Privacy Policy - Scrux.io

1. Who We Are

Scrux.io is operated by Jack Miller in the United Kingdom. For player account data and website data, Scrux.io acts as the data controller.

For privacy questions or rights requests, contact support@scrux.io.

2. What We Collect

Category	Examples	Purpose
Account data	Username, email address, password hash, role, account status, verification status, reset and verification tokens	Account login, recovery, verification, moderation, and player support
Connection and security data	Hashed IP address, country, region, ISP, ASN, timezone, proxy/VPN risk flags, CAPTCHA results, device/browser fingerprint hash	Fraud prevention, bot prevention, ban evasion checks, and game stability
Gameplay and community data	Nickname, stats, leaderboard data, chat messages, reports, moderation logs, clips, public clip likes and views	Provide gameplay features, enforce rules, and run community systems
Local preferences	Settings, nickname history, party-code history, rendering options, and similar browser storage	Remember your preferences and make the client easier to use

3. How We Use Data

Operate accounts, matches, leaderboards, skins, clips, and player settings.
Authenticate users and protect accounts from abuse.
Check email, IP, and connection risk using anti-abuse providers.
Validate CAPTCHA tokens during sensitive actions and connection checks.
Review chat, reports, clips, and server logs for moderation and support.
Diagnose outages, investigate attacks, and improve performance.

4. Legal Bases

Contract: running the game, accounts, purchases, clips, and progression features.
Legitimate interests: fraud prevention, safety, moderation, service security, and abuse prevention.
Legal obligation: responding to valid legal or regulatory requests.
Consent: only where an optional, non-essential feature legally requires consent. Scrux does not use player information for marketing.

5. Security and Anti-Abuse Checks

Scrux uses a mix of technical checks to reduce bots, cheating, ban evasion, account abuse, and server attacks.

IPQualityScore may be used for IP and email reputation checks.
ProxyCheck.io may be used as an IP proxy/VPN fallback when IPQualityScore is unavailable or rate limited.
Cloudflare Turnstile and Google reCAPTCHA may be used to confirm that sensitive requests are likely made by a real user.
Device fingerprinting is limited to basic browser/device signals and is used for abuse prevention, not advertising profiling.

6. Who We Share Data With

Provider	Use	Data involved
IPQualityScore	IP and email risk checks	IP address, email address, or related risk metadata depending on the check
ProxyCheck.io	Proxy, VPN, hosting, and connection-risk fallback checks	IP address and returned network/risk metadata
Cloudflare Turnstile and Google reCAPTCHA	Bot prevention	CAPTCHA tokens and related challenge metadata
Email delivery provider	Email verification and password reset messages	Email address, username, verification/reset links
Hosting, database, Redis, and security providers	Run the game and protect infrastructure	Operational data needed to provide the service
Discord moderation/support tooling	Staff alerts and support workflows	Limited account, moderation, report, or security metadata

We do not sell or rent personal data.

7. Cookies and Browser Storage

Scrux may use cookies, local storage, and similar browser storage for essential account sessions, security checks, remembered settings, nickname history, party-code history, and client preferences.

If optional, non-essential analytics are introduced, they will only be used where the required consent has been collected. Scrux does not use player information for marketing.

8. Clips and Public Content

When you save clips, they are linked to your account so you can manage them later. If you make a clip public, the clip name, owner username, preview, views, likes, and related public metadata may be visible to other players.

You can keep clips private, rename them, delete them, or change visibility where the clip tools allow it.

9. Retention

Account data is kept while the account remains active or as needed for support, safety, or legal reasons.
Private clips are kept until deleted, replaced by clip limits, or removed for operational reasons.
Public clips remain public until changed, deleted, or removed for moderation or legal reasons.
Security logs, hashed IPs, device fingerprints, and moderation records are kept only as long as needed for safety, investigations, abuse prevention, or legal compliance.
Verification and password-reset tokens expire and are removed or invalidated after use or expiry.

10. International Transfers

Some providers may process data outside the UK. Where required, Scrux relies on appropriate transfer safeguards such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to Standard Contractual Clauses, or equivalent contractual and security safeguards.

11. Your Rights

You may request access, correction, deletion, restriction, portability, or object to certain processing. You may also withdraw consent where processing is based on consent.

Email support@scrux.io to make a request. We aim to respond within one month, as required by UK data protection law.

You can also complain to the UK Information Commissioner's Office at ico.org.uk/make-a-complaint.

12. Security

Passwords are stored as hashes, not plaintext passwords.
Password reset and email verification tokens are hashed or time-limited where applicable.
Access to personal data is limited to people and systems that need it to run Scrux safely.
Rate limiting, logging, CAPTCHA checks, and anti-abuse checks help protect the service.

13. Children

Scrux is intended for players aged 13 and over. If you are a parent or guardian and believe a child has provided personal data without appropriate permission, contact us so we can review and remove it where appropriate.

14. Changes

We may update this Privacy Policy when gameplay, security, providers, or legal requirements change. Significant changes will be announced in-game, on Discord, or by email where appropriate.