We keep this simple. You give us an email address. We use it to run your account. That's the core of it — everything else is explained below.
Pro Seven doo
Zagrebačka cesta 217
Zagreb, Croatia
OIB: 69467643231
info@prosevendoo.com
| Data | Why we collect it | Legal basis |
|---|---|---|
| Email address | To verify your account, send you a confirmation link when you register, and deliver security and game notifications you have enabled (e.g. attack alerts). Without a verified email address you cannot log in. | Performance of contract (account operation). Legitimate interest for notifications you opted into. |
| Username / Commander name | To identify you in the game world and to other players. Visible to other players. If you sign in via Google or Apple, your account starts with an auto-generated temporary name and you are prompted to choose a permanent commander name before playing. | Performance of contract. |
| Session cookie | To keep you logged in while you play. One strictly-necessary first-party cookie. See our Cookie Policy. | Strictly necessary — no consent required. |
| IP address & login timestamps | To protect against brute-force attacks, ban abusive accounts, and diagnose technical problems. Stored in server logs, retained for up to 30 days. | Legitimate interest (security). |
| Google / Apple account identifier (SSO) | If you sign in using "Sign in with Google" or "Sign in with Apple", we receive a unique user ID and optionally your email address from the respective provider. We store only the provider-issued user ID to link your game account to your social sign-in. We do not receive your Google/Apple password, contacts, photos, or any other account data. | Performance of contract (account operation via SSO). Consent (for loading the third-party sign-in scripts — see Cookie Policy). |
| Payment data (Stripe) | When you purchase Dark Matter or a VIP subscription, the transaction is processed by Stripe, Inc. We receive a transaction ID, order status, and your email from Stripe. We do not see or store your card number, billing address, or bank details — these are held exclusively by Stripe. | Performance of contract (fulfilling your purchase). |
| Game state | Your planet, fleet, research, and alliance data. This is the game itself — it exists to provide the service. | Performance of contract. |
We do not sell your data. We share it only where necessary to run the service:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing for VIP subscriptions and Dark Matter purchases. Stripe is a PCI-DSS Level 1 certified payment processor. See Stripe's Privacy Policy. | USA (EU Standard Contractual Clauses apply for EEA users) |
| Google LLC | Only if you choose "Sign in with Google". Google processes the sign-in token exchange and returns a verified user ID to our server. See Google's Privacy Policy. We do not send any further personal data to Google. | USA (EU Standard Contractual Clauses apply for EEA users) |
| Apple Inc. | Only if you choose "Sign in with Apple". Your browser is redirected to Apple's authentication pages; Apple processes the sign-in and returns a verified user ID to our server. See Apple's Privacy Policy. We do not send any further personal data to Apple. | USA (EU Standard Contractual Clauses apply for EEA users) |
| Email delivery provider (SMTP) | To send account verification and notification emails. Only your email address and the email content are transmitted. | Configured by the operator. |
| Hosting provider | Our server infrastructure. The provider has access to server logs only. | Configured by the operator. |
No other third parties receive your personal data.
| Data | Retention |
|---|---|
| Account data (email, username, game state) | Until you delete your account, or after 24 months of inactivity. |
| Server / IP logs | Up to 30 days. |
| Payment records | 11 years (required by the Croatian Accounting Act / Zakon o računovodstvu). |
| Deleted account data | Purged within 30 days of deletion request, except where retention is required by law. |
Depending on where you live, you may have the right to:
To exercise any of these rights, email support@celestialcommand.io. We will respond within 30 days.
Pro Seven doo is established in Croatia, an EU member state. The GDPR applies to all processing of personal data described in this policy. The legal bases for each processing activity are listed in Section 2. For transfers to the USA (Stripe, Google, Apple), Standard Contractual Clauses approved by the European Commission are in place.
You have the right to lodge a complaint with the Croatian supervisory authority: Agencija za zaštitu osobnih podataka (AZOP), Selska cesta 136, 10 000 Zagreb — azop.hr. You may also contact the supervisory authority in your country of residence. For a list of all EU supervisory authorities, see edpb.europa.eu.
The service is not directed at children under 16. We do not knowingly collect data from users under 16. If you believe a child has registered, please contact us and we will delete the account.
Passwords are stored as one-way hashed values — we cannot read your password. All traffic is encrypted via HTTPS/TLS. Access to the database is restricted to the application server. We apply rate limiting and IP-based abuse detection.
We will notify registered users by email if we make material changes to how we process personal data. The updated policy will also be published on this page with a new "Last updated" date.
For any privacy question or data request:
info@prosevendoo.com
Pro Seven doo · Zagrebačka cesta 217 · Zagreb, Croatia