プライバシーポリシー

1. 運営者について

Cenrellia Studios Limited is a company registered in England and Wales (company number 17065711). We are the data controller for personal information collected through this website (cenrelliastudios.com) and its associated services.

We have not appointed a Data Protection Officer as we do not meet the threshold requiring one under UK GDPR. For all privacy enquiries, contact us at the email address above or use the Data / Privacy Request subject on our contact form.

We have determined that we are not currently required to appoint a representative in the EEA under Article 27 of the EU GDPR, as our processing of EU/EEA personal data is occasional and does not involve large-scale processing or special category data. We will appoint a representative if our processing activities change.

If you are based in the European Economic Area (EEA) and have concerns about our data practices, you have the right to lodge a complaint with the supervisory authority in your country of residence. A list of EEA data protection authorities is available on the European Data Protection Board website.

2. 当社が収集する情報

We collect the following categories of personal data:

• Account information — your username, email address, and hashed password when you register directly.
• OAuth data — when you choose to link a platform account, we receive data from that platform via their API (not from publicly accessible sources). We never store your platform password. The specific data received from each platform is:
  • Google — platform user ID, email address, display name
  • Apple — platform user ID, email address (or Apple's private relay address if you choose to hide your email). We accept and store the relay address as provided and do not attempt to resolve it to your real email. Only transactional messages (account activity, security alerts) are sent to relay addresses. If you revoke Sign in with Apple through your Apple device settings, your session on our site will be invalidated.
  • Steam — Steam ID, display name, profile avatar URL
  • Discord — platform user ID, username, avatar URL
• Game ownership records — platform-verified proof that you own a game, used to unlock ownership-based features.
• Game saves and leaderboard data — when you play a Cenrellia Studios game while signed in, your save data and leaderboard scores are stored on our servers and linked to your account.
• User-generated content — forum posts, thread titles, bug reports, comments, and file attachments you submit.
• Game telemetry data — when you play a Cenrellia Studios game, the game client may send anonymous gameplay event data (such as session starts, level completions, and crash reports) along with your IP address. This data is linked to your account and used to improve game quality.
• Contact form submissions — your name, email, and message when you contact us.
• Technical data — IP addresses, session identifiers, browser user-agent strings, and server access logs collected automatically when you use the site. We also collect aggregate request counts and server performance metrics for operational monitoring; this data is not linked to individual users.
• Notifications — when events relevant to you occur (such as replies to your forum posts or updates to your bug reports), we store notification records linked to your account so you can view them in the notification centre.
• Cookies — session and preference cookies. See Section 11 for details.

We do not intentionally collect special category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health, or sexual orientation). If you voluntarily include such information in forum posts or bug reports, it is processed on the same basis as other user-generated content. We recommend not sharing sensitive personal details publicly.

3. 情報の利用方法

• Creating and managing your account and keeping it secure.
• Verifying whether you own Cenrellia Studios games on linked platforms so you can access ownership-based features. We only check ownership of our own titles — we do not access or store your full game library. Ownership status may be refreshed periodically.
• Delivering transactional emails — email verification, password reset, and notification emails you have opted into.
• Displaying your forum posts, bug reports, and other content you choose to publish.
• Rate limiting and security monitoring to protect the site and its users.
• Responding to contact form submissions.
• Applying content filters to user-generated content at display time for community safety (stored content is never modified).
• Storing and synchronising your game saves and leaderboard scores across devices.
• Processing account merges when you choose to consolidate two accounts into one, including transferring linked accounts, content, game saves, leaderboard scores, and game ownership records to the primary account.
• Displaying public player profiles at /players/{username}, which show your username, leaderboard rankings, and forum participation statistics. Player profiles are visible to anyone who visits the URL.
• Analysing game telemetry data to identify bugs, improve game balance, and monitor game performance.
• Delivering in-app notifications about activity relevant to you (such as forum replies and bug report status changes).
• Publishing game changelogs and service status information.
• Logging administrative actions (such as moderation decisions and account changes) for audit and accountability purposes.
• Sending event data to administrator-configured webhook endpoints for operational automation (e.g. new user registrations, bug report submissions). Webhook payloads contain only the data necessary for the event and are cryptographically signed.
• Complying with legal obligations.

