Privacy Policy
This policy describes how we collect, use, and protect your personal information.
Version 1.0 — KORDU LTD ("we", "us", "our") respects your privacy and is committed to protecting it. This policy explains what personal information we collect, how we use it, how we share it, and your rights.
1. Scope
This Privacy Policy applies to personal information processed in connection with:
- All game servers and services operated by KORDU LTD
- Our websites: kordu.gg, kordu.co.uk, kordu.net, kordu.uk, justified.co, darkrp.uk
- Account services and authentication (Steam, Discord login)
- Customer support and moderation
- In-game purchases and transactions
- Any other products or services provided by KORDU LTD
This policy does not apply to third-party websites or services we do not control. When you leave our properties, the privacy policies of those third parties apply.
2. Key Definitions
- "Personal information" means any information that identifies or could reasonably be linked to an identifiable individual.
- "Processing" means any operation performed on personal information (collecting, storing, using, disclosing).
- "Controller" means the party which determines the purposes and means of processing.
- "Child" is interpreted per local law: under 13 (UK/US), or 16 by default under GDPR (may be 13-16 by Member State).
3. Data Controller
KORDU LTD is the data controller responsible for your personal information. We are incorporated in England and Wales.
KORDU LTD
First Floor Office, 3 Hornton Place
London, W8 4LZ
United Kingdom
Company Registration: 16836154
4. Information We Collect
The types of personal information we collect depend on the services you use and how you interact with us. We may collect the following categories:
4.1 Account and Identifiers
- Username, display name, email address
- Age or birth year (for age gating where required)
- Country/region
- Steam ID, Discord ID, and linked platform identifiers
- Authentication tokens and hashed passwords
4.2 Gameplay and Activity
- In-game profile and statistics
- Playtime, achievements, and progression
- In-game chat messages and voice communications
- Reports, appeals, and moderation history
4.3 Device and Telemetry
- IP address and approximate location (country/region)
- Device type, operating system, browser
- Language and time zone preferences
- Performance metrics and crash logs
- Feature usage and analytics events
4.4 Anti-Cheat and Security
- Runtime integrity checks
- Suspicious process signatures
- Device/account linkages for ban evasion detection
- Enforcement history (bans, warnings, kicks)
4.5 Payments and Transactions
Payments are processed by third-party providers (Tebex, PayPal, Stripe). We receive limited details such as transaction ID, status, items purchased, and billing country — but never full payment card numbers.
4.6 Communications
- Support tickets and feedback
- Survey responses
- Email preferences and marketing consent
4.7 Cookies and Similar Technologies
We use cookies, local storage, and similar technologies for core functionality, security, and analytics. For details, see our Cookie Policy.
We do not seek to collect special categories of personal information (e.g., health, biometric, racial/ethnic origin) and ask that you do not include such information in communications or user content.
5. Sources of Personal Information
We collect personal information from:
- Directly from you (account creation, gameplay, support, settings)
- Automatically from your use of our services (telemetry, cookies)
- From third parties (Steam profile data, Discord profile, payment providers, anti-cheat systems)
6. How We Use Your Information and Legal Bases
We use personal information for the following purposes, based on our contracts with you, our legitimate interests balanced with your rights, legal obligations, and your consent where required:
| Purpose | Examples | Legal Basis |
|---|---|---|
| Provide and operate services | Create accounts, run game servers, enable features | Contract; Legitimate interests |
| Safety, security, and anti-cheat | Detect cheating, prevent abuse, protect accounts | Legitimate interests; Legal obligation |
| Customer support | Respond to tickets, service messages, notices | Contract; Legitimate interests |
| Improve and develop services | Fix bugs, measure performance, optimize features | Legitimate interests |
| Payments and compliance | Process purchases via Tebex, tax records | Contract; Legal obligation |
| Marketing (adults only) | Newsletters, promotions, updates | Consent (opt-in) |
| Legal and regulatory | Enforce terms, defend claims, comply with law | Legal obligation; Legitimate interests |
Where we rely on legitimate interests, our interests include: keeping services secure and fair (anti-cheat, fraud prevention), operating and improving our games, ensuring network security, and communicating with you. You have the right to object at any time (see Section 12).
For UK/EU individuals, we obtain prior consent before sending marketing emails unless the "soft opt-in" applies (you provided details in context of a purchase and we gave a clear opt-out). You can withdraw consent or opt out at any time.
7. Children's Privacy
We design with safety and privacy by default for younger users. We do not knowingly collect personal information from children without parental consent where required by law:
- Under 13 in the UK and US (COPPA)
- Under 16 by default in the EU under GDPR (may be 13-16 by Member State)
Parents/guardians can review, delete, or withdraw consent for a child's data by contacting privacy@kordu.gg. If we learn we have collected personal information from a child without verifiable parental consent, we will delete or anonymize that information.
