Privacy Policy

Laryen treats users' personal data with care and does not collect, use, or provide personal data beyond the scope defined in this policy without the user's consent. The terms used in this policy are defined as follows.

• Personal data — information about a living individual that, by itself or in easy combination with other information, can identify a specific individual, such as name, email, or identifiers.
• User — any natural person who uses Laryen's website and game clients under this policy.
• Processing — the collection, generation, linkage, recording, storage, retention, editing, retrieval, output, correction, recovery, use, provision, disclosure, destruction of personal data, and other similar acts.

Laryen may collect the following items to provide the Service.

1) When using the website (laryen.com)

• Automatically collected: access IP, User-Agent, Referer, access time, page path.
• Provided directly by the user: the body of an inquiry email and the reply-to email address.

2) When signing up for / using the game client (applies after launch)

• Required: account identifier (e.g. email or social login identifier), authentication token, nickname, character progress data (level, experience, inventory, position).
• Optional: profile image, friend relationships, guild membership, chat messages.
• Automatically collected: device model, OS version, unique identifiers (IDFV / Android ID, etc.), access logs, in-game event logs, match packet statistics.

3) Payment and refund processing (applies after launch)

• Payment itself is processed by external payment providers such as the Apple App Store, Google Play, and Steam; Laryen receives only the receipt ID, transaction ID, and product ID needed for verification.
• Laryen does not collect or store sensitive payment-method data such as credit card numbers or CVC.

• Service delivery: account creation and authentication, character progress sync, real-time multiplayer matches, chat and guild features.
• Service improvement: analysis of anonymized gameplay statistics, balance verification of the deterministic Director AI's pressure model, bug diagnosis.
• User protection: detection and response to abuse, cheating, and macros; prevention of account theft.
• Customer support: replies to inquiries and complaints by email, refund processing, announcements.
• Legal compliance: retention of transaction and access records required by applicable laws.

Laryen destroys personal data without delay once the purpose of collection and use has been achieved. However, where retention is required by applicable laws, the data is kept for the period prescribed by those laws.

• Membership data: until withdrawal (destroyed immediately upon withdrawal; identifiers for abuse prevention kept for 30 days).
• Access logs / service usage records: 3 months, per the Protection of Communications Secrets Act.
• Records on labeling/advertising: 6 months, per the Act on Consumer Protection in Electronic Commerce.
• Records on contracts or withdrawal of subscription: 5 years.
• Records on payment and supply of goods: 5 years.
• Records on consumer complaints or dispute resolution: 3 years.

Laryen processes personal data only within the scope stated in this policy and does not provide it to third parties without the user's prior consent. The following are exceptions.

• Where the user has given explicit prior consent.
• Where there is a special provision in law, or a lawful request from an investigative authority.
• Where the data is processed and provided in a form that cannot identify a specific individual, for purposes such as statistics or academic research.

Laryen may entrust personal-data processing tasks to external parties for smooth service delivery, and when concluding an entrustment contract it specifies matters for securing safety under Article 26 of the Personal Information Protection Act.

• Infrastructure hosting and cloud services: VPS / container hosting providers (server operation, backups).
• Game backend: a self-hosted Heroic Labs Nakama instance (storage and processing of account, social, and match data).
• CDN and DNS: external CDN/DNS providers (static asset delivery, domain routing).
• Payment verification: platform providers such as Apple, Google, and Valve (Steam) (receipt verification, refunds).

※ The specific contents of entrusted tasks and any change of processor will be disclosed through this policy.

Users and their legal representatives may exercise the following rights regarding their personal data at any time, and Laryen takes action without delay in accordance with applicable laws.

• Request to access personal data.
• Request to correct or delete personal data.
• Request to suspend processing of personal data.
• Withdrawal of consent to the processing of personal data.

These rights may be exercised through the in-service settings menu or via the data protection officer's email at the bottom of this policy. Laryen verifies that the request is made by the user or a legitimate representative.

• Destruction procedure: personal data whose retention period has passed or whose purpose has been achieved is moved to a separate DB or file and destroyed after a set period, per internal policy and applicable laws.
• Destruction method: electronic files are deleted by an unrecoverable method (e.g. permanent deletion based on a secure deletion algorithm); printed personal data is shredded or incinerated.

• Transport encryption: all website and game API traffic is encrypted with TLS 1.2 or higher.
• One-way encryption of passwords (hash + salt).
• Access control: personal-data access is limited to minimal personnel, with separation of duties.
• Retention of access records and protection against forgery/alteration.
• Physical security: access control, CCTV, and locking provided by the infrastructure operator's data center.
• Periodic security checks and dependency vulnerability monitoring.

Laryen's website currently does not operate tracking cookies for advertising or personalized recommendations. However, it may use cookies or local storage for functional purposes such as login, session maintenance, language preference, and service improvement; in that case users can refuse or delete cookie storage through their browser settings. Note that refusing cookie storage may limit the use of some features.

Where Laryen collects the personal data of a child under the age of 14, it obtains the consent of the legal representative pursuant to Article 22 of the Personal Information Protection Act. If consent cannot be confirmed when collecting such data, the data is destroyed immediately.

Laryen designates a data protection officer who oversees personal-data processing and handles users' complaints and remedies related to such processing, as follows.

For other reports or consultations on personal-data infringement, you may contact the following organizations (Republic of Korea).

• Personal Information Infringement Report Center — privacy.kisa.or.kr / ☎ 118
• Personal Information Dispute Mediation Committee — kopico.go.kr / ☎ 1833-6972
• Supreme Prosecutors' Office Cybercrime Investigation — spo.go.kr / ☎ 1301
• National Police Agency Cyber Bureau — ecrm.cyber.go.kr / ☎ 182

This policy may be supplemented, deleted, or amended according to changes in law, government policy, or the Service, and any change will be announced at least 7 days before its effective date through this website's notices or this page. Where there is a material change to users' rights, it will be announced at least 30 days in advance.