Privacy Policy
Version: 4.7 Published: 23.11.2025 At Obsidianridges, we are dedicated to protecting your privacy and maintaining the trust and confidence of our Users. This Privacy Policy explains what personal information we collect, why we collect it, and how we safeguard it.
This Privacy Policy describes how Obsidianridges collects, uses, stores, and shares information from users (each a “User”) through www.obsidianridges.com, including any subdomains, subpages, successor sites, or applications that can be accessed via our website (the “Website”). It applies to the Website and to all products and services offered through it.
This policy applies to information we collect:
Through the Website; In email, text, or other electronic communications between you and the Website; Through mobile and desktop applications you download from this Website or elsewhere, which enable interaction with our services outside of a browser; When you interact with our advertising and applications on third-party websites and services, where such applications or advertising include links to this Privacy Policy. This Privacy Policy does not apply to information:
Collected offline or via any other channels; or Collected by third parties, including via any application or content (including advertising) that may link to or be accessible from our Website. Please read this Privacy Policy carefully to understand how we handle your personal information. If you do not agree with the practices described, you should not use our Website. By accessing or using the Website, you acknowledge and agree to this Privacy Policy.
We may update this Privacy Policy from time to time (see “Changes to This Privacy Policy” below). Your continued use of the Website after any changes are posted constitutes your acceptance of those changes, so we recommend checking this page periodically.
Data Controller This Privacy Policy is issued on behalf of Obsidianridges, so when we refer to “Obsidianridges”, “we”, “us” or “our”, we mean the relevant company within the Obsidianridges group that is responsible for processing your data.
Type of Information We Collect and How Long We Keep It We collect personal information, anonymous information, and may combine them to create aggregate information (see “Definitions” below).
Examples of the types of data we may collect include:
Contact details – such as your first and last name, email address, home address, and mobile or other telephone numbers; Personal information – such as gender, age or age range, or your image; Account details – including your username, password, and any pictures or other data associated with your profile; Transaction and support information – for example, information you provide when making in-app purchases, interacting with our services, or contacting customer support (including your name, email address, and virtual item transaction history); Messages and communications – content sent directly between Users or in small groups by text, live chat, posts, or similar forms of communication; Third-party data – information we receive from third parties such as site or platform providers (including Facebook) relating to your use of or interest in our services; Location information – including location data provided by your device or associated with your IP address, where applicable law allows us to process this data; Activity, technical and device data – such as the content you view, how long you stay on our Website, how often you use our services, how you first found us, your preferences, your interaction with content on the Website, and technical details including device type, hardware model, unique device identifiers, operating system version, browser type, and IP address; Government-issued identification – which may be requested only when necessary to verify your account, comply with age restrictions, or meet security requirements. How Long We Retain Data We keep your information only for as long as is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. For UK residents, the table below summarises the categories of personal information collected or processed in the last 12 months and the intended retention periods.
UK Data Retention Overview | Category | Examples | Collected | Retention Period / Rationale |
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ----------------------------------------------------------------------------------------------------- |
| A. Identifiers | Name, alias, postal address, email address, phone number, account name, IP address, government-issued identifiers (e.g. passport or driver’s licence) | YES | 3 years – kept for account management, legal obligations, and operational needs |
| B. Personal information | Employment history, education, insurance policy numbers, health or medical data | YES | 3 years – retained for contractual and legal compliance purposes |
| C. Special category data | Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic/biometric data, health data, sexual orientation, sex/gender | YES | 3 years – processed only where lawful (e.g. explicit consent, legal duty, or legitimate interest) |
| D. Commercial information | Records of products or services received, considered, or used; browsing and consumption preferences | YES | 3 years – used for marketing analysis, customer relationship management, and service improvement |
| E. Biometric or genetic information | Fingerprints, facial templates, iris scans, DNA | NO | Not collected |
| F. Online activity and interaction | Website browsing history, search history, interactions with ads, app usage | YES | 3 years – used to enhance services and overall website experience |
| G. Location data | GPS data, device location, movement patterns | YES | 3 years – used to deliver location-based services or improve logistics |
| H. Sensory data | Audio, video, thermal, olfactory, or similar data | NO | Not collected |
| I. Employment/professional data | Job history, performance reviews, qualifications | NO | Not collected |
| J. Educational data | Student records, grades, transcripts, schedules | NO | Not collected |
| K. Inferences/profiles | Preferences, characteristics, behaviour patterns, psychological trends | NO | 3 years – used only for service improvement and personalisation where applicable |
How We Collect Your Information / Sources of Information We collect information you provide to us in a variety of ways, including when you:
Visit or browse our Website; Register an account on the Website; Use or receive products and services via the Website; Respond to surveys or participate in promotions; Fill out forms; Interact with other features, tools, or resources on our Website. Beyond the Website, we may also collect information when you communicate with us:
By telephone or video call; Via email, live chat, mail, text message, or social media. All telephone or video calls between Users and Obsidianridges representatives may be recorded for training, quality control, and compliance purposes. By continuing with such calls, you consent to the recording.
