Envy Games

Privacy

This policy describes how Envy Games (“we”, “us”) collects, uses, and protects information across our website.

Who we are & scope Data we collect How we use data Legal bases Cookies & local storage Sharing & processors Security Retention Your rights Children Changes Contact

Who we are & scope

Envy Games is a US-based team building games, game mods, software, and game assets. This policy applies to:

  • Our website.
  • Our studio apps.
  • Our games and related apps.

Data we collect

Account & authentication

  • Username and hashed password (never plain text).
  • Optional email for notifications or recovery.
  • MFA data such as TOTP secrets or WebAuthn/passkey public key credentials.
  • Session identifiers and CSRF tokens.

Logs & diagnostics

  • Server logs (IP address, user agent, timestamps, URLs, response codes).
  • Error reports and performance metrics (e.g., request timing).

Voluntary communications

  • Messages sent via contact forms or email and your replies.

Payments/commerce

For purchases or donations, payment data is processed by a PCI-compliant provider. We do not store payment information on our servers.

How we use data

  • Authenticate users, maintain sessions, and secure the app (MFA/passkeys, CSRF).
  • Provide support and respond to requests.
  • Monitor reliability, debug issues, and prevent abuse.
  • Comply with legal obligations and enforce terms.

Cookies & local storage

We use strictly necessary cookies for login sessions and security (e.g., sessionid, csrftoken). We may also use optional analytics cookies or local storage to understand site usage; these will be documented and, where required, offered with consent controls.

Sharing & processors

We don’t sell personal information. We may share limited data with service providers that help us operate our site/app (e.g., hosting, error monitoring, email). When used, processors are bound by contracts and only process data on our instructions.

  • Hosting & infrastructure (e.g., servers, CDN, databases).
  • Error/monitoring and logs (to debug problems efficiently).
  • Email delivery (transactional messages, if enabled).
  • Version control and collaboration (e.g., GitHub for code and issue tracking).

If legally required (e.g., valid court order), we may disclose information to authorities.

Security

  • Hashed passwords; support for MFA and passkeys/WebAuthn.
  • Least-privilege access, audit logs, and environment-scoped secrets.
  • Transport encryption (HTTPS) and hardened defaults where available.

No system is perfectly secure; if we learn of a breach, we’ll take appropriate steps and notify affected users when required.

Retention

We keep data for as long as needed to provide the service and for legitimate business or legal purposes. Examples: session logs (short-term), error logs (short to medium), studio content (until deleted by an authorized user or per project lifecycle policies). We may anonymize or aggregate data for longer-term analytics.

Your rights

Depending on your location, you may have rights to access, correct, export, or delete your data, restrict or opt out of certain processing, or lodge a complaint with a regulator. For requests, use the contact details below. We’ll verify identity before fulfilling account-level actions.

Children

Our services aren’t directed to children under the age required by local law. We don’t knowingly collect personal data from such users; if you believe we have, contact us to request deletion.

Changes to this policy

We may update this policy as our products evolve. We’ll post the revised version here and update the effective date.

Effective date: November 30, 2025

Contact

Questions or privacy requests: contact us.