Privacy Policy

AMIKO LEGENDS PRIVACY POLICY Effective Date: May 18, 2026 Last Updated: May 18, 2026

This Privacy Policy explains how Aurory Project (Sunlight Project Limited), a company incorporated under the laws of the British Virgin Islands with its registered office at 2nd Floor, Ellen L. Skelton Building, Fishers Lane, Road Town, Tortola, British Virgin Islands VG1110 ("Aurory Project", "we", "us", or "our"), collects, uses, shares, and protects personal data in connection with Amiko Legends, a light-MMO video game distributed via Steam (the "Game" or "Services").

Amiko Legends is a Web2 product launched in 2026 and is distinct from any prior product released under the same or similar name by Aurory Project.

This Policy is designed to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "EU GDPR"), the UK General Data Protection Regulation as it forms part of UK domestic law ("UK GDPR"), the UK Data Protection Act 2018, the U.S. Children's Online Privacy Protection Act ("COPPA"), the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA"), and other applicable data-protection laws.

1. CONTROLLER AND CONTACT

1.1 Data Controller. Aurory Project is the data controller for the personal data we process in connection with Amiko Legends, except where we expressly act as a processor on behalf of another controller.

1.2 Independent Third-Party Controller. Valve Corporation operates the Steam platform when you create or use a Steam account, complete a Steam Purchase, or otherwise use Steam services in connection with Amiko Legends. Valve acts as a separate, independent controller of the personal data it processes. Valve's processing is governed by the Steam Privacy Policy and the Steam Subscriber Agreement.

1.3 Privacy Contact. For privacy questions or to exercise your rights, contact:

Email (general): support@aurory.io
Email (data-subject requests): GDPR@aurory.io
Postal: Aurory Project, 2nd Floor, Ellen L. Skelton Building, Fishers Lane, Road Town, Tortola, British Virgin Islands VG1110

1.4 EU/UK Representative. Where required by Article 27 EU GDPR or UK GDPR, we have appointed an EU/UK representative. The current representative and contact details are published at amikolegends.io.

1.5 Data Protection Officer. We have not appointed a Data Protection Officer because we are not required to do so under Article 37 GDPR. Privacy enquiries are handled by the contact at Section 1.3.

2. PERSONAL DATA WE COLLECT

2.1 Account and Identification Data

Email address
Display name / in-Game username
Country / region (derived from IP or Steam)
Steam ID and Steam profile information made available by Valve (e.g., persona name, avatar, friends list where relevant for in-Game social features)

2.2 Trading and Soft-Currency Data

Amiko Legends includes in-Game peer-to-peer (P2P) trading of in-Game items and soft in-Game currencies (e.g., gems, crystals, and collectible resources used to improve Amikos, explore lands, and defeat bosses). For clarity, soft in-Game currencies and items in Amiko Legends are not cryptocurrencies, not tokens, not NFTs, have no monetary value outside the Game, are non-transferable to third-party platforms, and cannot be redeemed for cash.

In connection with P2P trading, we process: trade history (parties, items exchanged, timestamps), trade-chat content (for moderation and fraud prevention), and inventory balances before and after each trade.

2.3 Purchase and Transaction Data

Records of in-Game purchases, DLC, Battle Passes, Shop offerings, and Randomized Items. We do not receive your full payment instrument; payment is processed by Valve. Refund and chargeback records communicated by Valve. Tax-relevant region information.

2.4 Gameplay and Technical Data

In-Game progression, statistics, inventory, achievements, exploration progression, PvE matchmaking history
Device and system information: operating system, hardware identifiers, GPU/CPU model, drivers, language settings, crash logs, performance telemetry
IP address, log files, session timestamps
Anti-cheat telemetry (see Section 4)

2.5 Communications and Support Data

Messages you send to support, including via email or in-Game forms
Bug reports, screenshots, and attachments you submit
In-Game text or voice chat content (including trade-chat) where moderation, safety, or anti-cheat features apply. We do not record voice chat for retention purposes unless flagged for safety review.

