Privacy Policy

Effective Date: February 15, 2026

Last Updated: March 27, 2026

1. Introduction

Dalores Industries LLC ("we", "us", "our") operates PolisForge ("the Platform", "the Service"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Platform.

We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of PolisForge worldwide and addresses our obligations under applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other relevant regulations.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Platform.

2. Data We Collect

2.1 Account Data

When you register for an account, we collect:

  • First name and last name
  • Email address
  • Account password (stored in hashed form only)

2.2 Game Data

As you use the Platform, we collect data related to your gameplay:

  • Nation or corporation details (name, description, slogan, flag image, leader photo)
  • In-game actions, decisions, and transactions
  • Alliance memberships and diplomatic interactions
  • In-game communications and messages
  • Game preferences and settings (theme, language)

2.3 Security and Technical Data

To protect the Platform and its users, we automatically collect:

  • IP address
  • Browser type, version, and language
  • Device characteristics and fingerprint data (for bot detection and security)
  • Login timestamps and session data
  • Pages visited and actions taken on the Platform

2.4 Data We Do NOT Collect

We want to be transparent about the types of data we do not collect:

  • Health or medical data: We do not collect any health-related information. HIPAA (Health Insurance Portability and Accountability Act) does not apply to our services.
  • Financial or payment card data: We do not store credit card numbers, bank account details, or other financial instrument data on our servers. All payment processing is handled securely by Stripe, a trusted third-party payment processor. Your full card details are sent directly to Stripe and never touch our systems.
  • Social security numbers or government-issued identification numbers
  • Precise geolocation data: We do not track your real-time geographic location
  • Biometric data: We do not collect fingerprints, facial recognition data, or similar biometric identifiers

3. How We Use Your Data

We use the data we collect for the following purposes:

3.1 Service Operation

  • Creating and managing your account
  • Providing the core gameplay experience
  • Processing in-game actions and maintaining game state
  • Communicating with you about your account and the Service

3.2 Security and Fraud Prevention

  • Detecting and preventing unauthorized access, fraud, and abuse
  • Advanced bot detection and automated access prevention
  • Monitoring for suspicious login activity and account compromise
  • Enforcing our Terms and Conditions
  • Rate limiting and brute-force protection

3.3 Service Improvement

  • Understanding how users interact with the Platform
  • Diagnosing technical issues and improving performance
  • Developing new features and improving existing ones

3.4 Legal Basis for Processing (GDPR)

For users in the European Union, European Economic Area, and United Kingdom, we process your data under the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing necessary to provide you with the Service (account data, game data)
  • Legitimate Interest (Article 6(1)(f)): Processing for security, fraud prevention, and service improvement, where our interests do not override your fundamental rights
  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as agreeing to these terms
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with legal obligations

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Data

Dalores Industries LLC does not sell, rent, or trade your personal data to third parties. This applies to all users, including California residents under the CCPA/CPRA.

We do not sell or share your data with Stripe or any other service provider beyond what is strictly necessary to process your payment. Stripe receives only the minimum information required to complete a transaction and is contractually prohibited from using your data for any other purpose.

4.2 Limited Sharing

We may share your data only in the following limited circumstances:

  • Service Providers: We work with hosting and infrastructure providers who process data on our behalf under strict contractual obligations to protect your information
  • Payment Processing (Stripe): We use Stripe as our third-party payment processor. When you make a payment, Stripe receives your payment card details, billing address, and transaction amount to complete the transaction securely. Stripe processes this data under its own privacy policy and PCI-DSS compliance standards. We do not store your full card details on our servers. We use Stripe temporarily while we grow our infrastructure, and we do not sell, share, or provide Stripe with any of your personal data beyond what is required to process your payment. To learn more about how Stripe handles your data, visit Stripe's Privacy Policy.
  • Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction, subject to the same privacy protections

4.3 Public Game Data

Certain game-related data is visible to other users as part of the gameplay experience, including your nation name, ruler name, nation statistics, flag, leader photo, alliance memberships, and other in-game public information. This visibility is inherent to the simulation nature of the Platform.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS encryption
  • Passwords are hashed using industry-standard algorithms and are never stored in plain text
  • Multi-factor authentication (MFA) is available and recommended for all accounts
  • Session data is encrypted with automatic timeouts for inactive sessions
  • Rate limiting and brute-force protection are applied to login and sensitive endpoints
  • Advanced bot detection systems monitor for automated and suspicious activity
  • Regular security monitoring, logging, and review of access patterns
  • Device recognition systems to detect and alert on suspicious login activity

While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly addressing any security incidents.