4. 処理の法的根拠

Where we rely on your consent, you may withdraw it at any time by adjusting your notification preferences in your account settings or by clicking the unsubscribe link in any notification email. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

5. データを共有する第三者

We do not sell your personal data. We share data only with the following service providers who process it on our behalf:

• OVH Cloud — website hosting (EU data centres).
• Resend — transactional email delivery.
• Cloudflare — CAPTCHA (Turnstile) on the contact form and CDN/DDoS protection. Cloudflare processes IP addresses and request headers to route traffic, protect the site from attacks, and verify contact form submissions.
• Google, Apple, Steam, Discord — OAuth providers you voluntarily connect. We receive only the data those platforms expose via their APIs.

Each provider operates under their own privacy policy and data processing agreements.

We do not use your personal data to train artificial intelligence or machine learning models, to serve advertising (including retargeting or interest-based advertising), or to determine credit-worthiness.

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your personal data may be transferred to the successor entity. Any such successor will be bound by this privacy policy with respect to your data. We will notify you by email and/or a prominent notice on the Site before your data is transferred and becomes subject to a different privacy policy.

Cenrellia Studios is not affiliated with, endorsed by, or operated by Google LLC, Apple Inc., Valve Corporation (Steam), Discord Inc., OVH SAS, Resend Inc., or Cloudflare Inc. Use of their names above is solely to identify the services we integrate with.

6. 国際的なデータ移転

Your personal data is primarily stored on servers within the EU/UK (OVH Cloud). However, some of the third-party services we use are based outside the UK:

• Resend — United States
• Cloudflare — United States
• Google, Apple, Valve (Steam), Discord — United States (OAuth data only, when you choose to link an account)

Where data is transferred outside the UK, we ensure appropriate safeguards are in place. For transfers to the United States, our providers participate in or are covered by the UK Extension to the EU-US Data Privacy Framework (the "UK-US Data Bridge") where applicable. Where the Data Bridge does not apply, we rely on UK International Data Transfer Agreements (IDTAs) or equivalent contractual protections, in accordance with UK GDPR requirements.

7. データの保存期間

8. UK GDPRに基づくお客様の権利

If you are based in the UK or EEA, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data where there is no compelling reason for us to keep it.
• Portability — receive your data in a structured, commonly used, machine-readable format (we provide exports in JSON).
• Restriction — ask us to pause processing your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time (see Section 4).

To exercise any of these rights, use the Data / Privacy Request subject on our contact form or email us at privacy@cenrelliastudios.com. The first copy of your data is provided free of charge. We will respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

If you are based in the European Economic Area, you may lodge a complaint with your local data protection supervisory authority instead of or in addition to the ICO. A directory of EEA supervisory authorities is available at edpb.europa.eu.

9. データセキュリティ

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These measures include:

• All connections to the site are encrypted using HTTPS/TLS.
• Passwords are hashed using industry-standard algorithms and are never stored in plain text.
• Access to personal data is restricted to authorised personnel only.
• Automated rate limiting and abuse-prevention measures are in place.
• OAuth tokens are stored securely and are not exposed to other users.

For support and debugging purposes, authorised administrators may access the site as if logged in as your account (impersonation). All impersonation sessions are logged, and this capability is restricted to users with explicit administrative permissions.

While we strive to protect your data, no method of transmission or storage is completely secure. If you believe your account has been compromised, please contact us immediately.

We maintain records of our data processing activities in accordance with UK GDPR Article 30.

In the event of a personal data breach, we will notify the ICO within 72 hours of becoming aware of it where required by UK GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. We maintain an internal record of all personal data breaches, including those that do not meet the threshold for reporting to the ICO, in accordance with UK GDPR accountability requirements.

10. ファイルのアップロード

Bug report attachments are limited to image files (.png, .jpg, .gif, .webp), video files (.mp4, .webm), and text/log files (.txt, .log), with a maximum size of 50 MB per file and a maximum of 3 files per report. Uploaded files are stored on our hosting server and are deleted when the associated bug report is removed or when your account is deleted.

11. Cookie

A cookie is a small text file stored on your device. We use the following cookies:

Strictly necessary cookies (no consent required)

These are essential for the site to function. They are set automatically and cannot be switched off.

Functional cookies (set only after you take an action)

These are set in response to a choice you make (e.g., changing your pagination preference). They are not used for tracking.

Third-party cookies

Cloudflare Turnstile (used on our contact form for anti-spam verification) may set its own cookies. These are classified as strictly necessary for security purposes. For full details, see Cloudflare's Privacy Policy.

We do not use advertising, analytics, or cross-site tracking cookies.

