Privacy Policy

Learn how Shinobi Revelations collects, stores, and protects your account and character data.

Last Updated: June 4, 2026

1. Introduction & Data Controller

Welcome to Shinobi Revelations. We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains what data we collect, how we store and protect it, and what rights you have under the General Data Protection Regulation (GDPR) and other European privacy directives.

The data controller for this website and the associated game server is the administration of Shinobi Revelations.

2. Data We Collect

We collect only the minimum amount of data required to provide a functional and secure game portal and game server. This includes:

  • Account Credentials: Account name, email address, and password. Your password is encrypted using a secure one-way hashing algorithm (SHA-1) and is never stored in plain-text.
  • Game & Character Data: Character names, vocations, level, skills, items, achievements, coordinates, and other progress metrics related to your in-game activity.
  • Connection Logs: Your IP address, date and time of connection, game client version, and hardware identifiers (for anti-cheat and security verification).

3. Purpose & Legal Basis of Processing

We process your personal data on the following legal bases:

  • Contractual Necessity: To create your account, manage your characters, log you into the game client, and process shop orders.
  • Legitimate Interests: To protect our servers against security threats, hacking, brute-force attacks, multi-accounting, and spamming (using IP-based rate limiting).

4. Cookies Disclosure

🔒 Strictly Necessary Cookies Only

Under the European GDPR and ePrivacy directive, cookies that are strictly necessary for the technical functionality of a website do not require active user consent banner popups. Shinobi Revelations uses only necessary, functional cookies:

  • next-auth.session-token: Stores session details to keep you securely logged in to your account.
  • next-auth.csrf-token: Protects your account and the portal from Cross-Site Request Forgery (CSRF) exploits.

We do not utilize any third-party tracking cookies, advertisement cookies, or marketing analytics (like Google Analytics or Facebook Pixels).

5. Data Security & Storage Period

We implement industry-standard security measures to safeguard your credentials. However, no database or transmission is 100% secure. You are responsible for using a unique, strong password.

Your account and character data are stored indefinitely as long as your account is active. If your account remains inactive for an extended period, it may be subject to deletion.

6. Your GDPR Rights

As a user residing in the European Union, you have the following rights:

  • Right of Access: Request a copy of the personal data we store about you.
  • Right to Rectification: Request correction of inaccurate account information.
  • Right to Erasure (“Forgotten”): Request the complete deletion of your account and characters.
  • Right to Restrict Processing: Request suspension of your data processing under certain circumstances.

7. Contact & Support

If you wish to exercise any of your privacy rights or have questions about how we handle your data, please contact the administrators through our official Discord Community support channels.