Void Sector Privacy Policy
This Privacy Policy explains how Wnntyl ("we", "us", "our") processes personal data when you use the Void Sector web game and related services. This policy applies to data processed through the Void Sector web application.
1. Definitions
- Service: the Void Sector web game, website pages, and supporting functionality.
- Personal data: information relating to an identified or identifiable person.
- Processing: any operation on personal data, such as collection, storage, use, disclosure, or deletion.
- Controller: Wnntyl, which determines the purposes and means of processing.
2. Data We Collect
2.1 Account and authentication data
- Internal user identifier (user ID)
- Username and optional display name
- Authentication provider (for example, Google)
- External authentication subject identifier
- Email address received from the authentication provider (if provided)
2.2 In-game and user-generated content
- Player messages and message metadata (sender, owner, timestamps, read status)
- Reported messages and moderation notes
- User feedback submissions
- Game reports and logs related to gameplay events
2.3 Moderation and safety data
- Mute and ban status
- Mute and ban reasons
- Review timestamps and status updates for moderation actions
2.4 Analytics and technical event data
- Event name, event source, timestamp, app version
- User ID and optional planet ID where relevant to gameplay analytics
- Event payload data supplied by server or approved client event schemas
- Consent status for tracking checks
- Salted SHA-256 hashes of IP address and User-Agent (not raw values)
- Session marker used for security/analytics context (for example, cookie-auth marker)
3. How We Use Data and Legal Bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide core gameplay, account login, and save game progress | Performance of a contract (Art. 6(1)(b)) |
| Run security checks, prevent abuse, and moderate content | Legitimate interests (Art. 6(1)(f)) |
| Collect optional preference data and client-side preference persistence | Consent (Art. 6(1)(a)) |
| Service analytics, balancing, troubleshooting, and reliability | Legitimate interests (Art. 6(1)(f)); consent where required by law |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Cookies and Similar Technologies
Void Sector uses cookie consent controls. Essential cookies are always active for core service functionality. Optional preference cookies and preference storage are only persisted after consent. If consent is rejected, optional preference cookies are removed and a short rejection marker is set to avoid showing the banner repeatedly.
4.1 Essential cookies
| Name | Purpose | Retention |
|---|---|---|
.AspNetCore.Cookies |
Authentication session and account security | Up to 30 days with sliding renewal while active |
GuestPersistentId |
Persistent guest account continuity | 30 days |
| ASP.NET anti-forgery cookie (name may vary) | CSRF protection for form and endpoint safety | Session-based or framework-managed |
.AspNetCore.Culture |
Remember selected language/culture for localized UI. Not used for analytics or behavioral tracking. | 1 year |
4.2 Preference cookies (set after consent)
| Name | Purpose | Retention |
|---|---|---|
activeTab |
Remember active UI tab | Up to 1 year |
planetId |
Preference support for selected game context | If used, up to 1 year unless removed earlier |
voidsector_consent_rejected |
Stores recent consent rejection state | 7 days |
4.3 Consent endpoints
POST /cookie/accept: grants tracking consent and enables preference persistence.POST /cookie/reject: withdraws consent, removes preference cookies, and setsvoidsector_consent_rejected.
5. Analytics
Void Sector uses internal analytics events for product reliability and gameplay improvements. By default configuration, analytics retention is 90 days, after which older analytics events are deleted by automated retention cleanup.
We do not store raw IP addresses or raw User-Agent strings in analytics records. Instead, salted SHA-256 hashes are stored.
6. Data Sharing and Third Parties
We share data only when needed to provide the Service or meet legal obligations. Based on the current implementation, the explicitly named third-party recipient is:
- Google OAuth: used for account authentication when users choose Google sign-in.
We do not list advertising SDK partners because such integrations are not part of the current Void Sector web implementation.
7. International Transfers
Some processing may involve cross-border data transfers (for example, through external authentication providers). Where required, we rely on appropriate safeguards under applicable law.
8. Data Retention
- Account and gameplay data is retained while your account is active and as needed to provide the Service.
- Analytics event retention is configured to 90 days by default.
- UGC, moderation, and support-related records may be retained for safety, abuse prevention, dispute handling, and legal compliance.
- When data is no longer needed, we delete it or anonymize it where feasible.
9. Security Measures
- TLS/HTTPS is used in production environments.
- Authentication cookies are configured with Secure, HttpOnly, and SameSite protections.
- Access to administrative functions is restricted.
- We apply technical and organizational measures designed to reduce unauthorized access and misuse.
10. Your Rights
Depending on your location and applicable law, you may have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Request restriction of processing
- Object to processing based on legitimate interests
- Withdraw consent at any time (where processing is based on consent)
- Lodge a complaint with a competent data protection authority
We aim to respond to verified privacy requests within 30 days, subject to legal exceptions and complexity.
11. Children's Privacy
Void Sector is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact us and we will review and remove data as appropriate.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted in an updated version of this document. The "Last updated" date reflects the latest revision date.
13. Contact
For privacy questions or to exercise your rights, contact us at: stable.raccoon@gmail.com