Privacy Policy

MARBLE IDOLION – Privacy Policy (BETA 0.9‑lite)

Last updated: 2025‑04‑21 • Consolidated & corrected: 2025‑05‑31

MARBLE IDOLION is currently in beta testing. You can play without signing in, but account registration and authentication are limited.

"MARBLE IDOLION" ("MI", "we", "our", "us") is an experimental, free‑to‑play project operated by a sole proprietor in Japan. Because the service is still in beta, its features—and this Policy—may change or disappear without notice.

1. Who we are

MI is operated by RISE (sole proprietorship, JP).
Contact: [email protected]

2. What information we collect and why

Category (minimal) Examples Why we need it
Account data • Email address • (optional) Google Sign‑In ID Create and secure your account; send essential service messages
Session data • Session‑ID cookie (sessionId) • JWT access / refresh tokens (stored in sessionStorage) Keep you signed in during play
Technical logs • IP address • Browser type / version • Error traces Analyse bugs; defend against abuse
Marketing – optional Email address Send MI news only if you opt‑in (unsubscribe any time)

We do not knowingly collect special‑category data or information about children under 13.

3. Cookies & similar technology

We set only the cookies and HTML5 storage items strictly necessary for login, security and remembering your choices.
Name Purpose Expiry
sessionId (cookie) Links your browser to your server session When you close the browser
__Host-mi-jwt (cookie) CSRF‑protected wrapper for JWT refresh token 7 days
Access token (sessionStorage) Authorises API requests ≤30 minutes

A full, auto‑generated “Cookie Declaration” is available via the gear icon (bottom‑left).

4. Where your data is stored and who processes it

  • Servers: The application runs on Render infrastructure located in Singapore.

  • Network & DNS: Traffic is routed through Cloudflare, which acts as our secure CDN and DNS provider.

  • Cookie banner: We use CookieHub to display the consent panel.

All service providers process data under contracts that require them to keep personal information confidential and secure. We do not sell or rent your data.

Cross‑border transfers: Your information may be transferred to, and processed in, countries outside your own, including Singapore and Japan. Such transfers are safeguarded by the Japanese Act on the Protection of Personal Information (APPI) and, where required for EU/UK users, the EU Standard Contractual Clauses (SCCs) or UK International Data Transfer Addendum.

5. Retention

Because MI is experimental, the service may shut down without fixed notice. We therefore apply short retention periods:
Data Usual retention
Account & email Deleted when you close your account or after 12 months of inactivity
Technical / security logs IP logs 14 days • Error logs 30 days
Marketing opt‑in list Stored until you unsubscribe

6. Your rights & choices (all users)

  • Access / delete: You can access, correct or delete your account (and related game data) from the dashboard or by emailing us.

  • Marketing: Unsubscribe at any time via the link in each email.

Under APPI you may also request disclosure of how we handle your personal data; please email us if you wish to exercise this right.

7. Security

We employ industry‑standard measures such as TLS encryption, HTTP security headers, server‑side access controls and periodic vulnerability scans. No system is perfect; by using MI you accept that residual risk exists. Should a serious data breach occur we will respond in line with Japanese law and notify affected users without undue delay.

8. Children

MI is not intended for children under 13. If we learn that we hold personal data of a child under 13, we will delete it promptly.

9. Additional information for EU/EEA & UK residents (GDPR / UK GDPR)

Legal bases for processing

  • Contract: Creating and maintaining your account, delivering game functionality.

  • Legitimate interests: Securing our service, detecting abuse, fixing bugs.

  • Consent: Sending marketing emails (opt‑in, can withdraw at any time).

  • Legal obligation: Complying with applicable laws and responding to lawful requests.

Your rights
You may exercise the following rights free of charge:

  1. Access your personal data (Art. 15).

  2. Rectify inaccurate data (Art. 16).

  3. Erase data (“right to be forgotten”, Art. 17).

  4. Restrict processing (Art. 18).

  5. Data portability (Art. 20).

  6. Object to processing based on legitimate interests (Art. 21).

  7. Withdraw consent at any time (Art. 7 §3).
    To exercise these rights, email privacy@marble‑idolion.com or use the in‑app tools.

Complaints
You have the right to lodge a complaint with your local supervisory authority. A list can be found at https://edpb.europa.eu/about‑edpb/board/members_en.

EU/UK representative
Our processing of EU/UK resident data is occasional and low‑risk; therefore we rely on the small‑scale Art. 27(2)(a) exemption and have not appointed a representative. Should this change, we will update this Policy accordingly.

10. Changes to this Policy

We may update this Policy. Material changes will be posted at least three (3) days before they take effect. Continued use of MI after that date indicates acceptance of the revised Policy.

11. Contact

Questions or concerns? Email support@marble‑idolion.com – we aim to reply within three (3) business days.

Accept Selected Cancel