Skip to main content
Play
Legal documents

Privacy Policy

How we collect, use and protect your data. Compliant with 152-FZ and GDPR.

Last updated: 2026-05-16 GDPR compliant

1. General provisions

This Privacy Policy (the "Policy") defines the procedure for processing and protecting personal data of users of the site xterium.com and Xterium mobile apps (the "Service").

By using the Service, you agree to the terms of this Policy. If you do not agree — stop using the Service.

2. Personal data operator

Operator: Nicholas Todeschini, Italy, Via Trasimeno 22 Busto Garolfo, Milan MI. 20038.

Contact for inquiries: support@xterium.com

3. What data we collect

When registering and using the Service, we may collect:

  • Registration data: email address, game login (nickname), password (stored encrypted).
  • Technical data: IP address, browser type, operating system, mobile app version, device identifier.
  • Game data: game statistics, in-game activity, in-game chat messages.
  • Cookies: for authentication, saving language preferences, analytics.
  • OAuth data: when signing in via Google — email and Google account identifier (with your consent).

4. Processing purposes

  1. Identifying the user upon authentication.
  2. Providing game services.
  3. Communicating with the user (notifications, support, access recovery).
  4. Improving Service quality (analytics, statistics).
  5. Ensuring security and preventing abuse.
  6. Compliance with legal requirements.

We process personal data on the basis of:

  • your consent expressed at registration;
  • necessity for performance of the User Agreement;
  • requirements of Russian law (152-FZ "On Personal Data") and EU law (GDPR) for the relevant users.

6. Storage and protection

Personal data is stored on protected servers. Access is restricted to authorized staff bound by confidentiality. Technical and organizational measures protect data from unauthorized access.

Retention period: until the user deletes the account or until the Service is shut down.

7. Sharing with third parties

We do not sell or transfer your data to third parties, except in the following cases:

  • with your explicit consent;
  • when required by lawful authorities (court, law enforcement);
  • with contractors operating the Service (hosting, payment processors), bound by confidentiality.

Third-party services used:

  • Google Sign-In — for signing in with a Google account.
  • YooKassa — for accepting payments.

8. Cookies

We use cookies for:

  • authentication (required for the Service to function);
  • saving language preferences;
  • analytics and UX improvements.

You can disable cookies in your browser settings, but this may limit Service functionality.

9. Your rights

Under 152-FZ and GDPR you have the right to:

  • receive information about data we process about you;
  • request correction, blocking or deletion of data;
  • withdraw consent to processing (equivalent to account deletion);
  • lodge a complaint with a supervisory authority. EU residents: Garante per la Protezione dei Dati Personali (garanteprivacy.it) or the DPA in your country of residence. Russian residents: Roskomnadzor.

Send requests to support@xterium.com. Response within 30 days.

10. Protection of children's data

The Service is not intended for persons under 13. If you become aware of such a user — let us know.

11. GDPR Art. 13 — Detailed information

Summary of mandatory disclosures under Art. 13 GDPR:

11.1 Retention period by category

  • Email + password: until account deletion + 30 days.
  • IP address + device: 12 months (security).
  • Chat / forum: 12 months or until deleted by the user.
  • Payment data (PayPal/Xsolla/Robokassa): 10 years (RF tax legislation).
  • Analytics (aggregated): 26 months.
  • Cookie consent log: 3 years (proof of consent).

11.2 Cross-border data transfers

  • Italy → USA (Google OAuth + PayPal) — EU-US Data Privacy Framework (Adequacy Decision C(2023) 4745 of 10.07.2023).
  • Italy → Russia (Robokassa) — Standard Contractual Clauses (Decision 2021/914) + GDPR Art. 49(1)(b) "necessary for the performance of a contract".
  • Italy → Cyprus (Xsolla) — within the EU, adequate jurisdiction.
    Hosting — servers in Russia. EU residents — under SCCs.

11.3 Automated decision-making

We do NOT carry out automated decision-making (including profiling) within the meaning of GDPR Art. 22. Marketing cookies (with your consent) are used for general analytics, not individual profiling.

11.4 Obligation to provide data

Email and password are required to create an account (contractual necessity, Art. 6(1)(b)). Without them the Service cannot be provided. Consent to marketing is voluntary and can be withdrawn at any time.

11. Policy changes

We may periodically update this Policy. Material changes are published on this page with the update date. By continuing to use the Service after changes, you accept the updated version.

12. Contacts

For all questions about personal data processing: support@xterium.com

This Policy is an integral part of the Xterium User Agreement.

Questions about data processing?

Write to us — we will respond within 30 days (as required by 152-FZ).

support@xterium.com User Agreement