Privacy Policy
How Glarium collects, uses, and protects your personal data (GDPR).
Last updated: 14 May 2026
1. Data controller
The data controller is the Glarium project, operating from Spain. For any privacy request, contact support@glarium.io.
2. What data we collect
- Account data: email address, display name, password (stored only as a bcrypt hash).
- Gameplay data: ELO rating, Sparks balance, match history, kills/deaths, league, tournament entries.
- Technical data: IP address, login timestamps, and approximate region — used for security (new-device detection) and matchmaking.
- Referral data: your referral code and which accounts you referred.
We do not collect payment data during Alpha. We do not knowingly collect data from children under 16.
3. Why we process it (legal bases)
- Contract: to provide your account, matchmaking, the Sparks economy, and tournaments.
- Legitimate interest: security, anti-cheat, fraud prevention, and service improvement.
- Consent: optional emails and non-essential cookies, where applicable.
- Legal obligation: where we must retain data to comply with the law.
4. How long we keep it
Account and gameplay data is kept while your account is active. If you delete your account, personal data is erased or anonymized within 30 days, except where retention is legally required. Security logs (IP, login times) are kept for up to 12 months.
5. Who we share it with
We do not sell your personal data. We share it only with infrastructure providers strictly necessary to run the Service (server hosting). All processing takes place within the EU. We may disclose data if required by law.
6. Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time.
- Lodge a complaint with your supervisory authority (in Spain, the AEPD).
To exercise any of these, email support@glarium.io. We respond within one month.
7. Security
Passwords are hashed with bcrypt and never stored in plain text. We use HTTPS everywhere, rate limiting on authentication, optional two-factor authentication, and notify you by email when your account is accessed from a new IP address. Secrets are stored outside the codebase with restricted permissions.
8. Cookies
glarium.io uses only essential storage (a login token kept in your browser). See our Cookie Policy for details.
9. Changes
We may update this policy. Material changes will be announced on glarium.io with an updated revision date.