Not legal advice. This is a starter template. Have a qualified attorney review it for your jurisdiction, paid features, and data practices before you rely on it.

Privacy policy

Last updated: March 30, 2026

Who we are

This policy describes how we collect, use, and share information when you use KinsBlood (the “Service”), including our website and game experience.

Information we collect

  • Account data: Email address and data you provide when creating or managing characters (e.g. character names, in-game progress stored on our servers).
  • Technical data: IP address, browser type, general device information, and timestamps—typically found in server logs and used for security, abuse prevention, and operations.
  • Support & communications: If you contact us, we keep the content of those messages as needed to respond.

Login bot protection (Cloudflare Turnstile): When we enable Turnstile on the sign-in page, your browser loads Cloudflare’s challenge widget from their infrastructure. Cloudflare may process technical data (e.g. browser characteristics, interaction with the challenge, network signals) under their own terms and privacy policy to decide whether the request looks legitimate. When you submit the sign-in form, our servers receive a short-lived Turnstile response token and send it to Cloudflare’s siteverify API—together with our secret key and, where Cloudflare expects it, your IP address—to confirm the challenge succeeded before we email a magic link. We do not use this flow to read the contents of your email until you have passed verification; the token is only for abuse prevention. If Turnstile is not enabled, this processing does not occur.

Paid features & payments (Stripe): If we offer subscriptions or one-time purchases, we intend to use Stripe the same way as on our other sites (e.g. hosted Stripe Checkout): you complete payment on Stripe’s pages, not by entering card data into our game server.

  • What we do not store: We do not collect or store full card numbers, card security codes (CVV/CVC), or other payment credentials on our own systems. Stripe holds payment method details according to its role as a payment processor.
  • What we may store: We may keep information Stripe sends us so we can run the Service—for example Stripe customer or subscription identifiers, payment or checkout session references, product or plan IDs, subscription status, and records needed to grant premium features, prevent abuse, and meet tax or accounting obligations.
  • How we know a payment succeeded: We rely on Stripe’s webhooks and APIs (signed/verified server-to-server messages and API responses) to confirm purchases or subscription state. That is how we unlock entitlements; we do not “see” your full card data through that flow.
  • Stripe’s terms: Payment processing is also governed by Stripe’s legal and privacy terms (link may change—see stripe.com).

When checkout goes live: We will update this policy with the specific Stripe identifiers and categories of payment data we store (e.g. customer/subscription/session IDs from webhooks), typical retention, and how to request deletion where the law allows—alongside fraud-prevention and tax obligations.

How we use information

  • Provide, operate, and improve the Service.
  • Authenticate you, send login links if you use email sign-in, and maintain sessions.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with law and enforce our Terms of service.

Legal bases (where applicable)

If laws such as the UK or EU GDPR apply, we may rely on contract (providing the Service you asked for), legitimate interests (security, product improvement, proportionate analytics), and legal obligation. Where consent is required (for example for certain cookies or marketing), we will ask separately.

Sharing

We may share information with service providers who help us run the Service (e.g. hosting, email delivery, payment processing, fraud and bot protection such as Cloudflare when we enable Turnstile on login). We may disclose information if required by law or to protect rights, safety, and integrity of users and the Service.

Retention

We keep information as long as needed to provide the Service and for legitimate business and legal purposes (e.g. security logs, tax/accounting for paid features when offered).

Your choices & rights

Depending on where you live, you may have rights to access, correct, delete, or export personal data, or to object to or restrict certain processing. Contact us to exercise those rights. You may also have the right to complain to a data protection authority.

Children

The Service is not directed to children under the age required in your region to consent to data collection without parental permission. Do not use the Service if you are below that age.

International transfers

We may process data in countries other than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) or rely on other permitted mechanisms.

Changes

We may update this policy from time to time. We will post the updated version and revise the “Last updated” date.

Contact

For privacy questions, use the contact method published for KinsBlood (e.g. support email or site owner)—update this page when you add one.

← Home · Terms · Cookies