This Privacy Policy explains what personal data The Oathless collects, why, how it is used, who it is shared with, and the rights you have over it. It is written to meet the UK GDPR and the Data Protection Act 2018, and the EU GDPR for players in the EU.
The data controller for The Oathless is Lawrence Murrell, a sole trader based in the United Kingdom, trading as "The Oathless" ("we", "us", "our"). For any privacy question or to exercise your rights, contact us at Quoeiza@theoathless.com.
| Category | Examples |
|---|---|
| Account identifiers | Email address (if you register with email); Discord user ID and username (if you sign in with Discord); your internal game account and character identifiers. |
| Authentication data | Your password is handled by our authentication provider (PlayFab) and is stored by them in a secured, hashed form. We never see or store your password in plain text. |
| Gameplay data | Character names, class, equipment, inventory, stash, level and experience, and lifetime statistics such as matches played, kills, deaths, playtime, and currency earned. |
| Chat & user content | Messages you send in in-game chat and names you choose. These may be logged for safety and moderation. |
| Technical & connection data | IP address, approximate region derived from it, browser/device information, and connection and server logs used for security, abuse prevention, and diagnostics. |
| Purchase data (future) | When paid cosmetics launch, a record of your transactions (item, date, amount). Card payments will be processed by a third-party payment provider; we will not store full card numbers. |
| Support data | Any information you give us when you contact us by email. |
We do not deliberately collect special-category data (such as health, religion, or political views). Please do not share such information in chat.
| Purpose | Lawful basis (UK/EU GDPR) |
|---|---|
| Create and manage your account; save and load your characters and progress; run multiplayer matches. | Performance of a contract with you. |
| Operate chat and transmit messages to other players in your session. | Performance of a contract; our legitimate interest in providing social features. |
| Keep the Game secure: prevent cheating, fraud, abuse, and unauthorised access; moderate chat; investigate breaches of our Terms. | Our legitimate interests in protecting the Game and our players. |
| Diagnose problems, analyse aggregated gameplay, and improve and balance the Game. | Our legitimate interests in maintaining and improving the service. |
| Process purchases and keep transaction records (once paid content launches). | Performance of a contract; compliance with legal obligations (e.g. tax and accounting). |
| Respond to your support requests. | Our legitimate interests; performance of a contract. |
| Send optional, non-essential communications, if we ever offer them. | Your consent, which you can withdraw at any time. |
Where we rely on legitimate interests, we have weighed those interests against your rights and consider the processing proportionate and expected for an online multiplayer game.
We do not sell your personal data. We share it only with the service providers we need to run the Game, who act as our processors or as independent controllers for their part of the service:
| Provider | Role |
|---|---|
| Microsoft / PlayFab | Stores your account and game data and provides authentication. Data may be processed on servers outside the UK/EEA, including the United States. |
| Discord | Provides optional sign-in (OAuth) and hosts the Game as a Discord Activity. If you sign in with Discord, we receive your Discord user ID and username. Discord's own handling of your data is governed by its privacy policy. |
| Hetzner Online GmbH | Hosts our game server, located in the European Union (Germany). |
| itch.io | Where you launch the Game via itch.io, the page is embedded from our servers; itch.io's own terms and privacy policy also apply. |
| Payment provider (future) | When paid cosmetics launch, a payment processor will handle card transactions. We will name it here before any purchases go live. |
We may also disclose data where required by law, to enforce our Terms, or to protect the rights, safety, and property of us, our players, or the public.
Some of our providers (notably Microsoft/PlayFab and Discord) may process data outside the United Kingdom and the European Economic Area, including in the United States. Where data is transferred outside the UK/EEA, we rely on appropriate safeguards such as UK and EU adequacy decisions or standard contractual clauses (including the UK International Data Transfer Addendum). You can ask us for more detail using the contact above.
The Game does not use advertising or tracking cookies. It uses your browser's local storage to remember settings such as your preferences, UI scale, zoom level, and the last version you played. This is necessary for the Game to function and is not used to track you across other websites.
Under UK and EU data protection law you have the right to:
To exercise any of these, email Quoeiza@theoathless.com. We will respond within the timescales set by law (normally one month).
The Game is intended for players aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has given us their data, contact us and we will delete it. Where a higher age of digital consent applies in your country, that age applies to you.
We use reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), secured credential handling through our authentication provider, and access controls on our servers. No online service can be completely secure, so we cannot guarantee absolute security, but we take protecting your data seriously and will notify you and the relevant regulator of a serious breach where the law requires.
If a security incident involves data we received through Discord sign-in, we will also notify Discord, in line with our obligations as a Discord developer, in addition to notifying you and the relevant regulator where the law requires.
If you have a concern about how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to a data protection authority. In the UK, that is the Information Commissioner's Office (ICO), ico.org.uk. If you live in the EU, you may complain to the supervisory authority in your country.
We may update this Privacy Policy from time to time. The "Last updated" date above shows the latest revision. If we make material changes, we will take reasonable steps to bring them to your attention through the Game or this page.