Privacy Policy

Version 1.0 — Effective 30 May 2026

PRIVACY POLICY

This Privacy Policy explains how ELOTACTIX LTD (“we”, “us”, “our”) collects and uses personal data when you access or use our online services, websites, applications and related features (together, the “Services”).

We are committed to protecting your privacy and processing your personal data in accordance with applicable data protection laws, including the UK GDPR, the EU General Data Protection Regulation (GDPR) and related national laws.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Services, subject to any mandatory rights you have under applicable data protection law.

1. DATA CONTROLLER AND CONTACT DETAILS

1.1 Data Controller

The data controller responsible for your personal data is:

ELOTACTIX LTD
 Registered address: 86-90 Paul Street, London, EC2A 4NE
 Registration number: 16781814
 Email: support@elotactix.co.uk for general account support requests

2. CATEGORIES OF PERSONAL DATA WE COLLECT

We may collect and process the following categories of personal data about you, depending on how you use the Services.

2.1 Account and Profile Data

To use the Services you must create an Account using a valid email address. We do not offer “guest” accounts without an email.

We may collect:

  • Name, username, display name or nickname
  • Email address (mandatory for Account creation)
  • Phone number (if you choose to provide it)
  • Country of residence and preferred language
  • Password or other authentication information
  • Account settings and preferences
  • Communication preferences

Account ownership. For the purposes of the Services, the Account holder is the person who controls access to the registered email address associated with the Account. It is your responsibility to ensure that this email address is accurate, up-to-date and under your exclusive control. If you lose access to the registered email address, we may not be able to recover or transfer your Account, subject to reasonable security checks and any applicable legal requirements.

2.2 Usage and Log Data

  • IP address and approximate location (based on IP)
  • Device information (e.g. device type, operating system, browser type, device identifiers)
  • Log data (e.g. access times, pages visited, in-Services actions, error logs)
  • Connection and technical data (e.g. latency, crash reports, diagnostic data)

2.3 Gameplay and Tournament Data

We collect data generated when you play the game and use in-Services features, such as:

  •  in-Services identifiers (e.g. user ID, in-game handles);
  •  gameplay statistics, scores, rankings and progress;
  • information about your in-game actions and decisions (for example, combat actions, strategies, use of abilities or “hero” features, whether triggered manually or automatically by the game systems);
  •  participation in tournaments and events, including registration time and results;
  •  anti-cheat telemetry and behavioural data relevant to ensuring fair play and integrity.

We use this data to operate the game, provide core functionality, maintain fair competition, balance the game, prevent cheating and fraud, and improve the Services.

Please note that usernames, rankings, scores, tournament results and similar gameplay information may be visible to other users within the Services (for example in leaderboards, tournament brackets or clan/guild views).

2.4 Communication Data

  • Messages or communications you send to us (e.g. support requests, complaints)
  • Content you post or transmit via in-Services chat or other communication tools (where applicable)

Public and semi-public communications. Depending on the feature, your in-Services communications (for example, chat messages, clan descriptions, usernames, tournament messages) may be visible to other users. Any information you choose to share in such areas can be read, collected, copied or used by others. You should not share personal data or sensitive information in these spaces.

To protect the integrity of the Services and other users, we may monitor, record and store in-Services communications, using automated tools and/or manual review where permitted by law, and only to the extent reasonably necessary for the purposes described in this Privacy Policy.

2.5 Payment and Transaction Data

  • Limited payment information (e.g. transaction ID, amount, currency, date, product purchased)
  • Payment method details processed by our payment processors (e.g. Stripe or other payment providers.).

Note: We do not generally receive or store your full card number or bank account details, which are handled by the payment provider. We may, however, receive limited information (such as last digits of card, card type, billing address, and status of the transaction) necessary for record-keeping, fraud prevention and customer support.