We also collect information about how you use our products and services using various technologies present when you visit our Website or use our applications on third-party sites or platforms (whether logged in or not), including cookies, flash cookies, pixels, tags, and APIs. See “Personal Data Collected via Technology” below for more information.
We use analytics tools to gather usage and performance information when you visit our Website or use our applications or services on third-party platforms.
In addition, we may rely on trusted external sources to update or verify information you have provided (for example, checking postal addresses, documentation, or names) to ensure accuracy and completeness.
How We Use Collected Information The Data Controller is responsible for and may use your information for the purposes described in this Privacy Policy. Other companies within Obsidianridges may access your information when acting as data processors on behalf of the Data Controller.
In summary, we use the information we collect to:
Operate and manage our Website; Provide our products and services; Respond to your questions and support requests; Meet regulatory, legal, and compliance requirements. Subject to applicable law and any choices you make (such as opting out of marketing), Obsidianridges may use User information for the following specific purposes:
To provide and manage the services you request – including processing your registration, creating and maintaining your account, and performing checks designed to prevent fraud and misuse. To improve customer service and our services – information you provide helps us respond more effectively to support requests; your feedback may help us refine and enhance our products and services. To process in-app purchases or virtual currency transactions securely – we may use information you provide to ensure your account remains safe and that transactions are handled smoothly. To personalise your experience – we may use aggregated information to understand how groups of Users interact with our Website and services and to tailor content and features accordingly. To contact you about our services – for example, by email, live chat, mail, or social media; to manage promotions and competitions; and to send information about your account, promotions, contests, surveys, new features, and other relevant updates. As set out in our terms, providing your telephone number may be treated as consent to receive certain automated text messages. Consent to receive direct marketing is not a condition of purchase. To send important notices – including notifications about in-game purchases, changes to our terms and conditions, or updates to our policies. These communications are important to your relationship with us and you acknowledge that you may not opt out of receiving them. To comply with legal and security obligations – including monitoring gameplay and platform activity to promote safe and responsible use, prevent abuse, and protect your account. To provide alternative dispute resolution options – we may share information with approved third-party partners for the sole purpose of resolving disputes that cannot be resolved through our internal processes. We do not use automated decision-making in a way that would constitute automated decisions under European data protection laws.
Personal Data Collected via Technology When you interact with our Website, we aim to make that experience smooth and relevant. We and our partners use standard online identifiers and technologies, such as cookies and similar tools.
Our Website may use the following technologies to enhance User experience:
Cookies – Small text files that are stored in your browser to save your preferences and recognise your device. Most browsers let you block or delete cookies, but doing so may affect how our services function. Unless you change your browser settings to refuse cookies, our system will issue cookies when you access our Website. Pixel tags / web beacons – Small pieces of code embedded on web pages or in emails that help us understand how Users engage with our content (for example, whether a page was visited or an email was opened). Mobile device identifiers – Advertising identifiers provided by mobile operating systems (such as Apple IDFA or Google Advertising ID) which may be shared with advertising partners for interest-based advertising. Event tagging – Tools such as Facebook App Events allow us to track key actions (e.g. app installs, purchase events) so we can view analytics, measure campaign performance, and create audiences for ad targeting. Behavioural advertising – We may work with third parties to show advertising on our Website or elsewhere (e.g. via custom audiences on Facebook). These partners may use cookies or similar technologies to collect information about your activities on our Website and across other sites to provide advertising tailored to your interests. We do not control third-party tracking technologies or how they are used; any questions about a specific advertisement should be directed to the relevant third party. Your Rights Over Your Information General Rights Under applicable data protection laws, and subject to certain conditions, you may have a number of rights in relation to the personal information we hold about you. If you wish to exercise these rights, please contact our Data Protection Officer.
