PRIVACY POLICY
This Privacy Policy (“Policy”) describes how we collect, process, use and share your personal information when you download and play our games and use our websites, applications and other products.
The Policy is a part of the End User License Agreement https://playwindrose.com/eula/ (“EULA”/“Agreement”). All terms shall have the meanings that are given for them in the Agreement.
1.GENERAL INFORMATION
In this Policy, the Publisher, “we“, “us” or “our” means the company named GLHF MERIDIAN ONE INTERACTIVE LTD incorporated under the laws of Cyprus.
In order to ensure the use of the Game, the information about you is collected and used by the Publisher to the extent related to the Game.
We do not have a legal obligation to appoint a Data Protection Officer (DPO) under Article 37 GDPR, as we are not a public authority, do not engage in large-scale monitoring, and do not process special categories of data on a large scale. For data protection matters, please contact us at privacy@meridianone.gg
2. CONTACT DETAILS
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, including if you wish to exercise your legal rights, please contact us using the information above.
For privacy-specific inquiries or data subject requests, you may also contact our data protection team directly at:
privacy@meridianone.gg
Commercial Union Building 101 Arch. Makarios III Avenue, 1st Floor, 1071 Nicosia, Cyprus.
3. WHAT INFORMATION WE COLLECT
We process your data only if such processing is necessary for the performance of a contract with you, the fulfillment of our legal obligations and our legitimate interests, if such interests are not overridden by your interests, fundamental rights and freedoms that require the protection of your data.
It is in our legitimate interests to provide and improve the quality of the Game in an efficient, safe and harmless manner.
Most of the data that we collect is limited to the types, which do not identify you personally, but may uniquely identify the device you use for visiting the Game site or playing/ using the Game. In some countries, the following types of data may be considered as personal information:
a. Platform Data. When you access the Game via Steam or Epic Games Store (Platforms), we may receive certain information from the platforms, such as: Platforms ID, Platform authentication tokens, country / region (if provided).
Platforms act as independent data controllers for their services.
b. Gameplay & Technical Data. Most collected data is non-personalized; however, some data may identify the User or the User’s device. We may collect: Platform ID, in-game User ID (generated by the Publisher), server ID, invite codes (generated by the Publisher), device ID / device identifier, device type and specifications, IP address, gameplay log files, access times and session duration, server connection data
c. Additionally, we may collect information voluntarily submitted through: bug reports, support tickets, feedback forms
In the event of a crash or in-game errors, we may collect diagnostic data such as: crash dumps, error reports, game logs.
For users located in the European Economic Area (EEA), we process personal data in accordance with the General Data Protection Regulation (GDPR).
4. HOW WE PROCESS YOUR DATA
4.1 Our Processing Principles
We only process your information when we have a valid legal reason to do so, such as to perform our contract with you (e.g., to provide the Game), for our legitimate interests (e.g., security and support), to comply with law, or with your consent. Information is processed primarily through automated means. When our employees or contractors require access, it is limited to what is necessary for their duties.
4.2 Information Security
We implement reasonable technical and organizational measures to protect your data from loss, theft, misuse, and unauthorized access. These measures are designed considering the risks and the nature of the data.
Legally significant decisions are not based solely on automated processing.
4.3 Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy, or as required to comply with legal or regulatory obligations.
Our specific retention periods are as follows:
Account and gameplay data (including Platform ID, in-game ID, game progress, settings, and preferences): retained for the duration of your active use of the Services. If your account remains inactive for 24 consecutive months, we may delete or anonymize this data, unless a longer retention period is required by law or necessary to establish, exercise, or defend legal claims. You may request earlier deletion at any time.
Technical logs, IP addresses, server connection data, and device identifiers: retained for up to 12 months from the date of collection. This includes data used for security, debugging, and performance monitoring.
Crash reports and error diagnostics: retained for up to 6 months from the date of the incident. This allows us to identify and fix technical issues without keeping data longer than necessary.
Customer support correspondence (bug reports): retained for up to 3 years from the date of the last message in the conversation. This enables us to handle follow-up issues and comply with consumer protection laws.
Data required for legal compliance (information needed for litigation): retained as long as necessary under applicable laws, which in some cases may be up to 7 years or longer, depending on the legal obligation.
After the applicable retention period expires, we will securely delete or anonymize your personal data so that it can no longer be associated with you.
You may request early deletion of your data at any time by contacting us at privacy@meridianone.gg. We will process such requests within 30 days, subject to any legal or regulatory obligations that require us to retain certain data for a longer period.