2.6 KYC and Identity Verification Data (for Cash-Prize Features)

If and when we make cash-prize tournaments available in your region, we may process additional KYC/AML data as described in this section. These features are not currently available to users and will only be activated once they are launched and clearly announced in the Services, such as:

  • Full legal name
  • Date of birth
  • Residential address
  • Nationality and/or country of residence
  • Identification documents (e.g. ID card, passport, driving licence)
  • Proof of address (e.g. utility bill, bank statement)
  • Selfie or live image for identity verification (where required)
  • Information about the origin of funds or occupation, if required by law
  • Results of checks performed by our KYC/AML service providers

We may decline, delay or limit access to cash-prize features or withdrawals until KYC/AML checks are successfully completed or if legal or risk-based requirements are not satisfied.

2.7 Cookies and Similar Technologies

We use cookies and similar technologies to collect certain information automatically when you use the Services. For more details, please see Section 11 (Cookies and Similar Technologies) below and our separate Cookie Policy (if provided).

3. PURPOSES OF PROCESSING AND LAWFUL BASIS

We process your personal data only where we have a lawful basis under the GDPR / UK GDPR. The main purposes and lawful bases are:

3.1 Providing and Operating the Services

  • To create and manage your Account
  • To authenticate you and recognise you when you log in
  • To provide access to the Services and their features
  • To process in-Services purchases and transactions
  • To provide customer support and respond to your queries

Lawful basis:

  • Performance of a contract (Art. 6(1)(b) GDPR / UK GDPR)

3.2 Tournaments and Reward Features

Feature availability

Certain features described in this Privacy Policy – including tournaments, leagues, ladders and any cash-equivalent or cash-prize mechanics – may not be available in all versions of the Services, in all regions, or at all times. We only process tournament-related data where the relevant feature is actually enabled for your Account and you choose to participate.

When tournaments, ladders or other competitive events are available, we process your personal data to:

  • To register you for tournaments and manage your participation
  • To calculate scores, rankings and determine winners
  • To allocate and credit non-cash rewards and, where applicable, cash-equivalent prize balances (e.g. diamonds or similar balances)
  • To verify eligibility for rewards and enforce tournament rules

We process this data based on performance of a contract (providing the tournament feature you choose to join) and our legitimate interests in operating fair competitions, including detecting and preventing cheating and abuse in tournament play. If a tournament or reward feature is not available in your region or has not been launched yet, we will not process your data for that purpose.

Lawful basis:

  • Performance of a contract (Art. 6(1)(b))
  • Our legitimate interests in operating fair competitions (Art. 6(1)(f))

3.3 KYC / AML and Legal Compliance (Cash Prizes)

  • To verify your identity and age for access to cash-prize features
  • To comply with anti-money laundering, counter-terrorist financing and fraud-prevention laws and regulations
  • To perform sanctions and risk checks where required

Lawful basis:

  • Compliance with legal obligations (Art. 6(1)(c))
  • Our legitimate interests in preventing fraud and abuse (Art. 6(1)(f))

3.4 Security, Anti-Cheat and Fraud Prevention

  • To detect and prevent cheating, abuse and unauthorised access
  • To enforce terms of use, tournament rules and fair play policies
  • To protect the security and integrity of our systems and other users
  • To investigate suspicious behaviour, security incidents or misuse

We may process:

  • Anti-cheat telemetry (e.g. gameplay patterns, anomalous behaviours)
  • Device and technical identifiers
  • Communication logs where relevant (e.g. in-Services chat around an incident)

We may retain certain security and anti-cheat data for longer than standard usage data where necessary to detect, investigate and prevent cheating and abuse and to establish, exercise or defend legal claims. To protect the effectiveness of our anti-cheat and fraud-detection measures, we may not be able to disclose all related data or detection methods in response to an access request, to the extent permitted by law, including where disclosure would undermine the prevention or detection of unlawful or improper conduct.

