Legal · Effective 3 July 2026
Privacy policy
This policy explains what Rogue collects, why we use it, and the choices available to you.
Who controls your information
Rogue MUD is the controller of personal information used to operate the game, website and account store. Privacy requests can be sent to lestat.rogue-rpg@outlook.com.
Information we collect
- Account data: character and account names, email address, a one-way password hash, verification state and account history.
- Game data: characters, progress, inventory, messages sent through public or moderated game channels, sanctions and other activity needed to operate the world.
- Technical data: IP address, browser or client details, request logs, session identifiers and security events.
- Purchase data: product, entitlement, currency balance, Stripe event and transaction identifiers. Rogue does not receive or store full card details.
- Optional data: a private character portrait you upload. It is stored outside the public web root and returned only to your authenticated account.
Why we use it
We process account, game and purchase data to provide the service and fulfil our contract with you. We use technical logs, moderation records and limited analytics where necessary for our legitimate interests in security, abuse prevention, troubleshooting and improving Rogue. We use consent where the law requires it, and comply with legal obligations concerning payments, fraud and records.
Cookies and local storage
The website uses an essential creweb session cookie to keep you signed in. It is HttpOnly, SameSite=Strict, expires after seven days and is marked Secure over HTTPS. The browser game client stores settings, layouts, profiles and local play data in your browser. Rogue does not use advertising cookies.
Who receives it
We share only what is needed with service providers that host or protect the service, deliver email, and process payments. These currently include Netlify, Cloudflare, Microsoft email services and Stripe. Providers may process information outside the UK; where required, recognised safeguards are used. We do not sell personal information.
Retention and security
Account and game records are kept while an account is active and for as long as reasonably needed to operate the persistent world, resolve disputes, prevent abuse and meet legal duties. Short-lived sessions and verification codes expire automatically. Logs and backups are retained on limited operational cycles. We use access controls, hashed passwords, TLS at the public edge, signed payment webhooks and restricted administrative tools, but no online service can promise absolute security.
Your rights
Depending on where you live, you may ask to access, correct, erase, restrict or export your information, or object to certain uses. You may withdraw consent without affecting earlier lawful processing. Email us from your account address so we can verify the request. UK users may also complain to the Information Commissioner's Office.
Children and changes
Rogue is not directed at children under 13. Anyone under the age required to consent to data processing where they live should use Rogue only with a parent or guardian's permission. We may update this policy as the service changes; material updates will be dated and announced through the site or game.