In the UK, where our services are likely to be accessed by children, we apply the UK Age Appropriate Design Code, including high-privacy defaults, data minimization, and age-appropriate transparency.
9. Sharing and Disclosure
We may share your personal information as follows:
Service Providers
- Cloud hosting (Cloudflare, infrastructure providers)
- Payment processors (Tebex, PayPal, Stripe)
- Analytics services (privacy-focused)
- Customer support and moderation tools
- Anti-cheat and security vendors
Providers are contractually obligated to keep data confidential and use it only per our instructions.
Legal Requirements
- To comply with court orders, laws, or legal process
- To respond to lawful government or regulatory requests
- To investigate fraud or protect rights, property, and safety
- To enforce our Terms of Service and other agreements
Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity.
We do NOT sell your personal information. We do not share personal information for cross-context behavioural advertising.
10. International Transfers
We operate globally. Your data may be processed in the UK, EU, United States, and other jurisdictions. When transferring personal information across borders, we use appropriate safeguards:
For EU/EEA Residents
- UK adequacy decision for transfers from EU to UK
- EU Standard Contractual Clauses (SCCs) with supplementary measures for non-adequate countries
- EU-US Data Privacy Framework where recipients are certified
For UK Residents
- UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
- UK-US Data Bridge where recipients are certified
We implement contractual and technical measures with our processors (including Cloudflare) consistent with applicable laws. Contact us for details about safeguards in place.
11. Security
We implement appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, alteration, and disclosure:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Password hashing using secure algorithms (Argon2id)
- Access controls and principle of least privilege
- DDoS protection via Cloudflare
- Regular security audits and vulnerability assessments
- Employee training on data protection
No system is perfectly secure. If we learn of a breach impacting your data, we will notify you and regulators as required by law (within 72 hours for GDPR breaches). For more details, see our Security page.
12. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy or as required by law. Typical retention periods:
| Data Category | Typical Retention Period |
|---|---|
| Account information | While account is active + 2 years |
| Profile and preferences | While account is active |
| Game statistics and activity | While account is active + 1 year |
| Chat and moderation logs | Up to 18 months |
| Anti-cheat and security data | Up to 5 years (ban evasion prevention) |
| Payment and transaction records | 7 years (legal requirement) |
| Support tickets | 3 years after closure |
| Analytics and telemetry | 12 months, then aggregated/anonymized |
| Backup copies | 90 days after deletion request |
Backups are retained and cycled on fixed schedules and may temporarily contain data outside a retention period.
13. Automated Decision-Making
We use automated systems to detect cheating, fraud, spam, and platform abuse. These systems may temporarily restrict features or flag accounts for review.
Significant enforcement actions (such as permanent bans) involve human review and an appeal path. We do not take decisions based solely on automated processing that produce legal effects concerning you without human oversight.
14. Your Rights
Your rights depend on where you live. You can exercise them by contacting privacy@kordu.gg.
UK and EU/EEA (GDPR)
- Access — Request a copy of your personal data
- Rectification — Correct inaccurate information
- Erasure — Request deletion of your data
- Restriction — Limit how we process your data
- Portability — Receive your data in a portable format
- Object — Object to processing based on legitimate interests
- Withdraw consent — Revoke previously given consent at any time
- Lodge a complaint — File a complaint with a supervisory authority
You have an absolute right to object at any time to direct marketing (including profiling for marketing). We will respond within one month.
United States (California CCPA/CPRA)
- Know/Access — Request what personal information we collect
- Delete — Request deletion of your personal information
- Correct — Request correction of inaccurate data
- Opt-out of sale/sharing — We do NOT sell or share data, but you can submit a request
- Non-discrimination — We will not discriminate against you for exercising rights
We will respond within 45 days.
Other Jurisdictions
Residents of Brazil (LGPD), Canada (PIPEDA), Australia, and other jurisdictions may have additional rights. Contact us to exercise your rights under your local laws.
15. Choices and Controls
- Account settings — Update your profile and preferences in your account dashboard
- Email — Unsubscribe links are included in all non-essential emails
- Cookies — Adjust preferences via our cookie banner or browser settings
- In-game — Manage privacy settings within game servers where available
- Objections — Where we rely on legitimate interests, you can object and we will honor it unless we have compelling grounds
16. Exercising Your Rights
To exercise your privacy rights, contact us at privacy@kordu.gg. We may need to verify your identity before processing your request.
KORDU LTD — Data Protection
First Floor Office, 3 Hornton Place
London, W8 4LZ
United Kingdom
Company Registration: 16836154
Complaints to Regulators
You have the right to lodge a complaint with your local data protection authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EU: Contact the supervisory authority in your Member State
- USA: State Attorney General or FTC
17. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent website notice, with a new effective date. Your continued use of our services after the effective date means you accept the updated Policy.
18. Contact Us
For privacy inquiries, questions, or to exercise your rights:
KORDU LTD — Data Protection
For general inquiries, contact us at contact@kordu.gg.