Last updated July 17, 2026 · Supersedes the version of August 13, 2021
This Application collects some Personal Data from its Users.
This document can be printed for reference by using the print command of any browser.
Personal Data is collected for the following purposes and using the following services:
Storage permission: the mobile Application asks for this permission to enable you to save pictures of your maps to your device in Builder Mode. If you do not use this feature, the Application will not use Storage.
Email address: this Application collects and uses the email address of the User for purposes of registration and authentication. The Owner may, on occasion, contact Users via their email address to provide specific information about their account, such as a notification that the account has been banned for non-compliance with the rules. The Owner may, from time to time, send opt-out marketing messages to Users via the collected email.
IP address: this Application records the IP address from which the User connects to the Application. This is to enable banning malicious accounts, or accounts that do not comply with the Application's rules and community guidelines. IP addresses may be saved in logs, to facilitate reviewing the User's activity to ensure that it complies with the Application's rules.
Payment information: purchases of Wyvern Crowns are processed by Stripe, Inc. The Owner receives the purchase amount, currency, tax collected, payment status, and the email address used at checkout; full card details are collected and stored by Stripe, not by the Owner. See Stripe's own privacy policy for its handling of payment data.
In-game communications: the Application records what Users say in the game — tells, says, shouts, emotes, and chat-channel messages — together with the sending account and timestamp, and the reports (bug reports, ideas, complaints) Users submit through in-game reporting commands. See “In-game communications, moderation, and AI processing” below for how this Data is retained, reviewed, and processed.
The Personal Data collected by the Application is never sold or shared with third parties, except for specifically authorized third parties for carrying out the service functions listed in this Policy: namely, the email address is sent to third-party OAuth providers for authentication, the email address and payment details are processed by Stripe for handling payments, the email address may be shared temporarily with a third-party email sender (e.g., SendGrid) for sending marketing emails, and in-game communications and player-submitted reports are processed by Anthropic for content moderation and AI-assisted game features as described below. These are the only situations in which Personal Data is processed, used, or shared outside the Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
The Owner may process Personal Data relating to Users if one of the following applies:
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located. Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. Users are entitled to learn about the legal basis of Data transfers to a country outside the European Union and about the security measures taken by the Owner to safeguard their Data; Users can find out more by inquiring with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose it has been collected for. Therefore:
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: access to third-party services' accounts, handling payments, registration and authentication, hosting and backend infrastructure, device permissions for Personal Data access, and content moderation and AI-assisted game features.
Depending on the User's specific device, the mobile Application may request certain permissions that allow it to access the User's device Data. By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time via the device settings, or by contacting the Owner for support at the contact details provided in this document. Revoking such permissions might impact the proper functioning of the Application.
Storage permission: used for accessing shared external storage, including the reading and adding of any items (Builder Mode map pictures).
Recording and retention: in-game communications — including private messages — are recorded and retained indefinitely, and may be reviewed by automated moderation systems and by authorized personnel for safety and moderation purposes. You may request deletion of your message history (see “The rights of Users” below); evidence connected to a safety or moderation case may be retained after such a request as permitted by law.
AI processing: the Application uses AI models provided by Anthropic, PBC (“Claude”) to operate certain Service features, and the following Data is processed by Anthropic on the Owner's behalf for that purpose: in-game communications, which are screened by an automated AI moderation system for compliance with the Application's safety rules; messages that Users address to AI-operated characters and assistants within the game; and player-submitted reports, which are triaged with AI assistance. Anthropic processes this Data solely to provide these features to the Owner; it is not sold and is not used for advertising. See Anthropic's own privacy documentation for its handling of data submitted to its services.
Automated moderation may result in limited, temporary enforcement actions against an account, such as a warning or a short mute; more serious enforcement actions are taken with human review. Users may contest any moderation action by contacting the Owner through the contact details provided in this document.
Users may exercise certain rights regarding their Data processed by the Owner. In particular, Users have the right to do the following:
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner, or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection. Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Users may permanently delete their Wyvern account, and all of the game Data held on it, at any time. No installed application is required:
Deletion is immediate, permanent, and irreversible: it erases every character on the account together with its progress, items, and any unspent Wyvern Crowns; the account record and its stored email address; and the account's sign-in links, including revocation of any Sign in with Apple token. There is no grace period and no recovery, and deletion does not refund past purchases. The Owner retains records of purchases (amount, date, and tax collected) as required for accounting and tax purposes; those records no longer identify a playable account. Where an account is linked to more than one sign-in identity, deletion covers the entire linked set.
To remove some of your data without deleting the whole account — for example a single character, together with its vault, in-game mail, and block lists — see play.ghosttrack.com/delete-data.
The Data Controller does not knowingly collect or permit the storage or use of any personally identifying information from children under thirteen years of age. All products and services of the Data Owner, including online services and mobile products, are intended for general audiences over the age of thirteen only.
The Data Controller and Data Owner recognize a special need to protect the personal information of children. If users identify themselves as being children (i.e. under the age of thirteen or under the minimum age in the relevant territory), the user shall have no access to any mobile products of the Data Owner, and any information collected online (if any) shall only be in accordance with applicable law. If the Data Owner and/or Data Controller receives notice that a user is under thirteen years of age, the Data Owner and/or Data Controller shall take all applicable steps to remove that user's information and account from the Data Owner's products or services, consistent with applicable law. If users identify themselves as being over thirteen but under eighteen, consistent with applicable law, the Data Controller may, in its sole and exclusive discretion: (1) bar the user from inputting personal information into any mobile product or online service; (2) collect certain information for limited purposes only (consistent with applicable law); (3) block or restrict the child from accessing relevant services (such as chat functionality); and/or (4) obtain consent from parents as necessary for the collection, use, and sharing of their children's personal information.
Notwithstanding the foregoing, the Data Controller may, in its sole and exclusive discretion, and regardless of the user's age, suspend the user, its account and any related online services and/or mobile products used by such user. The Data Controller may also investigate any user's account, information and any and all related materials, as well as request additional information from the user regarding the user's account to verify the age of such user.
The Data Controller and Data Owner urge parents to instruct their children to never give out their real names, addresses, phone numbers, or other personally identifying information without parental permission, when using any mobile applications or partaking in any online activity. The Data Controller and Data Owner also recommend that parents familiarize themselves with parental controls available on consoles, mobile telephones, tablets and other devices they provide to their child and accompany their child if less than thirteen years of age. Parents should contact the Data Owner immediately if they have any concerns, using the contact information provided in this Privacy Policy.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Owner may be required to reveal Personal Data upon request of public authorities.
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (system logs) or use other Personal Data (such as the IP address) for this purpose.
This Application does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor “Do Not Track” requests, please read their privacy policies.
The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application and/or — as far as technically and legally feasible — sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the top. Should the changes affect processing activities performed on the basis of the User's consent, the Owner shall collect new consent from the User, where required.
Ghost Track Inc. — PO Box 2099 — Kirkland, WA 98083 (USA)
Owner contact email: steve.yegge@gmail.com · Support: support@ghosttrack.com