Lawful basis:

  • Our legitimate interests in ensuring security and integrity of the Services (Art. 6(1)(f))

3.5 Service Improvement and Analytics

  • To analyse usage, performance and trends
  • To improve and optimise the Services and user experience
  • To develop new features and content

Lawful basis:

  • Our legitimate interests in improving the Services (Art. 6(1)(f))
  • Consent, where required for certain analytics cookies (Art. 6(1)(a))

3.6 Marketing (Optional)

  • To send you newsletters, updates, promotional offers or other marketing communications (where permitted by law)

Lawful basis:

  • Consent (Art. 6(1)(a)), where required for electronic marketing
  • Our legitimate interests in promoting the Services (Art. 6(1)(f)), where consent is not required and local law allows

You may opt out of marketing communications at any time by using the unsubscribe link in the message or adjusting your Account settings. Opting out of marketing does not affect service-related communications (e.g. security alerts, transactional emails).

3.7 Legal Claims and Compliance

  • To establish, exercise or defend legal claims
  • To respond to legitimate requests from law enforcement or regulatory authorities
  • To comply with legal or regulatory requirements

Lawful basis:

  • Compliance with legal obligations (Art. 6(1)(c))
  • Our legitimate interests in defending and protecting our rights (Art. 6(1)(f))

4. DATA RETENTION

We retain personal data no longer than necessary for the purposes for which it is processed, subject to any statutory retention periods and our legitimate interests. Exact retention periods may vary depending on the jurisdiction and the nature of the data.

Generally:

  • Account Data: kept for as long as you have an active Account and for a reasonable period after closure (e.g. up to 6 years) for record-keeping, dispute resolution and legal obligations.
  • Gameplay and Log Data: kept for as long as reasonably necessary for security, anti-cheat, analytics and service improvement, typically 6 months to 5 years, depending on the data type and purpose, and may be aggregated or anonymised thereafter. Data directly relevant to security incidents or rule violations may be retained longer to protect our Services and users.
  • Payment and Transaction Data: kept for the period required by tax, accounting and financial regulations (commonly up to 6–10 years, depending on jurisdiction).
  • KYC / AML Data: retained for the period required by applicable KYC/AML laws and guidance (often 5–10 years from the end of the business relationship or last transaction).
  • Marketing Data: retained until you withdraw your consent or object to processing, or until we decide it is no longer necessary.

Where data is no longer required, we will either delete it or anonymise it so that it can no longer be linked to you. We may keep anonymised or aggregated information indefinitely, as it no longer identifies you.

We may also retain limited information (such as user ID, email hash, ban history or key device identifiers) after Account deletion where reasonably necessary to:

  • prevent abuse or re-registration by users who have been banned for serious violations,
  • enforce our terms and policies,
  • protect other users and our Services

5. DATA SHARING AND RECIPIENTS

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate safeguards:

5.1 Service Providers (Processors)

  • Payment processors (e.g. Stripe) for processing in-Services purchases and prize payouts
  • KYC / AML providers for identity verification, sanctions screening and fraud prevention
  • Cloud hosting and infrastructure providers who host our servers and databases
  • Analytics providers who help us understand usage and performance
  • Customer support tools used for managing support tickets and communications
  • Anti-cheat and security providers where applicable

These service providers act as processors and may only process data on our instructions and for the purposes described in this Policy. We require them to implement appropriate security measures and to keep your data confidential.

5.2 Professional Advisers and Authorities

  • Legal, tax, accounting or compliance advisers where needed
  • Law enforcement, regulators or courts where required by law or reasonably necessary to protect our rights or the rights of others

We may disclose your data where we believe in good faith that such disclosure is required to comply with applicable laws, to respond to lawful requests or to protect the safety, rights or property of us, our users or others.

5.3 Corporate Transactions

In connection with a merger, acquisition, restructuring, sale of assets or similar transaction, your personal data may be transferred to the relevant third party, subject to appropriate confidentiality and data protection safeguards. Where required by law, we will inform you of such transfer.

