Privacy Policy

1. Introduction

FrostWeb Studios (“we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use any of our services.

This policy applies to all FrostWeb Studios services, including but not limited to:

• Websites: frostweb.studio, identity.frostweb.studio, and forums.frostweb.studio
• Games: Ayndora, Murica AF, and any future titles published by FrostWeb Studios
• Applications: FrostLauncher (desktop game launcher), Ayndora Companion App (mobile), and any other companion or utility applications
• Forums: FrostWeb community forums and associated communication features
• APIs and Backend Services: FrostWeb Identity service, game APIs, and chat services

By accessing or using any of our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our services. This Privacy Policy is governed by the laws of the State of Florida, United States of America.

2. Information We Collect

We collect various types of information in connection with the services we provide, including information you provide directly, information collected automatically, and information obtained from third-party sources.

2.1 Information You Provide

When you interact with our services, you may voluntarily provide the following information:

• Account Registration: When you create a FrostWeb Identity account, we collect your email address, username, password, date of birth, and country of residence. Your password is never stored in plain text.
• Profile Information: You may choose to provide additional profile details such as a display name, avatar image, biography, and other customization options.
• Forum Posts and Communications: Content you post on our forums, including threads, replies, private messages, and any other user-generated content.
• Support Tickets: Information you provide when contacting our support team, including descriptions of issues, attachments, and communication history.
• Payment Information: When you make purchases through our services, we collect payment details necessary to process your transaction. Full payment card numbers are handled by our payment processors and are not stored on our servers.

2.2 Information Collected Automatically

When you use our services, certain information is collected automatically through technical means:

• IP Address: Your Internet Protocol address is recorded for security, fraud prevention, and approximate geolocation purposes.
• Device and Browser Information: We collect your user agent string, which includes details about your operating system, browser type and version, device type, and screen resolution.
• Login Sessions: We record information about each login session, including the device used, approximate geographic location (derived from IP address), browser type, and session timestamps.
• Game Telemetry and Analytics: When you play our games, we collect gameplay data such as play time, in-game actions, performance metrics, crash reports, and feature usage statistics.
• Cookies and Similar Technologies: We use cookies, JSON Web Tokens (JWT), and similar technologies to maintain your session, remember your preferences, and provide a seamless experience across our services. See our Cookie Policy for further details.
• Usage Patterns: We analyze how you navigate and interact with our websites, applications, and games, including pages visited, features used, time spent, and referral sources.

2.3 Third-Party Information

When you choose to link external accounts to your FrostWeb Identity, we may receive information from those third-party services:

• Google Account: If you sign in with Google or link your Google account, we receive your Google ID and the email address associated with your Google account.
• Steam Account: If you link your Steam account, we receive your Steam ID to associate your game library and enable Steam-related features.
• Epic Games Account: If you link your Epic Games account, we receive your Epic Account ID to enable cross-platform play and Epic Games Store integration.

We only receive the information necessary for authentication and account linking. We do not access your contacts, messages, or other private data from these third-party services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Account Creation and Authentication: To create and manage your FrostWeb Identity account, verify your identity, and provide secure access across all FrostWeb services through single sign-on (SSO).
• Providing Game Services: To deliver our games and related services, including multiplayer functionality, in-game chat, leaderboards, inventory management, character progression, guild systems, and companion app features.
• Personalizing Your Experience: To tailor content, recommendations, and features based on your preferences, gameplay history, and usage patterns across our platforms.
• Security and Fraud Prevention: To detect and prevent fraud, unauthorized access, abuse, and other malicious activities. This includes monitoring login attempts, enforcing automatic account lockout after repeated failed attempts, and tracking suspicious behavior patterns.
• Communications: To send you essential service-related communications, including email verification messages, password reset links, security alerts (such as new login notifications from unrecognized devices or locations), account status updates, and important policy changes.
• Analytics and Improvements: To analyze usage trends, measure the effectiveness of our services, diagnose technical issues, and improve the performance, stability, and user experience of our games, websites, and applications.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, and to enforce our Terms of Service and other agreements.
• Forum Moderation: To monitor and moderate user-generated content on our forums to ensure compliance with our community guidelines, Terms of Service, and applicable laws, and to maintain a safe and respectful community environment.

4. Information Sharing

We do not sell your personal data. FrostWeb Studios has never sold and will never sell your personal information to third parties for advertising, marketing, or any other commercial purpose.

We may share your information in the following limited circumstances:

• Service Providers: We share data with trusted third-party service providers who assist us in operating our services. This includes Google Cloud Platform for hosting and infrastructure, and SparkPost for transactional email delivery (email verification, password resets, security alerts). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Game Platform Integrations: When you link your account with Steam or Epic Games, limited information is exchanged with those platforms as necessary to enable cross-platform features, game library synchronization, and authentication.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to comply with legal obligations.
• Protection of Rights and Safety: We may disclose information when we believe it is necessary to protect the rights, property, or safety of FrostWeb Studios, our users, or the public, including to investigate potential violations of our Terms of Service.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
• Cross-Service Sharing Within FrostWeb: Your FrostWeb Identity information is shared across our ecosystem of services to provide a unified experience. This means your identity, authentication status, and profile information may flow between the Identity service, game servers (such as the Ayndora API), chat services, the companion app, forums, and administrative tools. This cross-service sharing is essential to single sign-on, in-game features, and forum integration.

