Privacy Policy

1. Introduction

Mythea Ltd ("we", "us", "our"), company number 13332159, registered at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, operates the Mythea online game and the mythea.com website and its subdomains.

Mythea Ltd is the Data Controller for the purposes of the UK GDPR and EU GDPR. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

Mythea Ltd is registered with the Information Commissioner's Office (ICO). Our registration is currently being processed and we will update this notice with our registration number once issued.

If you have questions, contact us at contact@mythea.com.

2. Information We Collect

We collect information you provide directly, including:

• ✦ Email address (for account creation and login)
• ✦ Username and display name
• ✦ Game activity data (actions, rankings, kingdom membership, chat messages)
• ✦ Payment information (processed by Stripe — we do not store card details)
• ✦ Communications you send to us

We also collect technical data automatically when you use the service, including your IP address, browser type and version, device information, pages visited, time spent, and referring URLs. This is collected via Google Analytics and our server infrastructure.

3. Legal Basis for Processing

Under UK GDPR and EU GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

• ✦ Contract performance — Processing your account data, game activity, and authentication is necessary to provide the Mythea service you signed up for.
• ✦ Legitimate interests — We analyse usage patterns to improve the game, maintain security, and prevent abuse. Our legitimate interest in running a safe, functional service is balanced against your privacy rights.
• ✦ Consent — Analytics cookies and performance monitoring are only activated with your explicit consent via our cookie banner. You may withdraw consent at any time.
• ✦ Legal obligation — We may process or retain data where required by law, including responding to lawful requests from authorities.

4. How We Use Your Information

The following uses are necessary to perform our contract with you or to operate the service:

• ✦ Provide and operate the Mythea game service
• ✦ Authenticate your account and maintain security
• ✦ Process in-game purchases via Stripe
• ✦ Send operational game notifications directly related to your account or gameplay (wars, rankings, age changes, account alerts)
• ✦ Respond to support requests and investigate reports
• ✦ Comply with legal obligations

The following uses are based on your consent, which you may withdraw at any time:

• ✦ Send the Mythea newsletter and devlogs — see Section 11 for how to unsubscribe
• ✦ Improve our service based on aggregated analytics (only where you have consented to analytics cookies)

5. Data Processors & Sharing

We do not sell your personal data. We use the following third-party processors who handle data on our behalf under appropriate data processing agreements:

• ✦ Google Firebase / Google Cloud — Authentication, hosting, database, and real-time services. Data may be stored on servers in the United States.
• ✦ Google Analytics — Aggregated usage analytics. Only activated with your consent. Data processed by Google LLC in the United States.
• ✦ Stripe — Payment processing for in-game purchases. Stripe processes payment data directly and is subject to its own privacy policy. We do not store card details.
• ✦ Facebook — A Facebook page plugin is optionally embedded in certain areas of the game. Facebook may process data if you interact with it.

We may also disclose data to law enforcement or regulatory authorities where legally required.

6. International Data Transfers

Some of our data processors, including Google (Firebase, Google Cloud, Google Analytics) and Stripe, operate in the United States. Transfers of personal data outside the UK and EEA are made under appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the relevant supervisory authorities. You can request details of these safeguards by contacting us.

7. Cookies

We use cookies for authentication, game preferences, and — with your consent — analytics. For full details of every cookie we use and how to manage your preferences, see our Cookie Policy.

8. Data Retention

We retain different categories of data for different periods:

• ✦ Account data — retained while your account is active, then deleted within 90 days of an account deletion request
• ✦ Game activity and rankings — retained for the duration of the age and summarised in historical records thereafter
• ✦ Analytics data — retained for 26 months in Google Analytics (as per Google's default retention)
• ✦ Support correspondence — retained for 2 years
• ✦ Financial records — retained for 7 years as required by UK tax law

9. Your Rights

Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

• ✦ Right of access — Request a copy of the personal data we hold about you.
• ✦ Right to rectification — Request correction of inaccurate or incomplete data.
• ✦ Right to erasure — Request deletion of your personal data, subject to legal retention requirements.
• ✦ Right to restriction — Request that we limit how we process your data in certain circumstances.
• ✦ Right to data portability — Request your data in a structured, machine-readable format.
• ✦ Right to object — Object to processing based on legitimate interests, including direct marketing.
• ✦ Right to withdraw consent — Where processing is based on consent (e.g. analytics cookies), you may withdraw it at any time via our cookie settings.
• ✦ Rights related to automated decisions — We do not make automated decisions with legal or significant effects about you.

To exercise any of these rights, contact us at contact@mythea.com. We will respond within 30 days.

10. Right to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• ✦Website: ico.org.uk
• ✦Phone: 0303 123 1113

If you are based in the EU, you may also contact your local supervisory authority.

11. Marketing Communications

We send a newsletter and occasional devlog updates to players who have opted in. Under the UK Privacy and Electronic Communications Regulations (PECR), we only send marketing emails to individuals who have given prior consent.

The legal basis for processing your email address for marketing purposes is consent (UK GDPR Article 6(1)(a)). You can withdraw consent and unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us at contact@mythea.com. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

We do not send marketing emails to players under 13, and we do not sell or share your email address with third parties for their own marketing purposes.

12. Minimum Age

Mythea is intended for players aged 13 or older. We do not knowingly collect personal data from children under 13. If you are under 13, please do not create an account or provide any personal information.

If you are between 13 and 15 years old and based in the EU or UK, you should have parental or guardian consent before creating an account, as the minimum age for data processing consent under UK GDPR and EU GDPR is 16 in most member states (13 in the UK).

If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will delete that data promptly. To report an underage account, contact us at contact@mythea.com.

13. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights regarding your personal information.

We do not sell your personal information. We do share certain data with service providers (Google, Stripe, Firebase) for the purposes described in this policy. Under CCPA, this sharing may constitute "sharing" for cross-context behavioural advertising in respect of analytics data, which you have the right to opt out of.

As a California resident you have the right to:

• ✦ Know what personal information we collect, use, disclose, and share
• ✦ Delete personal information we hold about you (subject to certain exceptions)
• ✦ Correct inaccurate personal information
• ✦ Opt out of the sharing of your personal information for cross-context behavioural advertising
• ✦ Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at contact@mythea.com. We will respond within 45 days as required by CCPA. To opt out of analytics data sharing, decline analytics cookies via our cookie settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with a revised date. Continued use of the service after changes constitutes acceptance of the updated policy.