Privacy Policy - Roleplay Project

1. Introduction

This Privacy Policy explains how Phytoventures Ltd ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the Roleplay Project game server, website, User Control Panel, and related services (the "Service").

Phytoventures Ltd is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Phytoventures Ltd

Belmont Suite, Chorley New Road

Horwich, Bolton, England, BL6 6HG

Company Number: 16388003

Registered with the Information Commissioner's Office (ICO)

We are committed to protecting your privacy and handling your personal data in compliance with the UK GDPR and all applicable data protection legislation.

2. What Data We Collect

We collect and process the following categories of personal data:

2.1 Account Data

When you register an account, we collect:

Username
Email address
Password (stored in hashed form only; we never store plaintext passwords)

2.2 Connection Data

When you connect to the Service, we automatically collect:

IP address
Social Club name (as provided by the RAGE Multiplayer client)
Hardware identifiers provided by the game client
Date and time of connection

2.3 Gameplay Data

During your use of the Service, we collect:

Character information (names, descriptions, in-game actions)
In-game financial transactions and balances
Chat messages and communications made through the Service
Playtime statistics
Settings and preferences

2.4 Website Data

When you access our website or UCP, we may collect:

Browser type and version
Device information
Pages visited and actions taken
Authentication tokens (stored in cookies)

3. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 of the UK GDPR:

Purpose	Legal Basis
Providing the Service and managing your account	Performance of a contract (Art. 6(1)(b))
Preventing cheating, abuse, and maintaining server integrity	Legitimate interests (Art. 6(1)(f))
Enforcing our Terms of Service and server rules	Legitimate interests (Art. 6(1)(f))
Logging IP addresses and connection data for security	Legitimate interests (Art. 6(1)(f))
Responding to support requests	Performance of a contract (Art. 6(1)(b))
Complying with legal obligations	Legal obligation (Art. 6(1)(c))

4. How We Use Your Data

We use your personal data to:

Create and manage your account;
Provide, maintain, and improve the Service;
Authenticate your identity when you log in;
Process in-game actions and maintain game state;
Detect, prevent, and address cheating, exploits, and abuse;
Enforce our Terms of Service and server rules, including issuing bans;
Communicate with you regarding your account, including admin notifications;
Generate anonymised, aggregate statistics for public display (e.g., total player count);
Comply with applicable legal obligations.

We do not sell your personal data to third parties. We do not use your personal data for marketing purposes unless you explicitly opt in.

5. Data Storage and Security

Your personal data is stored on secure servers. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction, including:

Passwords are hashed using bcrypt with a secure salt;
Database access is restricted and credentials are stored securely;
Authentication tokens use JSON Web Tokens (JWT) with time-limited expiry;
Rate limiting is applied to prevent brute-force attacks;
HTTPS encryption is used for all web traffic.

While we take reasonable precautions, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specific retention periods are as follows:

Account data: Retained for the lifetime of your account and for up to 12 months after account deletion;
Connection logs (IP addresses): Retained for up to 12 months;
Gameplay data: Retained for the lifetime of your account;
Chat logs: Retained for up to 6 months;
Ban records: Retained indefinitely for the purposes of server integrity and abuse prevention.

When data is no longer required, it will be securely deleted or anonymised.

7. Data Sharing

We do not sell, rent, or trade your personal data. We may share your data only in the following limited circumstances:

Service providers: We may share data with trusted third-party service providers who assist in operating the Service (e.g., hosting providers, database services), subject to appropriate data protection agreements;
Legal requirements: We may disclose data if required to do so by law, court order, or governmental regulation;
Protection of rights: We may disclose data to protect the rights, property, or safety of Phytoventures Ltd, our users, or others.

8. International Transfers

Your data is primarily stored and processed within the United Kingdom. If we transfer data outside the UK, we will ensure appropriate safeguards are in place as required by UK GDPR, including Standard Contractual Clauses or adequacy decisions.

9. Cookies

We use strictly necessary cookies to operate the Service. These include:

Authentication cookies: Used to keep you logged in to the UCP. These are session-based or have a limited expiry period;
Security cookies: Used for rate limiting and CSRF protection.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. The YouTube video embedded on our homepage may set cookies governed by Google's privacy policy; this embed is loaded only on the homepage and can be blocked by your browser.

10. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of access: You have the right to request a copy of the personal data we hold about you;
Right to rectification: You have the right to request correction of inaccurate or incomplete personal data;
Right to erasure: You have the right to request deletion of your personal data, subject to certain legal exceptions (e.g., we may retain ban records);
Right to restriction: You have the right to request restriction of processing in certain circumstances;
Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format;
Right to object: You have the right to object to processing based on legitimate interests;
Right to withdraw consent: Where processing is based on consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details provided in Section 13. We will respond to your request within one month, as required by law.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting the revised policy on this page. The "Last updated" date at the top of this page will be revised accordingly. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint about how we handle your data, you may contact us at:

Phytoventures Ltd

Belmont Suite, Chorley New Road

Horwich, Bolton, England, BL6 6HG

Company Number: 16388003

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated:

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Website: ico.org.uk