2.6 Marketing and Research Data (only where permitted)

Newsletter subscriptions and preferences
Survey responses and playtest feedback you choose to provide

2.7 Cookies and Similar Technologies (amikolegends.io website only)

Strictly necessary cookies for site operation
Preference cookies (where you opt in)
Analytics cookies (where you opt in)

A separate cookie banner on amikolegends.io describes the specific cookies and lets you manage your choices.

We do not knowingly collect special categories of personal data (Article 9 GDPR) and ask that you not submit any such data through support or community channels.

3. PURPOSES AND LEGAL BASES

We process personal data on the following purposes and legal bases under Article 6 GDPR:

Purpose

Legal Basis

Account creation, gameplay, matchmaking, in-Game progression, customer support

Performance of a contract (Art. 6(1)(b))

Processing Steam in-Game purchases and refunds, tax compliance, accounting

Performance of a contract; legal obligation (Art. 6(1)(b), 6(1)(c))

Operating in-Game peer-to-peer trading and the soft-currency economy

Performance of a contract (Art. 6(1)(b)); legitimate interests in preventing trade fraud (Art. 6(1)(f))

Security, fraud prevention, anti-cheat, account-integrity enforcement

Legitimate interests in keeping the Services safe and fair, and the legitimate interests of other players (Art. 6(1)(f)); compliance with platform and legal obligations (Art. 6(1)(c))

Service improvement, analytics, bug fixing, performance monitoring

Legitimate interests; consent where required by ePrivacy/PECR for non-essential cookies (Art. 6(1)(f), 6(1)(a))

Marketing communications

Consent (Art. 6(1)(a)); you may withdraw consent at any time

Responding to legal requests, defending legal claims, regulatory compliance

Legal obligation; legitimate interests (Art. 6(1)(c), 6(1)(f))

Where we rely on legitimate interests, we have conducted a balancing assessment and you may request a summary by contacting us at GDPR@aurory.io.

4. ANTI-CHEAT AND ANTI-FRAUD PROCESSING

Amiko Legends uses anti-cheat technology, which may include Valve Anti-Cheat (VAC) and/or third-party anti-cheat software. Anti-cheat processing may include scanning of memory, processes, and files relevant to the Game while it is running, to detect cheats, exploits, and unauthorized modifications. The output of such scans is processed for the limited purpose of preserving game integrity and may include hashes, process names, and event metadata. Anti-cheat findings may result in match-level interventions, account sanctions, or referral to Valve. Where a third-party vendor is used, that vendor acts as our processor under a written data-processing agreement.

Anti-fraud processing additionally covers in-Game P2P trading (e.g., detecting trade scams, account theft, and currency-duplication exploits).

5. RECIPIENTS AND DISCLOSURES

We share personal data only with the following categories of recipients:

5.1 Valve Corporation, as an independent controller of Steam-side data and as a recipient of refund-related and account-integrity information necessary for platform operation.

5.2 Hosting and infrastructure providers (cloud hosting, content delivery, database services) acting as our processors.

5.3 Customer-support tooling providers acting as our processors.

5.4 Analytics, crash-reporting, and telemetry providers acting as our processors.

5.5 Anti-cheat vendors acting as our processors.

5.6 Professional advisors (legal, audit, tax) under duties of confidentiality.

5.7 Authorities, courts, or other parties where required by law, to protect our rights, or to address fraud, security, or safety concerns.

5.8 Acquirers or successors in connection with a corporate transaction (merger, sale, financing, reorganization), subject to confidentiality.

We do not sell personal data, and we do not "share" personal data for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

6. INTERNATIONAL DATA TRANSFERS

Aurory Project is established in the British Virgin Islands and uses service providers located in the United States, the European Economic Area, the United Kingdom, and other jurisdictions. Where we transfer personal data of EU, EEA, or UK residents to a country that has not received an adequacy decision, we rely on appropriate safeguards under Article 46 GDPR, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by additional measures where necessary. A copy of the relevant safeguards is available on request from GDPR@aurory.io.