These rights may include:
The right to access the personal information we hold about you; The right to object to certain types of processing; The right to correct inaccurate or incomplete information; The right to obtain a portable copy of personal information you have provided to us; The right to withdraw consent where our processing is based on your consent; In some circumstances, the right to request deletion of the personal information we hold about you. You will not be discriminated against or treated unfairly for exercising any of your rights.
Please note that these rights are not absolute and may be limited by legal or regulatory obligations. We may also correct, update, or remove incomplete or inaccurate information at any time in line with our internal policies.
Right to Complain to a Supervisory Authority You have the right to lodge a complaint with the relevant data protection supervisory authority if you are unhappy with how we process your personal information.
Rights in Relation to Direct Advertising If we process your personal information for direct marketing, you may object at any time to such processing, including any related profiling.
You can opt out of receiving marketing messages by:
Following the unsubscribe or opt-out instructions included in our communications; or Contacting Customer Support. If you object to processing for direct advertising purposes, we will no longer use your personal information for these purposes.
Data Deletion Requests To protect the security and privacy of our Users, we require you to verify your identity before we process any request to delete account data. This helps ensure that only the rightful account holder can make such a request.
If you submit a data deletion request, you may be asked to complete a verification process, which could include confirming your identity via email, phone, or other secure methods. We appreciate your cooperation as this process helps us maintain a safe and trustworthy environment. For more details, please contact our customer support team.
Opt-Out Preference Signals Under UK GDPR, you have the right to limit or prevent the collection of non-essential data from your device while using our Website. You can:
Adjust browser or device settings to block cookies or other tracking tools; Enable Global Privacy Control (GPC) or similar features in your browser or extensions to automatically communicate your privacy preferences. Please note that blocking or deleting cookies and similar technologies may limit certain features or reduce the functionality of our Website and services.
If you wish to opt out of interest-based advertising, you can use applicable opt-out tools (e.g. industry opt-out pages or browser-based controls). For Users in other jurisdictions such as the EU, regional opt-out mechanisms may apply. We will respect valid opt-out signals on each browser where they are implemented and recognised.
UK Data Subject Rights Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, UK residents are entitled to various rights regarding the processing of their personal data, including:
Right of Access (Subject Access Request) – You may request details of the personal data we hold about you, including the purposes of processing, categories of data, recipients, and retention periods. Right to Rectification – You may ask us to correct inaccurate or incomplete personal data. Right to Erasure (Right to be Forgotten) – You may request deletion of your personal data, subject to legal or contractual obligations that require us to retain certain data. Right to Restriction of Processing – You may request that we limit how we process your data in specific circumstances (for example, while we verify its accuracy or if you object to its use). Right to Object – You may object to processing for direct marketing, profiling, or where we rely on legitimate interests. We will respect such requests unless we have compelling lawful grounds to continue. Right to Data Portability – Where applicable, you may request that we provide your data in a structured, commonly used, machine-readable format so that it can be transferred to another controller. How to Submit a Request To exercise your rights, you (or a legally authorised representative) must:
Provide enough information for us to verify your identity, such as your full name, email address, and any other details we reasonably require; and Clearly describe your request, specifying whether you seek access, correction, deletion, restriction, objection, or portability of your data. We generally respond to requests within one month in accordance with UK GDPR. If your request is complex or numerous, we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.
How to Exercise Your Rights To exercise any of these rights, please email us at dataprivacy@obsidianridges.com. We may need to verify both your identity and your place of residence before completing your request.
Please:
Provide sufficient information for us to confirm that you are the person to whom the personal information relates (this may include sending an email from the registered account or confirming login credentials); and Provide enough detail about your request so that we can understand, evaluate, and respond appropriately. Each request that meets these criteria will be treated as a “Valid Request”. We will contact you if we need any additional information to verify your identity. We will only use the personal information supplied in a Valid Request to verify your identity and to process your request. You do not need an account to submit a Valid Request.