4.4 Sharing Your Data
We may share your personal data with third parties where necessary to operate, maintain, and improve the Game. Such recipients include:
Service providers: cloud hosting, game server providers, analytics tools, and customer support services (acting as data processors)
Affiliated companies: parent companies, subsidiaries, or entities under common ownership or control
The game developer: the studio that creates and maintains the Game, which also acts as the publisher on other platforms (e.g., Stove)
Purposes of sharing (with the developer and affiliates):
Game development, updates, bug fixes, and performance optimization
Technical support and crash analysis
Server maintenance and security operations
Fraud detection and anti-cheat measures
All recipients are contractually bound by Data Processing Agreements (DPAs) requiring them to:
Process data only on our behalf and in accordance with our instructions
Implement appropriate technical and organizational security measures
Not use your data for their own purposes
Comply with applicable data protection laws, including GDPR where required
For international data transfers related to the game developer, we ensure appropriate safeguards — see Section 6.3 for more details.
4.5 Age Restrictions & Children’s Privacy
The Game carries a content rating assigned by the Platform. This rating reflects the suitability of the Game’s content and does not determine the legal age for data processing.
To comply with applicable privacy laws, including the GDPR, you must be at least 16 years old to create an Account and use the Game independently. This applies regardless of the Game’s content rating in your country.
If you are under 16 but at least 13 years old (or the applicable age of digital consent in your jurisdiction, if higher), you may only use the Game with the prior involvement and consent of a parent or legal guardian. The parent or guardian must review this Privacy Policy, create your Account on your behalf, and assume full responsibility for your use of the Game.
The Game is not intended for children under 13, and we do not knowingly collect personal information from children under this age. If we become aware that personal data of such children has been collected, we will delete it promptly upon verification, typically within 30 days.
A parent or legal guardian may at any time request that we cease collecting their child’s data or delete any associated information by contacting us at privacy@meridianone.gg or via any other contact method specified in this Privacy Policy.
5. PURPOSES OF DATA PROCESSING
The purposes of data processing are:
- Provide and operate the Game
- Enable online features
- Maintain servers and infrastructure
- Troubleshoot bugs and crashes
- Monitor stability
- Provide customer support
- Comply with legal obligations We do not sell personal data.
Do Not Track. Your browser settings allow you to automatically transmit a ”Do Not Track“ signal to the online services you visit. However, it should be taken into account that there is no uniform approach in the industry for how site and application operators should respond to these signals. Accordingly, we will only check for or respond to ”Do Not Track“ signals if we are required to do so by law. For more information about the “Do Not Track” signal, visit http://www.allaboutdnt.com.
6. DATA TRANSFER
6.1 In order to fulfill the terms of our agreement with you and to comply with our legal obligations and interests, we may share your data with service providers strictly as necessary, including cloud hosting providers, game server providers. We may also process data received via Platforms. These entities act as independent controllers.
6.2 Change of Control and Business Transfers
In the event of a business transition, such as a merger, acquisition, sale of company assets, financing, or transfer of all or a substantial portion of our business to another company (including the transfer of publishing rights for our Games), we may disclose and transfer your information to the successor entity or new publisher.
The receiving party will be required to use your personal data in a manner that is consistent with this Privacy Policy. If the way your data will be handled will materially change as a result of such transaction, we will notify you via email and/or a prominent notice within our services before your data is transferred and becomes subject to a different privacy policy.
6.3 Cross-border data transfers:
Your information may be transferred to, stored and processed in other countries outside of where you live. These data transfers are necessary to provide the services set forth herein. We will take all steps reasonably necessary to ensure that all data is treated securely and in accordance with this Policy.
If it is necessary to export your data to countries or international organizations outside the European union
/ European Economic Area (“EU/EEA”) and you are a European citizen, the transfers shall be secured on the basis of an adequacy decision or standard EU Model clauses.
You have the right to request a copy of the Standard Contractual Clauses (SCCs) we use for international data transfers. To do so, please contact us at privacy@meridianone.gg.
6.4. Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
Notify the Cyprus Commissioner for Personal Data Protection within 72 hours of becoming aware of the breach, where feasible.
Inform affected users without undue delay if the breach is likely to result in a high risk to their rights.
Maintain an internal breach register as required by Article 33(5) of the GDPR.
We take our legal obligations regarding data breaches seriously and have implemented appropriate technical and organizational measures to prevent and respond to security incidents.
7. YOUR RIGHTS
You have certain rights regarding your personal data. To exercise any of these rights, please contact us using the details in Section 2. We will respond to your request within the timeframe required by applicable law (usually within one month) and may need to verify your identity before proceeding.
7.1 Right to Access & Data Portability
You have the right to request access to the personal data we hold about you and to receive a copy of that data in a structured, commonly used, and machine-readable format (where technically feasible).
7.2 Right to Rectification
You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.
7.3 Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected or when you withdraw your consent (where processing was based on consent).