You can also manage and delete cookies through your browser settings. Most browsers allow you to block or delete cookies via their privacy or settings menus. Please note that blocking session cookies will prevent you from logging in, and clearing the cookie_consent cookie will cause the consent banner to reappear. You can change your cookie preferences at any time using the "Cookie Settings" link in the site footer.

12. 最低年齢

This site is not directed at children under the age of 13. If you are under 13, please do not create an account or submit personal data. If we become aware that we have collected data from a child under 13 without parental consent, we will delete it promptly.

In accordance with the ICO's Age Appropriate Design Code, all accounts default to the most privacy-protective settings. We do not profile users for advertising, use nudge techniques to encourage users to weaken their privacy settings, or collect geolocation data.

We have conducted a Data Protection Impact Assessment for our processing of data from users under 18, in accordance with the ICO's Age Appropriate Design Code and UK GDPR Article 35.

13. 自動化された意思決定

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. Rate limiting and spam prevention measures are applied uniformly to all users and do not constitute profiling within the meaning of UK GDPR Article 22.

14. 第三者のリンク

This site may contain links to external websites (for example, platform privacy policies, the ICO website, or game store pages). This privacy policy applies only to cenrelliastudios.com. We are not responsible for the privacy practices of other websites, and we encourage you to read their privacy policies before providing them with your data.

15. カリフォルニア州居住者向け情報(CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information.

Do Not Sell or Share My Personal Information

We do not sell your personal information as defined by the CCPA. We do not share your personal information for cross-context behavioural advertising. Because we do not sell or share personal information, we have not offered an opt-out mechanism, but if this changes in the future, we will provide one.

We honour Global Privacy Control (GPC) signals. If your browser sends a GPC signal, we will treat it as a valid opt-out of any future sale or sharing of personal information.

Categories of personal information collected

In the preceding 12 months, we have collected the following categories of personal information:

Categories disclosed to third parties for a business purpose

In the preceding 12 months, we have disclosed the following categories of personal information to service providers for the business purposes described in Section 3:

• Identifiers (email address) — to Resend for transactional email delivery.
• Internet/network activity (IP address, challenge response) — to Cloudflare for anti-spam verification.
• Identifiers (platform user IDs) — to OAuth providers when you initiate a platform link.

We have not sold or shared (for cross-context behavioural advertising) any personal information in the preceding 12 months.

Sensitive personal information

We do not collect categories of personal information classified as "sensitive" under the CPRA (such as Social Security numbers, financial account details, precise geolocation, racial/ethnic origin, or biometric data). Accordingly, we do not offer a "Limit the Use of My Sensitive Personal Information" mechanism.

Your CCPA/CPRA rights

• Right to know — request what personal information we collect, use, disclose, and sell/share.
• Right to delete — request deletion of your personal information.
• Right to correct — request correction of inaccurate personal information we hold about you.
• Right to opt-out — opt out of the sale or sharing of your personal information (we do not currently sell or share).
• Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

How to submit a request

To exercise these rights, use the Data / Privacy Request subject on our contact form or email us at privacy@cenrelliastudios.com. We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days for complex requests, with notice).

You may also designate an authorised agent to submit requests on your behalf. We may require the agent to provide proof of their authorisation (such as a signed written authorisation or power of attorney) and may verify your identity directly before processing the request.

For retention periods applicable to each category of personal information listed above, see Section 7.

We do not offer financial incentives (such as discounts, loyalty programmes, or premium features) in exchange for the collection, sale, or retention of your personal information.

16. ブラジル居住者向け情報(LGPD)

If you are based in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you the following rights regarding your personal data:

• Confirmation and access — confirm whether we process your data and request a copy.
• Correction — request correction of incomplete, inaccurate, or outdated data.
• Anonymisation, blocking, or deletion — of unnecessary or excessive data, or data processed in breach of the LGPD.
• Portability — request transfer of your data to another service provider.
• Deletion — request deletion of personal data processed on the basis of your consent.
• Information about sharing — know which public and private entities we share your data with.
• Information about consent — be informed about the possibility and consequences of not providing consent.
• Revocation of consent — withdraw your consent at any time.

The lawful bases for our processing activities are described in Section 4. Where we rely on legitimate interests, you may request additional information about the balancing test we have conducted.

To exercise any of these rights, use the Data / Privacy Request subject on our contact form or email us at privacy@cenrelliastudios.com. You may also lodge a complaint with Brazil's national data protection authority (ANPD) at gov.br/anpd.

17. 本ポリシーの変更

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email.