We aim to respond to Valid Requests within one month unless a different timeframe is required by law.
Authorised Representatives Under UK GDPR, you may appoint an authorised representative to exercise your data subject rights on your behalf. You must provide written authorisation confirming their authority. We may request a copy of this authorisation when the representative submits a request. Once verified, we will process the request in accordance with applicable legal timelines.
We will not charge a fee for handling a Valid Request unless it is excessive, repetitive, or manifestly unfounded. If we believe a fee is appropriate and permitted by law, we will inform you before processing the request.
If you are a registered User, you may update certain information associated with your account, including personal information, by logging in and editing your account details directly.
We will not discriminate against you for exercising your rights. We will not deny you services, charge different prices, or provide a lower quality of service because you have exercised these rights. However, we may offer different service tiers in accordance with applicable data privacy laws, which may reflect the value of personal information you provide.
In some jurisdictions, you have the right to appeal our response to your request. You may do this by emailing us at dataprivacy@obsidianridges.com.
We will provide a timely response to your appeal within 45 days. If you still disagree with our decision, we will explain further options available under applicable law.
How We Protect Your Information We maintain physical, electronic, and organisational safeguards to protect the information we collect. We adopt appropriate data collection, storage, and processing practices and security measures to guard against unauthorised access, alteration, disclosure, or destruction of your personal information, username, password, and data stored on our Website. Our security measures are reviewed regularly and updated to keep up with technological developments.
The security of your information also depends on you. If you have a password for certain parts of our Website, you are responsible for keeping it confidential and not sharing it with anyone.
Please note that transmitting information over the internet is not completely secure. Although we take steps to protect your personal information, we cannot guarantee its security during transmission to our Website. Any transmission is at your own risk, and we are not responsible for circumvention of privacy settings or security measures implemented on the Website.
Sharing Your Information We do not sell, trade, or rent Users’ personal identification information. However, in certain situations we may share your personal data with:
Other companies within the Obsidianridges group; Third parties who provide services on our behalf; Other third parties where required to meet legal or regulatory obligations. Sharing Within Obsidianridges We may share information with other companies in the Obsidianridges group for the purposes described in this Privacy Policy. See “Transfers” below for details on how such sharing is safeguarded.
Sharing With Third Parties We share information with third parties only in limited circumstances, including:
When you have allowed us to share your information; When it is necessary to provide products and services to you or to inform you about important updates to those products and services; With service providers who support our operations, such as technology providers, data storage and processing companies, payment and in-app purchase processors, and marketing or advertising partners. These partners are permitted to access your personal information solely to perform services on our behalf and must not use it for other purposes unless required by law. Where service providers use data for their own purposes (where permitted by law), they act as independent data controllers; In response to lawful requests from public authorities, including to meet national security or law enforcement requirements, or as required by regulatory bodies under applicable law; In the context of a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of Obsidianridges assets; When we believe disclosure is necessary to protect the rights, property, or safety of Obsidianridges, our Users, or others; When we instruct or authorise financial institutions holding a User’s account to disclose information requested by a regulator; To enforce our Website terms and conditions, protect our rights and our customers’ rights, detect fraud or other illegal activities, and comply with legal processes; For account verification and security purposes. We may ask you to provide a photo or image to help verify your identity. We may use facial recognition technology provided by third parties (including, but not limited to, Sumsub) to check whether the photo you submit matches the image on your identification document. These providers may collect biometric data from your image and share verification results with us. Biometric data will be stored by the third-party provider in line with its privacy policy and retained by us only for as long as needed to fulfill the verification purpose or up to 3 years from your last interaction, unless we are legally required to keep it longer.
