Last updated: July 2026
1. Data Controller
Controller: ZoneVerse / ZoneNations — Veilborn Chronicles.
Privacy contact: privacy@zonenations.com
For users in the European Union, European Economic Area, and United Kingdom, we act as data controller under Regulation (EU) 2016/679 (GDPR) and the UK GDPR as retained and applied by the Data Protection Act 2018.
2. Personal Data We Process
- Account data: username, email address, password stored in encrypted form, language preference.
- Game data: character name, lineage, statistics, Chronicle progress, Coven membership, achievements, journal entries, Veil War scores.
- Virtual world data: avatar identifier assigned by the grid, display name, region sync events, optional codes to link account and in-world accessory.
- Commerce data: order history, purchased product reference, ZoneCoin transactions (we do not store full card details on our servers).
- Technical data: IP address, browser type, session cookies, activity logs with date, action performed, and outcome.
- NPC character dialogue (where enabled): anonymised excerpts for moderation and safety — not used for personalised advertising.
3. Purposes and Legal Bases
- Performance of contract (Art. 6(1)(b) GDPR): account creation and management, character persistence, purchase delivery, in-world accessory synchronisation.
- Legitimate interests (Art. 6(1)(f) GDPR): fraud and cheat prevention, security logging, aggregated statistics, season rankings — balanced against your rights and freedoms.
- Consent (Art. 6(1)(a) GDPR): optional marketing communications and non-essential cookies, where required by law.
- Legal obligation (Art. 6(1)(c) GDPR): retention of accounting or tax records where applicable.
4. Recipients and Processors
Data may be accessed by authorised ZoneVerse personnel and by providers supplying hosting, email, payment, or technical support services, bound by contract and only to the extent necessary to deliver the Service.
We do not sell your personal data. We disclose data to public authorities only where required by law or court order.
5. Retention Periods
We retain active account data for as long as you maintain your account. Following a deletion request, we delete or anonymise data within a maximum of 90 days, except security logs kept for up to 12 months for legal obligations or defence of claims. Backup copies may persist for up to 30 additional days before being overwritten.
6. Your Rights
Depending on your location, you may request access, rectification, erasure, restriction, portability, and objection to processing based on legitimate interests, and withdraw consent where processing relies on it (Articles 15–22 GDPR).
Send requests to privacy@zonenations.com. We normally respond within 30 days (GDPR) or 45 days (CCPA). You may lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are in the United Kingdom, or with the supervisory authority of your EU member state.
7. Users in the United Kingdom (UK GDPR and ICO)
In addition to the UK GDPR, the Data Protection Act 2018 and guidance from the Information Commissioner's Office (ICO) apply to processing affecting UK residents. You have rights including access, rectification, erasure, restriction, data portability, and objection, as well as protection against solely automated decisions with significant effects outside the normal scope of gameplay.
ZoneVerse applies appropriate diligence when processing data relating to minors in line with the minimum age stated in this policy and the ICO's Age Appropriate Design Code where relevant. To exercise rights or raise concerns in the United Kingdom, contact us or the ICO.
8. International Transfers
Data may be processed on servers located in the European Union or other countries. Where data is transferred outside the European Economic Area or the United Kingdom without an adequacy decision, we apply Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement or Addendum, or other equivalent safeguards provided under the GDPR and UK GDPR.
You may request further information about applicable safeguards by writing to privacy@zonenations.com.
9. Security Measures
We implement appropriate technical and organisational measures — including password encryption, access controls, backups, and periodic log review — to protect data against unauthorised access, loss, or alteration.
No system is entirely infallible; we recommend using strong, unique passwords and notifying us of any incident affecting your account.
10. Cookies and Similar Technologies
We use strictly necessary cookies to maintain your login session, protect forms, and remember your language. Analytical or preference cookies, if used, will require your prior consent in the European Union and United Kingdom under the GDPR and UK GDPR.
You may manage cookies through your browser settings; disabling session cookies will prevent you from signing in to the portal.
11. California Residents (CCPA/CPRA)
We do not sell or share personal information for cross-context behavioural advertising. California residents may request information about categories collected, access, deletion, and correction, and may limit use of sensitive personal information where applicable under the CCPA and CPRA.
We do not discriminate for exercising privacy rights. Requests are handled within 45 days, extendable as permitted by law.
12. Automated Decisions and NPC Dialogue
Game mechanics may apply automatic server rules (for example, PvP limits or Chronicle outcomes). We do not make solely automated decisions with legal or similarly significant effects on you outside the scope of gameplay.
Where AI-assisted NPC character dialogue is enabled, excerpts may be reviewed in anonymised form for moderation; they are not used to build advertising profiles.
13. Marketing Communications
We will send promotional emails or newsletters only if you have given consent or another applicable lawful basis exists. You may unsubscribe at any time using the link in the message or by writing to privacy@zonenations.com.
Transactional communications relating to your account, security, or purchases may be sent even if you have not opted in to marketing.
14. Minors
The Service is not directed at anyone under 16 years of age. We do not knowingly collect data from persons below the applicable minimum age. If you believe a minor has registered, contact privacy@zonenations.com to request deletion.
15. Security Breaches
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority — in the United Kingdom, the ICO — within the timeframe required by the GDPR and UK GDPR, and where appropriate notify affected individuals without undue delay, describing the nature of the incident and measures taken.
16. Changes to This Policy
We will publish updates on this page with a revision date. Material changes affecting users in the European Union or United Kingdom will be communicated by appropriate means where required by the GDPR or UK GDPR.
For any privacy questions: privacy@zonenations.com.