Effective Date: January 1, 2026 | Last Updated: January 4, 2026
CCPA/CPRA Compliant GDPR Compliant
GalaxyWarden ("we," "us," or "our") provides gaming security services that help users monitor, detect, and remediate data breaches affecting their gaming accounts. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.
This policy applies to all users of GalaxyWarden, including visitors to our website and registered users of our breach monitoring services. For California residents, this notice also serves as our "Notice at Collection" under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
In the past 12 months, we have collected the following categories of personal information as defined under CCPA/CPRA:
| Category | Examples | Sources | Business Purpose |
|---|---|---|---|
| Identifiers | Email address, gaming usernames/aliases, Steam ID (if linked) | Directly from you during registration and profile setup | Account creation, breach scanning, notifications, personalized security missions |
| Account Records | Subscription level (Explorer/Navigator/Commander), payment information (processed by third-party), account preferences | From you or payment processors | Manage subscriptions, provide tiered features, process transactions |
| Internet/Network Activity | Gaming habits (frequency, platforms), security habits (password reuse, 2FA usage), breach history, session data | From you (profile/onboarding), app usage, third-party breach databases (e.g., Have I Been Pwned) | Risk scoring, AI security insights, mission generation, breach monitoring |
| Commercial Information | Selected gaming platforms (Steam, Epic, etc.), games monitored, fuel purchases, subscription history | From you (onboarding/profile updates) | Customize services, analyze engagement, provide relevant recommendations |
| Inferences | Security risk scores, mission progress, completion rates, decay-based risk calculations | Derived from collected data and AI analysis | Provide personalized security recommendations, track improvement over time |
We do not intentionally collect sensitive personal information such as precise geolocation, health data, racial/ethnic origin, religious beliefs, or sexual orientation. If you believe we have inadvertently collected such information, please contact us immediately.
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Breach Database (Have I Been Pwned) | Check if your email appears in known breaches | Email address (hashed where possible) |
| AI Services (xAI/Grok) | Generate personalized security insights and recommendations | Anonymized breach data, gaming profile (no direct identifiers) |
| Cloud Hosting | Store and process application data securely | Encrypted account data |
| Email Services | Send breach alerts and notifications | Email address, notification content |
If you are a California resident, you have the following rights under the CCPA/CPRA (exercisable up to twice per 12-month period, free of charge):
| Right | Description |
|---|---|
| Right to Know/Access | Request disclosure of categories and specific pieces of personal information we've collected about you, sources, purposes, and third parties we've shared with. |
| Right to Delete | Request deletion of your personal information (subject to legal exceptions). |
| Right to Correct | Request correction of inaccurate personal information. |
| Right to Opt-Out of Sale/Sharing | Direct us not to sell or share your personal information. Note: We do not currently sell or share data for advertising. |
| Right to Limit Sensitive Data Use | Limit use of sensitive personal information to essential purposes. (We do not collect sensitive PI.) |
| Right to Non-Discrimination | We will not deny services, charge different prices, or provide different quality based on exercising your rights. |
You can exercise your rights through any of these methods:
Verification: We will verify your identity using your email address and account information. Response time is 45 days (extendable to 90 days for complex requests). If we deny a request, you may appeal by contacting us.
Authorized Agents: You may designate an authorized agent to make requests on your behalf. Agents must provide written authorization and proof of identity.
Regardless of your location, you have the following rights:
For EU/EEA residents under GDPR, our legal basis for processing includes: contract performance (providing services), legitimate interests (improving security), and consent (marketing communications).
We retain your personal information based on the following criteria:
We implement reasonable administrative, technical, and physical safeguards to protect your information:
While we strive to protect your data, no system is 100% secure. We encourage you to use strong, unique passwords and enable 2FA on your account.
GalaxyWarden is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@galaxywarden.com, and we will promptly delete such information.
For users between 13-16 in California, we require opt-in consent before any sale or sharing of data (though we do not sell or share data for advertising).
If our practices change in the future, we will update this policy and provide a clear opt-out mechanism. You can manage your privacy preferences at any time in your Account Settings.
We honor Global Privacy Control (GPC) browser signals as valid opt-out requests.
For questions about this Privacy Policy or to exercise your rights, contact us:
We will respond to inquiries within 45 days. If you are not satisfied with our response, you may file a complaint with your local data protection authority or the California Privacy Protection Agency.
We review and update this policy at least annually or when our practices change. Material changes will be notified via email or in-app notification. Continued use after changes constitutes acceptance of the updated policy.