Categories of Information We May Share In the previous twelve (12) months, we may have disclosed personal information for legitimate business purposes to the third-party categories set out below. Under UK GDPR, such sharing occurs only where necessary for service delivery, identity verification, or other lawful purposes. We do not sell personal information.
| Personal Information Category | Category of Third-Party Recipients | Purpose of Disclosure |
| --------------------------------------- | --------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| A: Identifiers | Third-party service providers (e.g. Sumsub) | To complete in-app purchases, verify identity, and confirm eligibility for services |
| B: Contact and Account Information | Third-party service providers (e.g. Sumsub) | To facilitate transactions and identity verification |
| C: Protected Characteristics | Third-party identity verification providers (e.g. Sumsub) | To verify identity when legally required |
| D: Commercial Information | Third-party service providers | To process in-app purchases |
| E: Biometric Information | N/A | Not collected or disclosed |
| F: Internet / Network Activity | N/A | Not collected or disclosed |
| G: Geolocation Data | Third-party service providers | To provide location-based services and assess eligibility |
| H: Sensory Data | N/A | Not collected or disclosed |
| I: Professional/Employment Data | N/A | Not collected or disclosed |
| J: Non-Public Education Information | N/A | Not collected or disclosed |
| K: Inferences | N/A | Not collected or disclosed |
Aggregated Information We may share non-identifiable, aggregated demographic information about Website visitors and Users with business partners, trusted affiliates, and advertisers for the purposes described above. This aggregated data does not contain information that can reasonably identify an individual.
Transfers Obsidianridges operates across multiple jurisdictions. Personal information we collect may be transferred to, stored, or processed by Obsidianridges entities or third parties in the European Union or other countries where we or our service providers maintain facilities.
Whenever personal information is transferred to another country or organisation, we implement appropriate safeguards. For transfers from the European Union, we may rely on standard contractual clauses approved by the European Commission or other legally compliant mechanisms to ensure adequate protection.
Other Important Information Compliance with Children’s Online Privacy Protection Protecting the privacy of minors is especially important to us. We do not knowingly collect or maintain information on our Website from individuals we know are under 18 years of age, and our Website is not designed to attract users under 18.
No one under 18 may provide any personal information to or on the Website. If you are under 18, do not use the Website or provide any information about yourself (including your name, address, telephone number, email address, or any username). If we learn that we have collected personal information from someone under 18, we will delete that information. If you believe we may have information about a child under 18, please contact us at dataprivacy@obsidianridges.com.
Do-Not-Track Signals and Similar Mechanisms Some web browsers send “Do-Not-Track” (DNT) signals to websites. Because there is currently no industry consensus on how websites should respond to these signals, our Website does not currently change its behaviour in response to DNT signals. If a clear standard is adopted in the future, we will review and update our practices.
Changes to This Privacy Policy We may amend this Privacy Policy from time to time to reflect changes in our operations or in applicable regulations. Where required by law, we will notify you of material changes and, if needed, seek your consent.
Notification may be provided by:
Posting the updated Privacy Policy on our Website; and/or Other methods consistent with applicable legal requirements. Any changes will take effect once the updated Privacy Policy is posted on our Website. We encourage Users to review this page regularly to stay informed about how we protect the personal information we collect.
Definitions Personal information – Information that identifies (directly or indirectly) a specific individual, such as name, postal address, email address, and telephone number. When anonymous information is linked with personal information, the combined data is treated as personal information. Anonymous information – Information that does not identify an individual and cannot reasonably be used to do so. Aggregate information – Information about groups or categories of Users that does not identify a specific individual and cannot reasonably be used to do so. Contacting You via Email or Text You confirm that any contact details you provide – including your email address and mobile phone number – are accurate and that you either own or are authorised to use those contact details. By voluntarily providing your telephone number to Obsidianridges, you expressly agree that we may contact you at that number.
You consent to receive pre-recorded voice messages and/or text messages (SMS) by or on behalf of Obsidianridges relating to:
This Privacy Policy and associated terms and conditions; Any actions or updates relating to your account with Obsidianridges; Promotional messages and offers from Obsidianridges. These communications may be made even if your number appears on any state or federal “Do Not Call” list. You understand that your telephone carrier may charge you for such calls or texts and that Obsidianridges is not responsible for these charges.
Contacting Us If you have questions about this Privacy Policy, your personal information, or how we use it, please contact our Data Protection Officer at:
Email: dataprivacy@obsidianridges.com
Please include your place of residence and a clear description of your query so we can assist you efficiently.