renzora
Game Engine

Privacy Policy

Last updated: March 2026

1. Who We Are

Renzora ("we", "us", "our") operates the renzora.com platform, the Renzora Engine, and the Renzora Launcher. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

Account data:

Email address, username, password (hashed), profile information (bio, location, avatar), connected social accounts (Discord, Twitch, Steam, GitHub usernames and IDs).

Transaction data:

Credit purchases, marketplace transactions, withdrawal history, Stripe payment details (processed by Stripe, not stored by us).

Usage data:

IP addresses (for security and rate limiting), browser user agent, pages visited, API usage, launcher downloads.

Content data:

Assets you upload, posts, comments, messages, channel posts, reviews.

3. How We Use Your Data

We use your data to: provide and improve the Platform; process transactions; send notifications; prevent fraud and abuse; comply with legal obligations; communicate service updates.

Legal basis: contract performance (account services), legitimate interests (security, analytics), consent (marketing communications).

4. Data Sharing

We share data with: Stripe (payment processing); Cloudflare (CDN and security); connected OAuth providers (only what you authorise). We do not sell your personal data. We may disclose data if required by law or to protect our legal rights.

Your public profile information (username, avatar, bio, social links, badges) is visible to other users.

5. Data Retention

Account data is retained while your account is active. Transaction records are retained for 7 years for tax and legal compliance. You may request deletion of your account through Settings. Upon deletion, personal data is removed within 30 days, except where retention is required by law.

6. Your Rights

Under UK GDPR, you have the right to: access your data; rectify inaccurate data; erase your data (right to be forgotten); restrict processing; data portability; object to processing; withdraw consent. To exercise these rights, contact [email protected].

7. Cookies

We use essential cookies for authentication (JWT tokens, session management). We do not use tracking cookies or third-party advertising cookies. Functional cookies store your preferences (theme, language).

8. Security

We protect your data with: HTTPS encryption in transit; hashed passwords (Argon2); hashed API tokens (SHA-256); two-factor authentication (TOTP); role-based access controls. No system is 100% secure. If we discover a breach affecting your data, we will notify you and the ICO within 72 hours.

9. Children

The Platform is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

10. International Transfers

Your data may be processed outside the UK where our service providers operate (e.g., Cloudflare, Stripe). We ensure adequate safeguards are in place for any international transfers.

11. Changes

We may update this policy. We will notify you of material changes via email or Platform announcement. Continued use after changes constitutes acceptance.

12. Contact

Data Controller: Renzora

Email: [email protected]

You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.