Privacy Policy

At Paperjoyspinner.homes ("we", "our", "us"), we value the trust of every adventurer entering our dungeon. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you visit our website, subscribe to our newsletter, or otherwise interact with the Paperjoyspinner platform. We encourage you to read this document carefully so you fully understand your rights and our obligations under applicable data protection laws, including the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA).

1. Information We Collect

We are committed to data minimization. We only collect what is strictly necessary to deliver our services and improve your experience. The categories of personal data we may collect include:

• Contact information: Your email address, provided voluntarily through one of our signup forms (hero form, popup, footer subscription, exit-intent form, loot bar, contact form, etc.).
• Submission metadata: Date and time of submission, the specific form or page source that generated the submission, and the user agent (browser/device type) used.
• Technical data: IP address, approximate geographic region derived from IP, referring URL, and basic device information used solely for fraud prevention, rate limiting, and security analysis.
• Communications: Any messages, support requests, or feedback you send us via email or our contact form.
• Cookies & local storage: Small identifiers stored on your device to remember your preferences (see our Cookie Policy for full details).

We do not collect sensitive personal information such as government IDs, financial account details, biometric data, health records, or precise geolocation.

2. How We Collect Information

• Directly from you: when you fill in a form, subscribe, or contact support.
• Automatically: through standard server logs and minimal first-party cookies.
• From service providers: our email delivery service may report bounce or unsubscribe events back to us.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we rely on the following lawful bases:

• Consent — when you voluntarily submit your email to receive promotional content, you provide explicit, freely-given consent.
• Legitimate interests — to secure our platform, prevent abuse, maintain service quality, and analyze aggregate usage trends.
• Legal obligation — when we must retain or disclose data to comply with applicable law or a valid legal request.

4. How We Use Your Information

• To deliver promotional emails, event invitations, free-spin notifications, and loot-drop announcements.
• To personalize and tailor messaging to your preferences and engagement history.
• To respond to support inquiries and improve customer service.
• To detect, prevent, and investigate fraud, spam, bot activity, and abuse.
• To monitor and improve site performance, security, and user experience.
• To comply with legal obligations and enforce our Terms & Conditions.

5. Our Promise: No Selling, No Renting

We never sell, rent, lease, trade, or share your email address or personal information with third parties for their marketing purposes. Your data remains within the Paperjoyspinner vault and is treated with the same secrecy as the runes of the ancient guild. The only exceptions are limited service providers (such as email-delivery infrastructure) acting strictly under our instructions and bound by confidentiality.

6. Third-Party Service Providers

We work with a small number of trusted vendors who help us operate the platform, including:

• Email service providers for newsletter delivery
• Web hosting and content delivery infrastructure
• Security and anti-spam services

All such providers are contractually obligated to protect your data, use it only for the purposes we specify, and comply with applicable privacy laws.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Email subscriptions: retained for as long as you remain subscribed, plus a short grace period (up to 90 days) after unsubscribing for audit and compliance.
• Server logs and IP data: retained for up to 12 months for security and fraud prevention.
• Support communications: retained for up to 24 months to assist with follow-up inquiries.

When data is no longer required, we securely delete or anonymize it.

8. Cookies & Tracking Technologies

We use minimal first-party cookies for essential functionality such as remembering your cookie consent and managing popup display timing. We do not use cross-site tracking, advertising cookies, or third-party analytics that profile users. For full details, please review our Cookie Policy.

9. Your Rights (GDPR, UK GDPR & CCPA)

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you.
• Right to rectification — correct inaccurate or incomplete information.
• Right to erasure ("right to be forgotten") — request deletion of your data.
• Right to restrict processing — limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — opt out of marketing or certain processing activities.
• Right to withdraw consent — at any time, without affecting prior lawful processing.
• Right to lodge a complaint — with your local data protection authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days. Unsubscribing from our emails is always one click away via the link at the bottom of every message.

10. International Data Transfers

Our servers and service providers may be located in jurisdictions outside your country of residence. When personal data is transferred internationally, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Data Security

We implement industry-standard technical and organizational measures to safeguard your information, including:

• Encryption in transit (HTTPS/TLS) for all form submissions and traffic
• Encryption at rest for stored data
• Honeypot anti-bot protection and rate limiting on all forms
• Regular security audits and vulnerability assessments
• Restricted access on a need-to-know basis
• Secure password policies and multi-factor authentication for administrative accounts

Despite our best efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will promptly notify affected users in the event of any data breach as required by law.

12. Children's Privacy

Paperjoyspinner is intended strictly for adults aged 18 or older. We do not knowingly collect personal information from anyone under 18. If we become aware that a minor has submitted information, we will delete it immediately. Parents or guardians who believe their child has provided data may contact us at [email protected].

13. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no industry consensus on how to interpret these signals, our site does not currently respond to DNT requests. However, we do not engage in cross-site behavioral tracking regardless of DNT status.

14. Third-Party Links

Our website may contain links to external sites we do not control. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before submitting any data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Your continued use of the platform after such changes constitutes acceptance of the revised policy.

16. Contact & Data Protection Officer

For questions about this Privacy Policy, to exercise your rights, or to make a privacy-related complaint, please contact us at:

• Email: [email protected]
• Subject line: "Privacy Request"

We will acknowledge your message within 5 business days and aim to fully resolve all requests within 30 days.