Privacy Policy

We keep this simple. You give us an email address. We use it to run your account. That's the core of it — everything else is explained below.

1. Who is responsible

Sparkle5, LLC
30 N. Gould Street #10391
Sheridan, WY 82801, USA
support@celestialcommand.io

2. What data we collect and why

Data	Why we collect it	Legal basis
Email address	To verify your account, send you a confirmation link when you register, and deliver security and game notifications you have enabled (e.g. attack alerts). Without a verified email address you cannot log in.	Performance of contract (account operation). Legitimate interest for notifications you opted into.
Username	To identify you in the game world and to other players. Visible to other players.	Performance of contract.
Session cookie	To keep you logged in while you play. One cookie, strictly necessary. See our Cookie Policy.	Strictly necessary — no consent required.
IP address & login timestamps	To protect against brute-force attacks, ban abusive accounts, and diagnose technical problems. Stored in server logs, retained for up to 30 days.	Legitimate interest (security).
Payment data (Stripe)	When you purchase Dark Matter or a VIP subscription, the transaction is processed by Stripe, Inc. We receive a transaction ID, order status, and your email from Stripe. We do not see or store your card number, billing address, or bank details — these are held exclusively by Stripe.	Performance of contract (fulfilling your purchase).
Game state	Your planet, fleet, research, and alliance data. This is the game itself — it exists to provide the service.	Performance of contract.

3. What we do NOT collect

No real name, address, or phone number
No date of birth
No payment card details (these go directly to Stripe, never our servers)
No location data beyond IP country (used only for abuse detection)
No advertising profiles or behavioural tracking

4. Who we share data with

We do not sell your data. We share it only where necessary to run the service:

Recipient	Purpose	Location
Stripe, Inc.	Payment processing for VIP subscriptions and Dark Matter purchases. Stripe is a PCI-DSS Level 1 certified payment processor. See Stripe's Privacy Policy.	USA (EU Standard Contractual Clauses apply for EEA users)
Email delivery provider (SMTP)	To send account verification and notification emails. Only your email address and the email content are transmitted.	Configured by the operator — same legal jurisdiction as the server.
Hosting provider	Our server infrastructure. The provider has access to server logs only.	Configured by the operator.

No other third parties receive your personal data.

5. How long we keep your data

Data	Retention
Account data (email, username, game state)	Until you delete your account, or after 24 months of inactivity.
Server / IP logs	Up to 30 days.
Payment records	7 years (required by US financial regulations).
Deleted account data	Purged within 30 days of deletion request, except where retention is required by law.

6. Your rights

Depending on where you live, you may have the right to:

Access — request a copy of the personal data we hold about you.
Correction — ask us to correct inaccurate data.
Deletion — ask us to delete your account and personal data.
Portability — receive your data in a machine-readable format.
Object — object to processing based on legitimate interests.
Withdraw consent — turn off optional notifications in your profile at any time.

To exercise any of these rights, email support@celestialcommand.io. We will respond within 30 days.

7. EEA / UK users (GDPR)

If you are located in the European Economic Area or the United Kingdom, the GDPR applies to our processing of your data. The legal bases for each processing activity are listed in Section 2. For transfers to the USA (Stripe), Standard Contractual Clauses approved by the European Commission are in place.

You have the right to lodge a complaint with your local data protection authority. For Germany, this is the relevant Landesdatenschutzbehörde. For a list of EU supervisory authorities, see edpb.europa.eu.

8. Children

The service is not directed at children under 16. We do not knowingly collect data from users under 16. If you believe a child has registered, please contact us and we will delete the account.

9. Security

Passwords are stored as one-way hashed values — we cannot read your password. All traffic is encrypted via HTTPS/TLS. Access to the database is restricted to the application server. We apply rate limiting and IP-based abuse detection.

10. Changes to this policy

We will notify registered users by email if we make material changes to how we process personal data. The updated policy will also be published on this page with a new "Last updated" date.

11. Contact

For any privacy question or data request:
support@celestialcommand.io
Sparkle5, LLC · 30 N. Gould Street #10391 · Sheridan, WY 82801 · USA