UF OnlineOpen the console

UF Online — Privacy Policy

This policy covers UF Online's processing as a data controller of account/portal/billing data. Player data we handle for server owners is processed as a processor under the separate Data Processing Agreement (DPA) — for that data the server owner is the controller (see §3).

Effective date: 7 July 2026 · Last updated: 7 July 2026


1. Who we are

UF Online is operated by DaemonForge Development ("DaemonForge", "we", "us"), a sole proprietorship registered in Ontario, Canada, parent site daemonforge.dev. We are the data controller for the personal data described in §4.

  • Privacy contact: privacy@daemonforge.dev
  • EU/EEA & UK data-protection matters (GDPR / UK GDPR Art. 27): contact privacy@daemonforge.dev
  • Contact address: available on request at privacy@daemonforge.dev

2. Scope of this policy

This policy explains how we handle personal data where we are the controller — i.e. data about account holders / server owners (our customers) and visitors to our website and portal.

3. Data we process for our customers (we are a processor, not a controller)

When a customer connects their DayZ server, we store and process end-player data on their behalf (e.g. DayZ/Steam/BattlEye GUIDs, Discord identifiers, in-game data, AI chat content, generated voice/images, hashed IP-derived identifiers). For that data the customer (server owner) is the controller and we act only on their instructions under the DPA. If you are a player and want to exercise your rights over that data, please contact the server owner / community whose server you play on; we will assist them as required. (Note: hashed IPs and game IDs can still be personal data — we treat them as such.)

4. Personal data we collect (as controller)

CategoryExamplesSource
Identity & accountname/handle, email, organisation, account + hive rolesyou / sign-in
Authenticationlogin identifiers and, if you use social sign-in, the identifier + email from your chosen sign-in provideryou / your sign-in provider
Billingsubscription tier, credit balance, invoices, billing name/country, VAT id (business). We do not store card numbers — payments are handled by our payment processoryou / payment processor
Usage & analyticsportal/API request logs; product analytics — pages viewed, referrer, device/browser, approximate region (from IP, not stored in the clear), on-page interaction/heat-map data, and feature-usage events. When you are signed in, these events are associated with your account. IP address (hashed where retained as activity), error logs, audit eventsautomatically
Support & commsmessages you send us, tickets, emailsyou
Cookies/similarsee our Cookie Noticeyour device

We collect only what we need to run and secure the Service. We do not intentionally collect special-category data, and we do not use customers' or players' data to train AI models.

5. Why we use it, and our lawful bases (GDPR Art. 6)

PurposeLawful basis
Provide, operate and secure the Service; manage your account, hives, keysContract (Art. 6(1)(b))
Billing, credits, tax/VAT, fraud prevention, record-keepingContract + Legal obligation (6(1)(c)) + Legitimate interests (6(1)(f))
Security, abuse/limit enforcement, audit loggingLegitimate interests (security)
Service emails (essential notices)Contract / legitimate interests
Marketing emailsConsent (and CASL opt-in) — withdraw any time
Product analytics (cookieless — usage, heat-maps, feature events)Legitimate interests — object any time

6. AI features

Some features send text (and optionally other content) to third-party AI providers (see §7) to generate responses, voice, images, embeddings, or moderation signals. AI output is automatically generated and may be inaccurate. Where you interact with AI, we (and our customers as deployers) disclose this and label synthetic media as required by the EU AI Act.

7. Who we share data with

We share personal data only with the limited categories of service providers needed to run the Service, each under a data-processing agreement:

  • Cloud hosting / infrastructure providers (compute, storage, network/edge security);
  • a payment processor (billing; card data is handled by them, not us);
  • AI providers (to generate AI responses, voice, images, and embeddings from content sent to the feature);
  • social sign-in providers (only if you choose social login — limited account identifiers).

The named list of our current sub-processors, with their locations and transfer safeguards, is maintained at Sub-processor List. We also disclose data where required by law, to enforce our terms, or in a business transfer.

8. International transfers

We are based in Canada, which holds an EU adequacy decision for commercial data, so EU→Canada transfers to us need no additional safeguards. Onward transfers to US sub-processors rely on the EU-US Data Privacy Framework where the provider is certified, otherwise Standard Contractual Clauses + a transfer impact assessment. We prefer EU regions/residency where available.

9. How long we keep it

We keep personal data only as long as needed for the purposes above:

  • Account data — for the life of your account + 90 days after closure.
  • Billing/tax records — 7 years (Canadian tax) and 10 years for EU VAT records.
  • Logs/audit — 90 days (security/abuse), longer where needed for a security incident.
  • Support — 24 months.

Then we delete or anonymise. (Player data retention is set by the customer/controller via the DPA.)

10. Your rights (GDPR/UK GDPR; PIPEDA where applicable)

You can request: access, rectification, erasure, restriction, portability, objection, and to withdraw consent. To exercise them, contact privacy@daemonforge.dev. You may also lodge a complaint with your EU/EEA supervisory authority (or, via our EU representative, the authority where you live), the UK ICO, or the Office of the Privacy Commissioner of Canada. We respond within the legally required time (generally 1 month under GDPR). For player data, route requests to the relevant server owner (§3).

11. Cookies & analytics

We keep this minimal. The portal uses only strictly-necessary cookies/local storage (sign-in, security, preferences), which require no consent. For product analytics we use cookieless analytics — pages viewed, on-page interaction/heat-map data, and feature-usage events — that set no tracking cookies and do not track you across other websites; when you are signed in, these events are linked to your account. We process this under legitimate interests (operating, securing and improving the Service), and you can object at any time (§10). Because we set no non-essential cookies, no cookie-consent banner is required. Details in our Cookie Notice.

12. Children

UF Online (the management product) is not directed to children and is for users 18+. We do not knowingly collect data from children through the portal. Player communities may include minors; handling minors' data is the server owner's responsibility as controller (incl. GDPR Art. 8 age-of-consent), supported by tools we provide.

13. Security

We use appropriate technical and organisational measures (encryption in transit/at rest, access controls, IP hashing, secrets management, audit logging, least privilege). No system is perfectly secure; we maintain a breach-response process and will notify you and/or regulators where legally required (GDPR 72-hour controller path).

14. Marketing

We send marketing only with your opt-in consent (GDPR + Canada's CASL); every marketing email has an unsubscribe. Service/transactional messages are not marketing.

15. Changes

We may update this policy; material changes will be notified via the portal or email. The "Last updated" date reflects the current version.

16. Contact & complaints

Questions or requests: privacy@daemonforge.dev. EU/EEA residents may also contact our Art. 27 representative (§1) or their local supervisory authority.