookies).
Legitimate interests: To secure the game, prevent fraud, improve services, and enforce rules, where such interests are not overridden by your rights.
Legal obligation: To comply with applicable laws (e.g., tax, anti-money laundering, law enforcement requests).

You may withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Data Retention

We retain your data only for as long as necessary to fulfill the purposes described in this policy:

Account data: Retained for the duration of your account plus a period required for legal, security, or dispute resolution purposes (typically up to 3 years after account closure).
Gameplay data: Retained for the duration of your account; backups may be retained for a limited period.
Log and technical data: Typically retained for a limited period (e.g., 6–12 months) for security and troubleshooting.
Legal obligations: Some data may be retained longer where required by law.

6. Data Sharing / Third Parties

We do not sell your personal data. We may share your data with:

Service providers: Hosting, payment processing, analytics, and email delivery services that assist in operating the game, under strict data processing agreements.
Legal authorities: When required by law, court order, or to protect our rights and safety.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred; we will notify you of any change in control.

Third parties are contractually required to use your data only for the purposes we specify and to protect it in line with this policy.

7. Cookies & Tracking

We use cookies and similar technologies (e.g., localStorage) as follows:

Session cookie — required while you play (logged-in session). Strictly necessary to run the game you asked to use.
“Keep me logged in” — optional. We only set this if you tick the box on login; it keeps your session on that device until you log out or the token expires. You can refuse it by leaving the box unticked.
Preferences — e.g. theme or UI choices where stored in the browser.
Analytics — only if we add analytics later; we would describe it here and, where the law requires it, ask for consent before non-essential cookies run.

Consent banners: Under EU/UK rules, strictly necessary cookies (session, and your choice for “keep me logged in”) do not require a separate cookie accept/refuse popup before play—the service cannot work without a session. If we add non-essential cookies (e.g. marketing or optional analytics), we will ask for consent where required. We do not use third-party advertising cookies. See also our Terms of Service.

You can clear cookies and site data in your browser at any time; you will need to log in again.

8. Your Rights Under GDPR

If you are in the EEA, UK, or another jurisdiction with similar rights, you may exercise the following:

Right of access: Request a copy of your personal data we hold.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your data, subject to legal exceptions.
Right to restriction: Request that we restrict processing in certain circumstances.
Right to data portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
Right to lodge a complaint: Complain to a supervisory authority (e.g., your local data protection authority).

To exercise these rights, contact us at the address provided in Section 13. We will respond within one month. You may also have the right to use in-game or website tools to access, export, or delete your data.

9. Children's Privacy

Crimson Syndicate is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you are under 13, please do not register or provide any personal information.

If you are between 13 and 18, we recommend that you use the game with parental or guardian consent. Parents or guardians who believe we have collected data from a child under 13 should contact us immediately; we will take steps to delete such data.

10. International Data Transfers

Your data may be processed in countries outside your residence, including countries that may not provide the same level of data protection. When we transfer data from the EEA or UK to other countries, we use appropriate safeguards such as:

Standard contractual clauses approved by the European Commission
Adequacy decisions
Other mechanisms permitted under GDPR

You may request details of the safeguards we use by contacting us.

11. Data Security

We implement technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

Encryption of passwords and sensitive data
Secure hosting and network security
Access controls and employee training
Regular reviews of our security practices

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-game notice, email (where applicable), or by posting the updated policy on our website. The "Last updated" date at the top reflects the date of the most recent revision.

Your continued use of Crimson Syndicate after the effective date of changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact / Data Protection Officer

For privacy-related questions, to exercise your rights, or to contact our Data Protection Officer (where applicable):

EH
Email: contact@crimsonsyndicate.se
Subject line: Privacy Request / GDPR

We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR requests).