Electus Online respects your privacy. This Privacy Policy explains what information we collect when you use the Electus Online website, game client, and mobile app, how we use it, who we share it with, and the rights you have over your data.

1. Information We Collect

(A) Information you provide directly

• Account details: username, email address, phone number, hashed password.
• Identity / age: by registering you confirm you are at least 13 years old (16 in EU territories).
• Communications: the content of any support tickets, emails, or Discord messages you send us.
• Purchases: transaction reference, item purchased, and the third-party payment provider used. We do not store full card numbers.

(B) Information we collect automatically

• Technical: IP address, browser user-agent, device identifiers, HWID (a hardware fingerprint used to enforce account / anti-cheat rules).
• Approximate location: derived from your IP (country / region only).
• Gameplay telemetry: login times, in-game IP, anti-cheat signals, character actions relevant to fair-play enforcement.
• Cookies and local storage: see the Cookies section below.

(C) Information from third parties

• Delivery / read status from Infobip (our WhatsApp + SMS provider) when we send you OTP and account-recovery messages.
• Anonymized performance metrics from analytics or anti-fraud services where applicable.

2. Phone Numbers (WhatsApp & SMS)

Your phone number is collected at registration and used solely for:

• Account-creation OTP verification (WhatsApp, with SMS fallback for countries where WhatsApp is unavailable).
• Password recovery and Account-ID recovery flows.
• One-time alerts you explicitly opt into.

OTP and recovery messages are delivered through Infobip, a CPaaS provider, and (for WhatsApp) Meta. Both process your phone number under their own privacy terms in order to deliver the message. We do not share phone numbers with any other third party, and we do not use them for marketing.

3. How We Use Your Information

• To create, secure, and operate your account.
• To process purchases and grant in-game items / silk.
• To respond to support requests and customer-service correspondence.
• To detect, investigate, and prevent fraud, cheating, and abuse (including HWID / IP analysis).
• To send you transactional notices (e.g. password resets, security alerts, important service notices).
• For internal analytics to improve the service.

4. Who We Share Information With

• Payment processors (Hippo, crypto-payment gateway, resellers) — the minimum needed to complete a transaction.
• Infobip / Meta — phone numbers for OTP / recovery delivery.
• Hosting and infrastructure providers — servers, CDN, backup services.
• Law enforcement or legal authorities — only when legally required.

We do not sell your personal data, ever.

5. Cookies and Tracking

We use a small number of cookies and similar storage to:

• Keep you logged in (session cookie).
• Remember your language preference.
• Protect forms against CSRF.

We do not use third-party advertising cookies. You can clear or block cookies via your browser settings, but some features (login, language switching) will stop working if you do.

6. Data Retention

We retain personal data only for as long as needed:

• Active account data: while your account exists, plus 24 months after the last login.
• Support tickets: 24 months after the ticket closes.
• Anti-cheat / HWID / IP logs: up to 36 months for fraud-prevention purposes.
• Transaction records: as required by applicable accounting / tax law (typically 5–10 years).

7. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") — ask us to delete your data, subject to anti-fraud / legal-retention exceptions.
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a portable format.
• Withdraw consent at any time for processing based on consent.
• Lodge a complaint with your local data-protection authority (e.g. KVKK in Türkiye, your national DPA in the EU).

To exercise any of these rights, submit a support ticket or email us at electusonline@gmail.com. We will respond within 30 days.

8. Security

We use industry-standard methods to protect your data: hashed passwords (never stored in plaintext), HTTPS for all traffic, restricted server access, and regular backups. No system is perfectly secure, but we take reasonable steps to reduce risk.

9. Children

Electus Online is not intended for users under 13 (or under 16 in the EU). We do not knowingly collect personal data from children under those ages. If you believe a child has provided us with personal information, contact us so we can delete it.

10. International Transfers

Our servers and some processors (Infobip, Meta) operate internationally. By using Electus Online you consent to the transfer of your data outside your country, with safeguards equivalent to those in your jurisdiction where applicable.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be announced on the website. The "Last Updated" date at the top reflects the latest revision.