TALYFADA
Login

Privacy Policy

Last updated: June 9, 2026

This policy explains what data Talyfada (operated by Raphi) collects and how we use it.

1. Who we are

Controller: Raphi, Republic of Korea. Privacy contact / 개인정보 보호책임자 (Data Protection Officer): [email protected].

2. What we collect

  • Account data: your email and provider ID from Google or Discord, your handle, display name, and locale.
  • Technical data: IP address, login timestamps, and a session cookie (rrt_at) needed to keep you logged in.
  • Gameplay data: characters, progress, and in-game activity (during beta).
  • Payment data: handled entirely by Paddle (our Merchant of Record) — we do not receive or store your card number.

3. Why we use it (legal basis)

  • To create and run your account and the game — performance of our contract.
  • To keep accounts and the service secure, and prevent abuse — legitimate interest.
  • To send launch and marketing emails — only with your consent (see §4).

Your account email is also used for transactional messages (sign-up confirmation, security) — these don't require separate consent.

4. Marketing consent

We only send marketing/launch announcements if you opt in at sign-up. You can withdraw consent anytime via the unsubscribe link or by emailing us — withdrawing doesn't affect transactional emails.

5. Who we share with (processors)

  • Google / Discord — login (OAuth).
  • Paddle — payments, billing, tax (Merchant of Record).
  • Cloudflare — CDN, security, anti-abuse.
  • Hetzner (Germany, EU) — server hosting.

We don't sell your personal data.

6. International transfers

Our servers are in the EU (Germany). If you access from elsewhere (incl. Korea/US), your data is transferred and processed there under appropriate safeguards.

7. Cookies

We use a strictly necessary session cookie to keep you signed in. We don't use advertising or cross-site tracking cookies.

8. Retention

We keep account data until you delete your account; marketing consent records until you withdraw; security logs for up to 6 months. When data is no longer needed, it is deleted irrecoverably.

9. Your rights

You can access, correct, delete, or export your data, and withdraw consent — under Korea's PIPA, the EU/UK GDPR, and similar laws. Email [email protected]; you may also complain to your local data-protection authority (in Korea, KISA / 개인정보보호위원회).

10. Children

Talyfada isn't directed to children under 13 (or 14 in Korea). We don't knowingly collect their data; contact us to remove any such account.

11. Security

OAuth-only login (no stored passwords), HTTPS everywhere, HttpOnly session cookies.

12. Changes

We'll post updates here and announce material changes. Questions: [email protected].

Terms of Use·Privacy Policy