Privacy Policy

1. Introduction

Project Law Rune ("we," "our," or "us") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Project Law Rune, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address: Used for account verification, password resets, and important notifications
• Username: Your chosen display name for the Service
• Password: Stored securely using industry-standard encryption (bcrypt)

2.2 RuneScape Player Data

We collect and store publicly available RuneScape player statistics, including:

• Player names and account types
• Skill levels and experience points
• Historical snapshots of player progress
• Achievement milestones (99s, 120s, 200M XP)

Note: This data is publicly available through the official RuneScape Hiscores API and does not require authentication.

2.3 Usage Data

We automatically collect certain information when you use our Service:

• IP Address: For security, rate limiting, and fraud prevention
• Browser type and version
• Device information
• Page views and navigation patterns
• Timestamps of actions

2.4 Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for authentication and security (session management)
• Analytics cookies: To understand how users interact with our Service
• Advertising cookies: For Google AdSense advertisements (optional)

You can manage cookie preferences through our cookie consent banner or your browser settings.

2.5 Payment Information

For premium features, payment processing is handled by third-party processors (Stripe/PayPal). We do not store credit card information on our servers. We only retain:

• Transaction IDs and timestamps
• Purchase status (unlocked features)

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

• Create and manage user accounts
• Track RuneScape player statistics
• Display leaderboards and community features
• Process premium feature purchases
• Send important service notifications

3.2 Security and Fraud Prevention

• Authenticate users and prevent unauthorized access
• Detect and prevent fraudulent activity
• Rate limiting to prevent abuse
• Monitor for suspicious behavior

3.3 Service Improvement

• Analyze usage patterns to improve features
• Fix bugs and optimize performance
• Develop new features based on user needs

3.4 Communication

• Send account-related emails (verification, password resets)
• Notify about important service changes
• Respond to support inquiries

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

4.1 Third-Party Service Providers

• Hosting providers: For infrastructure and data storage
• Payment processors: Stripe, PayPal for premium transactions
• Email service: For transactional emails (Resend)
• Analytics: Google Analytics (anonymous usage data)
• Advertising: Google AdSense for advertisements

These providers are contractually obligated to protect your data.

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or abuse
• Protect user safety

4.3 Publicly Available Data

Certain information is publicly visible by design:

• Player statistics and tracking data
• Achievement milestones
• Leaderboard rankings
• Premium customizations (if enabled)

5. Data Retention

We retain your information for as long as necessary to provide the Service:

• Account data: Until you delete your account
• Player tracking data: Indefinitely for historical records and analytics
• Usage logs: 90 days for security and debugging
• Transaction records: 7 years for legal and accounting requirements

After account deletion, personal information is removed within 30 days. Public tracking data may remain for historical purposes.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: HTTPS/TLS for data in transit
• Password hashing: Bcrypt with salt for password storage
• Session security: HttpOnly and Secure cookie flags
• CSRF protection: Token-based protection against cross-site attacks
• Rate limiting: Protection against brute force and abuse
• Input validation: Protection against injection attacks
• Regular updates: Security patches and dependency updates

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information through the dashboard settings page.

7.2 Account Deletion

You may delete your account at any time through the settings page. This will:

• Remove your email and login credentials
• Unclaim any trackers you own
• Remove premium customizations
• Anonymize associated activity logs

Public tracking data may remain for historical purposes but will no longer be associated with your account.

7.3 Cookie Management

You can manage cookie preferences through:

• Our cookie consent banner (bottom of pages)
• Browser settings to block or delete cookies

Note: Blocking essential cookies may prevent proper functionality.

7.4 Opt-Out of Communications

You can opt out of non-essential emails through account settings. You cannot opt out of critical service notifications (security alerts, password resets).

8. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with information, please contact us.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using our Service, you consent to such transfers.

We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated through:

• Prominent notice on the Service
• Email notification to registered users

Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Your Privacy Rights (Regional)

12.1 GDPR (European Users)

If you are in the European Economic Area, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request data deletion ("right to be forgotten")
• Object to data processing
• Data portability
• Withdraw consent at any time

12.2 CCPA (California Users)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Opt-out of the sale of personal information (we do not sell data)
• Access and request deletion of personal information
• Non-discrimination for exercising privacy rights

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Discord: Larry