Legal

Privacy and account-data handling

Nexus Evo is being built for an EU market. The service therefore treats account data, support data, cookie-linked web data, and account-linked gameplay data as part of a GDPR-aware product surface.

This page is an operational privacy summary for the current build stage. Final controller identity, contact details, processors, and exact retention periods still need to be inserted before launch.

Data requests Cookie policy

Data categories

Auth account data such as email, login identifiers, password hashes, and recovery artifacts.
Website interaction data such as essential cookies, security logs, and support/contact submissions.
Account-linked gameplay data such as account ownership, characters, vaults, inventories, and public ranking visibility.
Security and fairness data such as abuse logs, anomaly findings, and internal audit events.

Why the data is processed

To register, authenticate, secure, and recover player accounts.
To operate the game service and expose account-linked surfaces like rankings or account summaries.
To defend the service against abuse, fraud, duplication, and account compromise.
To answer support and compliance requests.

Deletion and retention

The target architecture is to delete or irreversibly anonymize personal data when a valid erasure request applies and there is no overriding legal or security-retention need. Security and anti-fraud records may be retained for a narrower, documented period when required for abuse handling or legal claims.

User rights

Access to the personal data processed about the account.
Correction of inaccurate or outdated account information.
Erasure of data where the legal conditions for deletion are met.
Restriction or objection where applicable.