7. RETENTION

We retain personal data only for as long as necessary for the purposes set out in this Policy:

Account data: for the duration of your account, plus up to two (2) years of inactivity, after which the account and associated personal data are deleted or anonymized, unless a longer period is required by law or to defend legal claims.
P2P trade history: up to three (3) years from the trade, for fraud-prevention and dispute-resolution purposes.
Purchase records: as required by applicable accounting and tax law (typically 5–10 years).
Anti-cheat and security records: up to seven (7) years where reasonably necessary to detect repeat offenders and defend legal claims.
Support communications: up to three (3) years from closure of the ticket.
Marketing data: until you withdraw consent or after 24 months of inactivity, whichever is earlier.
Cookies: as described in the cookie banner on amikolegends.io.

8. YOUR RIGHTS

If you are located in the EU, EEA, UK, or another jurisdiction granting equivalent rights, you have the right to:

Access your personal data and receive a copy
Request rectification of inaccurate data
Request erasure ("right to be forgotten") where applicable
Restrict or object to processing, including processing based on legitimate interests
Data portability for data processed by automated means on the basis of consent or contract
Withdraw consent at any time, without affecting the lawfulness of prior processing
Lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk; in the EU, your national Data Protection Authority)

To exercise your rights, email GDPR@aurory.io with subject line "SAR: user" (access) or "Delete: User" (erasure). We will respond within one (1) month and may request information to verify your identity.

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other U.S. states with comprehensive privacy laws have analogous rights (access, deletion, correction, opt-out of sale/sharing, opt-out of targeted advertising, opt-out of certain profiling). The same contact channels apply, and we do not discriminate against you for exercising these rights.

9. CHILDREN

Amiko Legends is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided personal data without your consent, please contact GDPR@aurory.io and we will delete the data in accordance with COPPA.

For users in the European Union and European Economic Area, the minimum age for consenting to our processing of personal data is 16, or such lower age (not below 13) as set by national law in the relevant member state. Where a user is below the applicable digital-consent age, we require verifiable consent from a parent or holder of parental responsibility.

In the United Kingdom, the minimum age for consent to information-society services is 13.

We rely on Steam's account-creation controls (Steam requires users to be at least 13) as a first layer of age assurance and may apply additional measures where required by law.

10. SECURITY

We implement appropriate technical and organizational measures, including encryption in transit, access controls, logging, vulnerability management, and vendor due diligence, to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. No system is completely secure; in the event of a personal data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by Articles 33 and 34 GDPR.

11. AUTOMATED DECISION-MAKING

We do not make decisions producing legal or similarly significant effects on you based solely on automated processing within the meaning of Article 22 GDPR. Anti-cheat sanctions may be informed by automated detections, but material account actions involve human review or established appeal channels via support@aurory.io.

12. THIRD-PARTY SERVICES

Amiko Legends depends on Steam (Valve Corporation). Steam's privacy practices are independent of ours and are governed by:

Steam Privacy Policy: store.steampowered.com/privacy_agreement/
Steam Subscriber Agreement: store.steampowered.com/subscriber_agreement/

We are not responsible for the privacy practices of third parties.

13. CHANGES TO THIS POLICY

We may update this Policy from time to time. The "Last Updated" date at the top reflects the most recent revision. Material changes will be notified through the Game, the Steam store page, the Steam Community announcements, the amikolegends.io website, or by email where appropriate. Continued use of the Game after the effective date of an update constitutes acceptance of the updated Policy, except where additional consent is required by law.

14. CONTACT

Aurory Project (Sunlight Project Limited) 2nd Floor, Ellen L. Skelton Building Fishers Lane, Road Town, Tortola British Virgin Islands VG1110

General: support@aurory.io
Privacy / data-subject requests: GDPR@aurory.io
EU/UK Representative: see amikolegends.io for current details