Privacy Policy
EFFECTIVE: JANUARY 1, 2026
This Privacy Policy explains how Bolt Automations ("we," "us," or "our") collects, uses, and protects your personal information when you use Auto-Mechs: Infinite Arena.
Operator: Bolt Automations, Uppsala, Sweden
Contact: [email protected]
SUMMARY
WHAT WE COLLECT:
- Your email and username to create your account
- Your game progress so you don't lose it
- Your purchase history if you buy anything
- Technical information needed to run the game
WHAT WE DON'T COLLECT:
- Your real name (unless you use it as username)
- Your physical address
- Your phone number
- Your payment card details (Stripe handles that)
1. Information We Collect
ACCOUNT DATA
When you create an account, we collect:
| DATA TYPE | PURPOSE |
|---|---|
| Email address | Account identification, password reset |
| Username | Display name, leaderboards |
| Password | Authentication (hashed, never stored in plain text) |
| Account creation date | Account management |
| Last login timestamp | Security, activity tracking |
GAMEPLAY DATA
We automatically collect gameplay data including:
- Game progress and save states
- Combat statistics for achievements and daily quests
- PvP battle history for leaderboards and matchmaking
- Item ownership and inventory
- In-game currency balance
- Achievement progress
PAYMENT DATA
If you make purchases, we receive from Stripe:
- Payment Intent ID (transaction reference)
- Customer ID (Stripe's identifier)
- Amount paid and currency
- Product purchased
- Purchase timestamp
Important: We do NOT store your full credit card numbers, CVV/security codes, bank account details, or billing addresses. All payment processing is handled securely by Stripe.
2. How We Use Your Information
| PURPOSE | LEGAL BASIS (GDPR) |
|---|---|
| Provide game service | Contract performance |
| Process purchases | Contract performance |
| Prevent fraud | Legitimate interest |
| Respond to support requests | Contract / Consent |
| Send service notifications | Legitimate interest |
| Improve game based on usage | Legitimate interest |
| Comply with legal obligations | Legal requirement |
We do NOT:
- Sell your personal data
- Share data with advertisers
- Use data for profiling
- Send marketing emails (unless you opt in)
3. Third-Party Services
We use the following third-party services to operate our game:
Stripe (Payments)
Processes all in-app purchases securely. We never receive or store your full card details.
Privacy Policy →Cloudflare R2 (Asset Storage)
Hosts game images and assets. No user data is stored here.
Privacy Policy →Railway (Database Hosting)
Hosts our PostgreSQL database containing gameplay and account data.
Privacy Policy →4. Cookies
We use only essential cookies required for the game to function:
| TYPE | PROVIDER | PURPOSE | DURATION |
|---|---|---|---|
| Authentication | Supabase | Session management | Session / 7 days |
| Essential | Next.js | CSRF protection | Session |
No tracking cookies. We do not use third-party analytics or advertising cookies.
5. Data Retention
| DATA TYPE | RETENTION | TRIGGER |
|---|---|---|
| Account data | Until account deletion | User request |
| Gameplay progress | Until account deletion | User request |
| Purchase records | 7 years | Legal requirement |
| Combat logs | 90 days | Automatic cleanup |
| PvP battle history | Until account deletion | User request |
6. Your Rights (GDPR/CCPA)
You have the following rights regarding your personal data:
- Access - Request a copy of all your personal data
- Rectification - Correct inaccurate data
- Erasure - Delete your account and associated data
- Portability - Export your data in a machine-readable format
- Restriction - Limit processing of your data
- Objection - Object to certain types of processing
- Withdraw Consent - Where consent is the legal basis
HOW TO EXERCISE YOUR RIGHTS
To exercise any of these rights, please email us at [email protected]. We will respond within 30 days.
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Passwords are hashed and never stored in plain text
- HTTPS encryption for all connections
- Supabase handles authentication security
- Stripe handles payment security (PCI DSS compliant)
- Managed database hosting with Railway
- Limited access to production data
- Regular security reviews
8. International Data Transfers
Your data may be processed in different locations through our service providers. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where applicable, to protect your data during international transfers.
9. Children's Privacy
Auto-Mechs: Infinite Arena is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. Parents or guardians who believe their child has provided us with personal information may contact us at [email protected].
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via in-game notice or email. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us: