Privacy Policy

The Sunless Vault · Last updated: [EFFECTIVE DATE]

⚠️ Template. This is a starting point that reflects what the game actually collects today. Fill in the bracketed fields and have it reviewed by a qualified professional before public launch. It is not legal advice.

Who we are

The Sunless Vault ("the Game", "we", "us") is an online multiplayer browser game operated by [OPERATOR / LEGAL ENTITY]. Questions: [CONTACT EMAIL].

What we collect

Display name — the name you type before a raid. It is shown to other players in the same match. Do not enter personal information as your name.
Vault identifier ("stash token") — a random ID generated for your browser and stored locally in your browser's localStorage. It identifies your persistent vault (stash and progression) between sessions. It is not linked to your real identity and we do not ask for an email or account.
Gameplay & progression data — gold, items, and per-class level/XP, stored on our server keyed to your stash token.
Connection metadata — your IP address and basic WebSocket connection data are processed transiently to operate the service and to rate-limit and prevent abuse. We do not use them to build advertising profiles.

What we do NOT do

No third-party advertising or analytics trackers.
No account, email, or password is required to play.
We do not sell your data.

Local storage notice

The Game stores a small amount of data in your browser's localStorage (the stash token and display/menu caches). This is essential for the Game to remember your vault; it is not used for tracking or advertising. Clearing your browser storage removes it (and disconnects this browser from its vault).

Data retention & deletion

Local data lives in your browser until you clear it.
Server-side vault data tied to an inactive stash token is automatically deleted after 180 days of inactivity (configurable by the operator).
You can delete your vault immediately with the button below, or by contacting [CONTACT EMAIL] and providing your token.

Delete my data. This permanently erases the server-side vault (gold, items, XP) tied to this browser's stash token, and clears this browser's local storage. It cannot be undone.

Children

The Game is not directed to children under [AGE]. See the Terms of Service for age requirements.

Your rights

Depending on your location (e.g. EEA/UK under GDPR, California under CCPA/CPRA) you may have rights to access, correct, or delete your data, or to object to certain processing. Contact [CONTACT EMAIL] to exercise them.

Changes

We may update this policy; material changes will be reflected by the "Last updated" date above.

← Back to the game