Privacy & Cookies
PRIVACY & COOKIES POLICY
PRIVACY & COOKIES POLICY
Data controller
, acting as the individual operator of InnerWorld.
Controller address
Privacy contact
Website
Scope of this policy
This policy explains how InnerWorld collects, uses, stores, and protects personal data through the game, portal, account services, community features, Premium services, and payment-related functionality.
Personal data collected
Depending on how the services are used, InnerWorld may process account identifiers, XUID, gamertag, character names and data, email addresses, authentication information, language and regional preferences, game activity, moderation records, transaction references, technical logs, IP addresses, browser information, and security-related data.
Game and character data
Game data may include account status, characters, levels, classes, statistics, deaths, guild membership, public rankings, login history, and other information generated while using InnerWorld. Certain game information may be displayed publicly where this forms part of the game or portal functionality.
Account and authentication data
Account and authentication data is used to identify users, provide account access, protect accounts, recover access, associate game characters with the correct account, and prevent unauthorized activity.
Payments and Stripe
Payments are processed through Stripe. InnerWorld may receive and store payment-related identifiers, payment status, subscription status, currency, amount, invoice references, and fulfillment information. InnerWorld does not receive or store complete payment card details.
Purposes of processing
Personal data is processed to provide and maintain the game and portal, authenticate users, manage accounts and characters, display public game information, operate Premium services, process and reconcile payments, deliver digital benefits, prevent fraud and abuse, apply moderation rules, investigate incidents, respond to requests, comply with legal obligations, and improve security and operation.
Legal bases
Processing is based, as applicable, on performance of the service relationship and requested functionality, compliance with legal obligations, the operators legitimate interests in operating and securing InnerWorld, and user consent where consent is legally required.
Legitimate interests
Legitimate interests may include preventing fraud, cheating, abuse and unauthorized access, maintaining service security, diagnosing technical problems, enforcing community rules, protecting users and the operator, and maintaining reliable records of service activity.
Publicly visible information
Character names, character profiles, rankings, guild information, game statistics, and similar game information may be publicly visible. Users should not use character names, guild names, or public messages to disclose sensitive personal information.
Recipients and service providers
Personal data may be processed by hosting, infrastructure, email, security, database, and payment service providers where necessary to operate InnerWorld. Stripe processes payment information under its own applicable privacy terms. Data may also be disclosed when legally required or necessary to establish, exercise, or defend legal claims.
External services
The portal may link to external services such as Discord or Stripe. When users access those services, the external provider may process personal data under its own privacy policy. InnerWorld does not control the independent processing performed by those providers.
International data transfers
Some service providers may process data outside Spain or the European Economic Area. Where required, such transfers must rely on an adequacy decision, appropriate contractual safeguards, or another legally valid transfer mechanism.
Data retention
Personal data is retained only for as long as necessary for the purposes described in this policy, while the account or service relationship remains active, and for any additional period required to comply with legal, accounting, security, dispute-resolution, or fraud-prevention obligations. Data may then be deleted, anonymized, or securely restricted.
Account deletion
Users may request account deletion through the available account tools or by contacting . Some information may be retained where required for legal obligations, payment records, security, fraud prevention, moderation history, or the resolution of disputes.
Data protection rights
Users may request access to their personal data and, where applicable, rectification, erasure, restriction of processing, objection, and data portability. Users may also withdraw consent at any time where processing is based on consent, without affecting processing already carried out lawfully.
How to exercise your rights
Requests may be sent to . The requester may be asked to provide information reasonably necessary to verify identity and protect the account from unauthorized requests.
Complaints
Users also have the right to lodge a complaint with the Spanish Data Protection Agency or another competent supervisory authority, particularly if they believe that their personal data has not been processed lawfully.
Minors
Where processing relies on consent, users under 14 years of age must have authorization from a parent or legal guardian. Minors must not make payments or submit personal information without the authorization required by applicable law.
Data security
Reasonable technical and organizational measures are used to protect personal data against unauthorized access, alteration, loss, misuse, or disclosure. No online system can guarantee absolute security, and users must also protect their credentials and account access.
Cookies and similar technologies
InnerWorld may use cookies and similar browser technologies to maintain sessions, protect forms, remember language or regional choices, preserve security preferences, and provide other website functionality.
Strictly necessary cookies
Strictly necessary cookies support essential functions such as authentication, session management, CSRF protection, security, language selection, and user-requested preferences. These cookies do not require consent when used only for those necessary purposes.
Optional cookies
Analytics, advertising, profiling, or other non-essential cookies will only be used after valid consent where required. They remain disabled unless the user accepts the relevant category.
Cookie choices
Where optional cookies are available, users may accept or reject them through the cookie settings control. Refusing optional cookies must not prevent access to essential portal functionality.
Changing or withdrawing consent
Users may reopen Privacy & Cookie Settings at any time to review, change, or withdraw consent. Withdrawal does not affect processing that was lawful before consent was withdrawn.
Browser controls
Users may also delete or block cookies through their browser settings. Blocking strictly necessary cookies may prevent login, account management, payment initiation, language preferences, or other essential portal functions from working correctly.
Changes to this policy
This policy may be updated to reflect legal, technical, operational, or service changes. Material changes will be communicated through the portal where appropriate.
Contact
Questions or requests concerning privacy, personal data, or cookies may be sent to .