5. Data Security

We take the security of your personal information seriously and implement a range of technical and organizational measures to protect your data:

• Password Hashing: All user passwords are hashed using the bcrypt algorithm with appropriate cost factors before storage. We never store passwords in plain text.
• Token-Based Sessions: We use JSON Web Tokens (JWT) with short-lived access tokens and longer-lived refresh tokens to manage authenticated sessions securely. Tokens are rotated and validated on each request.
• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS with TLS (Transport Layer Security) protocols.
• CSRF Protection: Our web services implement Cross-Site Request Forgery (CSRF) protection using the double-submit cookie pattern to prevent unauthorized actions on your behalf.
• Multi-Factor Authentication (MFA): We offer optional two-factor authentication (2FA) via time-based one-time passwords (TOTP) to add an extra layer of security to your account.
• Automatic Account Lockout: Accounts are automatically locked after a configurable number of consecutive failed login attempts to protect against brute-force attacks.
• Session Management: You can view and manage your active login sessions, including the ability to revoke sessions from devices or locations you do not recognize.
• Regular Security Audits: We conduct regular security reviews and audits of our infrastructure, codebase, and operational processes to identify and address vulnerabilities.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining industry-standard safeguards.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Accounts: Your personal data is retained for as long as your account remains active and in good standing. This includes your profile information, gameplay data, forum posts, and account preferences.
• Inactive Accounts: Accounts that have been inactive for an extended period may be flagged for review. We may notify you before taking any action regarding dormant accounts.
• Deleted Accounts: When you request account deletion, your personal data will be removed from our active systems within 30 days. Anonymized analytics and aggregated data that cannot be used to identify you may be retained for statistical and improvement purposes.
• Login Sessions: Historical login session records are automatically cleaned on a periodic basis. Active sessions expire according to their configured lifetimes.
• Audit Logs: Security-related audit logs, including authentication events, permission changes, and administrative actions, are retained for security investigation and compliance purposes. These logs may be retained for a longer period to support fraud detection and legal obligations.

7. Your Rights

You have several rights regarding your personal information. You can exercise most of these rights directly through your FrostWeb Identity account settings:

• Access Your Data: You can view the personal information we hold about you at any time by visiting your account page at /account on identity.frostweb.studio.
• Correct and Update Information: You can update your profile information, email address, display name, avatar, and other account details through your account settings.
• Delete Your Account: You can request the deletion of your account and associated personal data. Account deletion is processed within 30 days.
• Export Your Data: You can request a copy of your personal data in a portable format by contacting us at [email protected].
• Opt Out of Marketing: You can opt out of receiving promotional communications at any time by using the unsubscribe link in our emails or adjusting your communication preferences in your account settings. Note that you will continue to receive essential service-related communications.
• Manage Connected Accounts: You can link or unlink third-party accounts (Google, Steam, Epic Games) at any time through your account settings. Unlinking an account will revoke our access to information from that service.
• Revoke Sessions: You can view all active login sessions and revoke any session from your account security settings. This is useful if you suspect unauthorized access or have logged in from a shared device.
• Disable Multi-Factor Authentication: If you have enabled MFA/2FA, you can disable it through your account security settings. We recommend keeping MFA enabled for enhanced account security.

To exercise any rights not available through your account settings, or if you need assistance, please contact us at [email protected]. We will respond to your request within a reasonable timeframe.

8. Children’s Privacy

FrostWeb Studios services are not intended for children under the age of 13. You must be at least 13 years old to create a FrostWeb Identity account, use our games, access our forums, or interact with any of our services. We collect date of birth during registration to verify age eligibility.

We do not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take prompt steps to terminate the associated account and permanently delete all personal information collected from that child.

If you are a parent or guardian and believe that your child under 13 has provided personal information to FrostWeb Studios, please contact us immediately at [email protected] so we can take appropriate action.

Our practices regarding children’s privacy are compliant with the Children’s Online Privacy Protection Act (COPPA) and applicable regulations.

9. Florida-Specific Rights

As a company based in Florida, we comply with all applicable Florida privacy and consumer protection laws. Florida residents may have additional rights under the following statutes:

• Florida Information Protection Act (FIPA): We comply with FIPA requirements regarding the protection of personal information and data breach notification. In the event of a qualifying data breach, we will notify affected individuals as required by law, generally within 30 days of discovery.
• Right to Know About Data Breaches: If a breach of security affects your personal information, you have the right to be notified in a timely manner. Our notification will include a description of the breach, the types of information involved, and steps you can take to protect yourself.
• Right to Data Security Measures: You have the right to expect that we implement reasonable security measures to protect your personal information. We maintain administrative, technical, and physical safeguards designed to protect against unauthorized access, use, modification, and disclosure of personal information in our custody.
• Florida Deceptive and Unfair Trade Practices Act: We adhere to the requirements of the Florida Deceptive and Unfair Trade Practices Act, which provides additional protections against deceptive or unfair data collection and handling practices. We are committed to transparent and honest data practices as described throughout this Privacy Policy.

10. International Users

FrostWeb Studios is based in Florida, United States, and our services are operated from within the United States. All personal information we collect is processed and stored on servers located in the United States of America.

If you access our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our services, you explicitly consent to the transfer of your personal information to the United States and the processing of that information as described in this Privacy Policy.

We strive to apply appropriate safeguards to protect your information regardless of where it originates. If you have questions about international data transfers, please contact us at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the “Effective Date” at the top of this page.

For material changes that significantly affect how we collect, use, or share your personal information, we will provide prominent notice through one or more of the following methods:

• An email notification sent to the address associated with your FrostWeb Identity account
• An in-service notification or banner displayed when you next access our services
• An announcement on our website or forums

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes to this policy constitutes your acceptance of the updated terms.