7.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your data in certain scenarios, such as while we verify the accuracy of data you contest.
7.5 Right to Object to Processing
You have the right to object, on grounds relating to your particular situation, to the processing of your data which is based on our legitimate interests. You also have an absolute right to object to the processing of your data for direct marketing purposes at any time.
7.6 Right to Withdraw Consent
Where our processing of your data is based on your consent (e.g., for marketing communications), you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
7.7 Right Regarding Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
7.8 Exercising Your Rights & Fees
We will not normally charge a fee for exercising these rights. However, we may refuse to act or charge a reasonable administrative fee if requests are manifestly unfounded, excessive, or repetitive. If you are dissatisfied with our response, you have the right to lodge a complaint with the data protection authority in your country of residence.
7.8. We do not carry out automated decision-making, including profiling, that produces legal or similarly significant effects on you. Anti-cheat systems may take automated actions (e.g., temporary suspension), but you may request human review by contacting us at privacy@meridianone.gg.
7.9. Right to lodge a complaint with a supervisory authority
If you believe that our processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.
The competent supervisory authority for our lead establishment in Cyprus is:
Office of the Commissioner for Personal Data Protection (Cyprus)
Iasonos 1, 1082 Nicosia, Cyprus
Email: commissioner@dataprotection.gov.cy
Website: www.dataprotection.gov.cy
You may also lodge a complaint with the data protection authority in your country of residence.
GDPR (European Union / United Kingdom / EEA)
Users from these regions have rights to: Access their personal data
Rectification of inaccurate data Erasure (“right to be forgotten”)
Restriction of processing Data portability
Object to processing based on legitimate interests Withdraw consent at any time
Not be subject to automated decision-making
Our processing is based on lawful grounds under the GDPR, such as consent, contractual necessity, and legitimate interests. To exercise your rights, contact us using the details in Section 2. You also have the right to lodge a complaint with your local data protection authority.
CCPA / CPRA (California, USA)
California residents have rights to:
- Know what data is collected
- Request deletion
- Request correction
- Opt-out of sale/sharing
- Limit use of sensitive data
- Non-discrimination
We do not sell personal information.
Nevada Privacy Rights (Nevada, USA)
Nevada residents have the right to:
- Opt out of the sale of their covered personal information.
We do not currently sell your personal information as defined under Nevada Revised Statutes Chapter 603A. To submit a verified opt-out request, please contact us at privacy@meridianone.gg.
LGPD (Brazil)
Brazilian users have rights to:
- Confirmation of processing
- Access data
- Correction
- Anonymization or deletion
- Portability
- Information on sharing
- Withdrawal of consent Processing follows LGPD lawful bases.
UK GDPR (United Kingdom)
UK users retain GDPR-equivalent rights under the UK GDPR and Data Protection Act 2018. Complaints may be lodged with the UK Information Commissioner’s Office (ICO).
PIPEDA (Canada)
Canadian users may:
- Access personal data
- Request corrections
- Withdraw consent subject to legal limits
Australia Privacy Act
Australian users may request access and correction of personal information. Complaints may be directed to the OAIC.
This Privacy Policy applies solely to processing performed by the Developer / Publisher and does not replace the privacy policies of Platforms, which apply independently to platform services.
8. PLATFORM SERVICES AND THIRD-PARTY DATA COLLECTION
8.1. When you access or use the Game via third-party platforms, including Steam (operated by Valve Corporation), Epic Games Store (operated by Epic Games, Inc.), such platforms may independently collect, process, and store your personal data in accordance with their own privacy policies.
8.2. We do not control and are not responsible for the privacy practices of these platforms. We encourage you to review:
Steam Privacy Policy: https://store.steampowered.com/privacy_agreement/
Epic Games Privacy Policy: https://www.epicgames.com/site/en-US/privacypolicy
8.3. These platforms act as independent data controllers.
8.4. In most cases, your primary account is managed by the platform (e.g., Steam, Epic Games Store), and we do not create a separate account unless explicitly stated.
9. COOKIES AND SIMILAR TECHNOLOGIES
We may use cookies and similar tracking technologies (such as SDKs and analytics tools) to operate and improve the Game and related services.
These technologies may collect information such as device identifiers, IP address, gameplay interactions, and session data.
Where required by applicable law, we will request your consent before using non-essential cookies or tracking technologies.
10. ANALYTICS AND THIRD-PARTY TOOLS
We may use third-party analytics and monitoring tools to better understand how users interact with the Game, improve performance, and fix technical issues.
Such tools may collect information about your device, gameplay behavior, and technical events.
These providers process data on our behalf and are contractually bound to protect it.
11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy within the Game or through other appropriate means. The “Last Updated” date at the bottom indicates when the Policy was last revised.
Last Updated: April 06, 2026