Privacy Policy

Last updated: 2026-06-21

What data we collect

On registration: email, username, password (stored as bcrypt hash). On OAuth login: public profile from the provider (Google/GitHub). During platform use: gaming activity, opened cases, LZ balance, IP address and User-Agent in security logs.

How we use data

Only for platform operation: authentication, reward accrual, abuse detection (multi-accounts, fraud), technical support. We do not sell or transfer personal data to third parties for marketing purposes.

Cookies and local storage

Lolanceizi uses httpOnly cookies for JWT sessions (required) and localStorage for language settings and UI preferences. Analytics — no third-party trackers.

Storage and deletion

Data is stored while the account is active. You can request deletion of your account and all associated data by writing to support@lolanceizi.online. Ledger entries (financial events) are stored in append-only mode for audit requirements.

Your rights

Under GDPR: right of access, right to rectification, right to erasure, right to data portability. Requests are processed within 30 days.

Security

Passwords hashed with bcrypt. 2FA via TOTP. HTTPS everywhere. CSP header against XSS. Rate-limiting on /auth endpoints. Regular database backups.