Privacy Policy

1. Data Controller

Tygaria is operated by Tyga.Cloud Ltd, a company registered in England and Wales (Company No. 14643275). We are the data controller for your personal data under UK GDPR and EU GDPR. Contact: privacy@tyga.cloud

2. Data We Collect

Account data: Username, email address, and password (stored as a bcrypt hash -- we never store or can access your plain-text password).

Game data: In-game position, inventory, gold, crystals, reputation scores, crafting queue, arcade game history, settlement data, clan membership, and chat messages sent to AI characters or other players.

Technical data: IP address, browser type and version, operating system, session tokens (JWT), and WebSocket connection metadata.

Payment data: If you purchase Crystals, payment is processed by our payment provider. We do not store credit card numbers, CVVs, or full payment details on our servers. We receive only a transaction confirmation and amount.

3. Legal Basis for Processing (GDPR)

Contract: Processing your account and game data is necessary to provide the Game service you signed up for.

Legitimate interests: Preventing cheating, maintaining game balance, moderating chat, improving the Game, and ensuring security.

Consent: Marketing communications (if any) are only sent with your explicit consent, which you may withdraw at any time.

Legal obligation: We may process data to comply with applicable laws (e.g., financial record-keeping for 6 years under UK tax law).

4. How We Use Your Data

We use your data to: operate the Game and your account; save and restore your game progress; enable multiplayer features (position sharing, chat, trading, clans); generate AI NPC responses personalized to your in-game history; maintain game economy balance; detect and prevent cheating, exploits, and abuse; communicate service updates; process Crystal purchases and maintain transaction records.

5. AI Character Interactions

Messages you send to AI characters are processed by AINPCEngine (operated by Tyga.Cloud Ltd) to generate contextual NPC responses. Your conversation history with NPCs is stored to maintain NPC memory and personality -- this is a core game feature. We do not use your conversations to train external AI models. AI-generated dialogue is fictional and does not constitute real advice of any kind.

6. Data Sharing

We share data only with the following categories of processors, all of whom are bound by data processing agreements:

AINPCEngine: NPC dialogue processing (operated by Tyga.Cloud Ltd, same company).

Hosting provider: Hetzner Online GmbH, Germany (EU/EEA -- adequate under GDPR).

Payment processor: For Crystal purchases (PCI DSS compliant).

We do not sell your personal data to third parties. We do not use third-party analytics, advertising networks, or tracking services.

7. Data Storage & Security

Your data is stored on servers located in Europe (Hetzner, Germany). All data in transit is encrypted using TLS 1.2+. Passwords are hashed using bcrypt with a cost factor of 10. Database access is restricted by IP whitelist and authentication. We conduct regular security reviews.

8. Data Retention

Active accounts: Data retained for as long as your account exists.

Deleted accounts: Personal data deleted within 30 days of account deletion request, except where retention is required by law.

Transaction records: Financial records retained for 6 years as required by UK tax law (HMRC).

Server logs: Technical logs retained for 12 months for security and debugging purposes, then automatically purged.

Chat history: Player-to-player chat messages are not permanently stored. AI NPC conversation history is retained as part of the game state.

9. Your Rights (UK/EU GDPR)

You have the right to:

Access: Request a copy of all personal data we hold about you.

Rectification: Correct inaccurate personal data.

Erasure: Request deletion of your account and personal data ("right to be forgotten").

Restriction: Request that we limit processing of your data in certain circumstances.

Data portability: Receive your data in a structured, machine-readable format.

Objection: Object to processing based on legitimate interests.

Withdraw consent: Where processing is based on consent, withdraw at any time.

To exercise any of these rights, email privacy@tyga.cloud. We will respond within 30 days (extendable to 90 days for complex requests). You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

10. International Transfers

Your data is primarily processed within the EU/EEA (Germany). If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement (IDTA).

11. Children

Tygaria is not intended for anyone under 18 years of age. We do not knowingly collect personal data from minors. If we discover that a user is under 18, we will immediately delete their account and associated data. If you believe a minor has created an account, contact privacy@tyga.cloud.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-game notification or email. The "Last updated" date at the top reflects the most recent revision. Continued use of the Game after changes constitutes acceptance.

13. Contact

Data Protection Officer: privacy@tyga.cloud
Tyga.Cloud Ltd
United Kingdom
Company No. 14643275