5.4 Third-Party Platforms and Community Channels

If you choose to log in or link your Account via third-party platforms (for example, app stores, social login providers or other platforms), those providers may share limited information with us (such as your email address, display name or platform identifier), subject to their own privacy policies and your settings with them.

We may also operate or participate in community channels (for example, on Discord, social media or forums). Any content you post in those channels is subject to the terms and privacy policies of the relevant platform. We may view, moderate and sometimes re-use such content (for example, to highlight community achievements), in accordance with this Policy and applicable law.

5.5 No Sale of Personal Data

We do not sell your personal data to third parties. Where required by law, we also do not “share” your personal data for cross-context behavioural advertising without your consent, and we do not use personal data for targeted advertising in a manner that requires opt-in consent under applicable law unless you have provided that consent.

6. INTERNATIONAL TRANSFERS

Your personal data may be transferred to, and processed in, countries outside the United Kingdom and the European Economic Area (EEA), which may have different data protection laws.

Where we transfer personal data outside the UK/EEA, we will:

  • ensure an adequacy decision is in place for the destination country; or
  • implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms, and where required carry out transfer risk assessments and implement supplementary measures; and
  • take additional measures where necessary to ensure an essentially equivalent level of protection.

You can contact us for more information about international transfers and the safeguards used.

7. YOUR DATA PROTECTION RIGHTS

Under the GDPR / UK GDPR, you have certain rights in relation to your personal data, subject to conditions and limitations:

  • Right of access: to obtain confirmation whether we process your data and to request a copy.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”): to request deletion of your data in certain circumstances.
  • Right to restriction: to request that we restrict processing in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible.
  • Right to object: to object to processing based on our legitimate interests, including profiling, and to object to direct marketing at any time.
  • Right to withdraw consent: where processing is based on consent, you may withdraw your consent at any time (withdrawal does not affect prior lawful processing).
  • Right to lodge a complaint: with a supervisory authority, in particular in the country where you live, work or where you believe a breach has occurred.

To exercise your rights, please contact us at support@elotactix.co.uk. We may need to verify your identity before responding (for example, by asking you to confirm access to the registered email address, provide your user ID or answer security questions).

In some cases, particularly regarding security, anti-cheat and fraud-prevention data, we may be legally entitled to refuse or limit disclosure of certain information where this would:

  • adversely affect the rights and freedoms of others, or
  • seriously undermine the effectiveness of our security or anti-cheat measures.

Where we rely on such limitations, we will explain this to you to the extent we are legally allowed to do so.

8. ACCOUNT DELETION

8.1 How to Delete Your Account

You can request deletion of your Account by:

  • using the in-Services account deletion or “delete account” function (if available), or
  • contacting us at support@elotactix.co.uk with your request.

We may ask you to confirm your request and prove that you are the Account holder (for example, by confirming access to the registered email address).

8.2 Effects of Account Deletion

When your Account is deleted:

  • You will lose access to the Services and any associated Virtual Goods, prize balances or other in-Services items, subject to the Terms. We are not obliged to provide any refunds or compensation for unused Virtual Goods or balances, unless required by law or as described in our Refund & Billing Policy.
  • We will delete or anonymise personal data associated with your Account, except where retention is required or permitted by law or where we have a legitimate interest (as described in Section 4).
  • Information you have shared with others (e.g. in chat, forums, leaderboards or screenshots) may remain visible or may have been copied or stored by other users or third parties; we cannot control or recall such data.

8.3 Legal and Legitimate Retention

We may retain some data beyond account deletion where necessary for:

  • compliance with legal obligations (e.g. financial, tax, KYC/AML requirements),
  • the establishment, exercise or defence of legal claims, or
  • our legitimate interests in preventing abuse or enforcing our terms (e.g. maintaining a record of banned users, anti-cheat signals, device identifiers or email hashes).

Where possible, such retained data will be limited to what is strictly necessary and, where feasible, pseudonymised or anonymised.