6. Data Retention

  • Active Accounts: Your data is retained for as long as your account remains active and is necessary to provide the Service
  • Deleted Accounts: Upon account deletion, your personal data will be purged from our systems within 30 days, except where retention is required by law
  • Security Logs: Security-related logs (login attempts, IP addresses, security events) are retained for 90 days for fraud prevention and security purposes, after which they are automatically deleted
  • Legal Obligations: We may retain certain data for longer periods where required by applicable law (e.g., tax regulations, legal proceedings)

7. Your Rights

7.1 Rights for All Users

Regardless of your location, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete personal data
  • Deletion: Request deletion of your personal data through your Account Settings
  • Data Portability: Request your data in a structured, commonly used format

7.2 Additional Rights for EU/EEA/UK Users (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you additionally have the right to:

  • Restrict Processing: Request restriction of processing of your personal data in certain circumstances
  • Object to Processing: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal
  • Lodge a Complaint: Lodge a complaint with your local Data Protection Authority (supervisory authority)

7.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you additionally have the right to:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out of Sale: We do not sell personal data, but you may still exercise this right
  • Right to Correct: Request correction of inaccurate personal information
  • Non-Discrimination: You will not be discriminated against for exercising your privacy rights

7.4 Exercising Your Rights

To exercise any of these rights, you may:

  • Use the Account Settings within the Platform to manage your data directly
  • Call us at +1 (386) 666-3693

We will respond to verified requests within 30 days (or within the time frame required by applicable law). We may request additional information to verify your identity before processing your request.

8. Cookies and Tracking

8.1 Cookies We Use

  • Session Cookies: Essential cookies required for authentication and maintaining your logged-in state. These are strictly necessary for the Platform to function and cannot be disabled.
  • Preference Cookies: Cookies that store your language and theme preferences

8.2 Cookies We Do NOT Use

  • Third-party advertising or tracking cookies
  • Analytics cookies from third-party services (e.g., Google Analytics)
  • Social media tracking pixels or widgets
  • Cross-site tracking cookies

We do not participate in any advertising networks or share cookie data with third parties.

9. Children's Privacy

PolisForge is not directed at or intended for children under the age of 13 (or under 16 in the European Union, in compliance with GDPR). We do not knowingly collect personal information from children under these age thresholds.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we discover that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete that information from our systems.

If you are a parent or guardian and believe your child has provided us with personal information, please call us at +1 (386) 666-3693 so we can take appropriate action.

10. International Data Transfers

PolisForge is operated from the United States. If you are accessing the Platform from outside the United States, your data may be transferred to, stored, and processed in the United States.

For users in the European Union, European Economic Area, and United Kingdom:

  • Data transfers to the United States are conducted in compliance with applicable data protection laws
  • We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as a legal mechanism for cross-border data transfers
  • We ensure that transferred data receives an adequate level of protection consistent with the GDPR

By using the Platform, you acknowledge and consent to the transfer of your data to the United States, subject to the protections described in this Privacy Policy.

11. CAN-SPAM Compliance

In compliance with the CAN-SPAM Act, we commit to the following:

  • We will not use false or misleading subjects or email addresses
  • We will identify emails as advertisements where applicable
  • We will include our physical address or a valid mailing address in communications
  • We will honor opt-out and unsubscribe requests promptly
  • We will process unsubscribe requests within 10 business days

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you through:

  • A prominent notice on the Platform
  • An email to the address associated with your account
  • An update to the "Last Updated" date at the top of this document

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Dalores Industries LLC

Support: +1 (386) 666-3693

For EU/EEA/UK users who wish to raise a concern with a supervisory authority, you may contact your local Data Protection Authority.