ALPHA — Glarium is in early testing. Sparks are fictional and have no monetary value until further notice.

Privacy Policy

How Glarium collects, uses, and protects your personal data (GDPR).

Last updated: 14 May 2026

Glarium is operated from Spain and serves players in the European Union. We process personal data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data controller

The data controller is the Glarium project, operating from Spain. For any privacy request, contact support@glarium.io.

2. What data we collect

  • Account data: email address, display name, password (stored only as a bcrypt hash).
  • Gameplay data: ELO rating, Sparks balance, match history, kills/deaths, league, tournament entries.
  • Technical data: IP address, login timestamps, and approximate region — used for security (new-device detection) and matchmaking.
  • Referral data: your referral code and which accounts you referred.

We do not collect payment data during Alpha. We do not knowingly collect data from children under 16.

3. Why we process it (legal bases)

  • Contract: to provide your account, matchmaking, the Sparks economy, and tournaments.
  • Legitimate interest: security, anti-cheat, fraud prevention, and service improvement.
  • Consent: optional emails and non-essential cookies, where applicable.
  • Legal obligation: where we must retain data to comply with the law.

4. How long we keep it

Account and gameplay data is kept while your account is active. If you delete your account, personal data is erased or anonymized within 30 days, except where retention is legally required. Security logs (IP, login times) are kept for up to 12 months.

5. Who we share it with

We do not sell your personal data. We share it only with infrastructure providers strictly necessary to run the Service (server hosting). All processing takes place within the EU. We may disclose data if required by law.

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with your supervisory authority (in Spain, the AEPD).

To exercise any of these, email support@glarium.io. We respond within one month.

7. Security

Passwords are hashed with bcrypt and never stored in plain text. We use HTTPS everywhere, rate limiting on authentication, optional two-factor authentication, and notify you by email when your account is accessed from a new IP address. Secrets are stored outside the codebase with restricted permissions.

8. Cookies

glarium.io uses only essential storage (a login token kept in your browser). See our Cookie Policy for details.

9. Changes

We may update this policy. Material changes will be announced on glarium.io with an updated revision date.