9. SECURITY OF YOUR PERSONAL DATA

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures may include, for example:

  • access controls and role-based permissions
  • secure server configurations and encryption in transit where appropriate
  • regular security updates and monitoring
  • internal policies and training for staff with access to personal data

However, no system is completely secure, and we cannot guarantee absolute security of your information.

You are responsible for:

  • keeping your login credentials and device secure,
  • ensuring your registered email address remains under your control, and
  • not sharing your password or other authentication details with anyone.

If you believe that your Account, password or registered email has been compromised, you must notify us immediately at support@elotactix.co.uk so we can take appropriate steps (for example, temporarily suspending or securing your Account).

We are not responsible for losses arising from unauthorised access that results from your failure to keep your credentials or registered email secure, except where we are required to accept such responsibility under applicable law.

10. CHILDREN’S PRIVACY

Our Services, particularly features involving tournaments with prizes or other age-restricted content, are intended for users aged 18 and over.

We do not knowingly collect personal data from children under the relevant minimum age in your jurisdiction (generally 18). If you are under 18, you must not create an Account, use the Services or provide any personal data to us, unless the Services are made available to under-18 users in a specific jurisdiction in accordance with applicable law and with appropriate safeguards.

If we become aware that a child has created an Account or provided personal data in breach of this section, we will take reasonable steps to:

  • delete the personal data as soon as reasonably practicable, and
  • where applicable, close the Account and restrict access to the Services.

If you believe that a child has provided us with personal data in violation of this Policy, please contact us at support@elotactix.co.uk, and we will take appropriate steps.

11. COOKIES AND SIMILAR TECHNOLOGIES

11.1 Previews of future features

From time to time, we may show previews, placeholders or “coming soon” labels for planned features (for example, new game modes, tournaments or hero abilities). These previews are indicative only and do not guarantee that a feature will actually be released, available in your region, or remain available permanently. We will only process your personal data in connection with such features if and when they become available for your Account.

11.2 What Are Cookies?

Cookies are small text files stored on your device when you visit a website or use an online service. Similar technologies (such as pixels, local storage and SDKs) may also be used to store or access information on your device.

11.3 Types of Cookies We Use

  • Strictly necessary cookies: required for the basic operation of the Services (e.g. authentication, security, load balancing).
  • Functional cookies: help remember your preferences and settings (e.g. language or region).
  • Analytics cookies: help us understand how users interact with the Services (e.g. which pages are visited, performance metrics).
  • Marketing / advertising cookies (if used): used to deliver relevant advertising and measure its effectiveness.

11.4 Lawful Basis for Cookies

  • Strictly necessary cookies are used based on our legitimate interests in providing a secure and functioning Service.
  • Analytics and marketing cookies are typically used based on your consent, where required. When applicable, you will be asked to provide or manage your consent via a cookie banner or settings tool.

11.5 Cookie Controls

You can:

  • manage or withdraw your cookie consent using our cookie banner or settings (where available), and/or
  • change your browser settings to block or delete cookies (although this may affect functionality of the Services).

For more detailed information, please refer to our separate Cookie Policy (if provided) or contact us.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements or other factors. If we make material changes, we will provide notice by updating the “Last updated” date at the top and, where appropriate, by additional means (such as in-Services notifications or email).

We encourage you to review this Privacy Policy periodically to stay informed about how we process your personal data. Your continued use of the Services after the effective date of changes, having had a reasonable opportunity to review the changes, constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Services and may request Account deletion.

13. CONTACT AND COMPLAINTS

If you have any questions, concerns or requests regarding this Privacy Policy or our data processing practices, please contact us at:

ELOTACTIX LTD
 Email: support@elotactix.co.uk
 Postal: 86-90 Paul Street, London, EC2A 4NE

You also have the right to lodge a complaint with your local data protection authority. For example:

  • In the UK: the Information Commissioner’s Office (ICO)
  • In the EU: your national supervisory authority (contact details can be found on the European Commission’s website)