1. Controller and contact
The controller under data protection law is Ricup Technologies GmbH, Franziskanerstraße 28, 81669 München, Germany ("Ricup", "we", "us").
For privacy requests, contact legal@echoesofesker.com.
2. Scope and basic distinction
This notice applies to the Echoes of Esker website, accounts and public pre-alpha game. Most game data stays on your device. Data reaches us or another provider only for the specific online functions described below.
"Personal data" means information relating to an identified or identifiable person. Legal-basis references below are to Article 6(1) of the EU General Data Protection Regulation (GDPR).
3. Website, accounts and downloads
Website delivery and security logs
When you visit the website, our hosting and delivery providers process data needed to send it to you and protect it: IP address, date and time, requested path, response status, referring page when supplied, and basic browser or device information. We use this for reliable and secure delivery on the basis of our legitimate interests (Article 6(1)(f) GDPR). Storage or access on your device is limited to what is strictly necessary for the service unless you consent to analytics. Application, security and backup logs are retained for no more than 30 days.
Account and authentication
A free account is required to access public pre-alpha downloads. Supabase processes your email address, an account identifier, account creation and last-sign-in times, access role and authentication records. Essential authentication cookies keep you signed in. We process this to create and perform the account agreement and take steps you request before it is formed (Article 6(1)(b) GDPR). Required age and territorial declarations are stored by version, but we do not collect your date of birth, IP address, country, User-Agent or GeoIP result for that purpose.
Terms acceptance and downloads
When you accept the current Terms and request a build, we store the accepted document version and hash, server time, initial build and platform, and the transactional-email confirmation message ID. We do not keep a general download history. Cloudflare R2 creates a signed download address that expires after five minutes and processes the network data needed to deliver the archive. These operations perform the contract (Article 6(1)(b) GDPR). After account erasure, minimum proof of an accepted agreement contains a keyed HMAC of the normalized email, its HMAC-key version, the Terms version and hash, initial build and platform, acceptance and closure times, and expiry time; it does not contain the raw email. This proof may be retained for six years after account closure to establish or defend legal claims (Article 6(1)(f) GDPR and applicable record-limitation rules).
Transactional email and correspondence
Resend sends magic links, Terms confirmations and other transactional messages. Message and delivery data may be stored in the United States; dispatch is configured through its Ireland region. Open and click tracking are disabled. Transactional email data is retained for no more than 30 days except where the message is itself required as contract evidence. If you email us, Proton AG processes the correspondence in Switzerland. Closed legal and support correspondence is normally retained for three years, and longer only when a legal claim or duty requires it.
Local website preferences
The website stores your selected color theme locally. It also uses a necessary first-party privacy-preference cookie containing your analytics decision, notice version, decision time and, where applicable, that you explicitly overrode a browser privacy signal. The cookie is stored for up to six months. These values do not identify your account and are needed to remember your choices.
4. Mandatory technical diagnostics
We use Sentry in its EU region for narrowly configured error and crash diagnostics on the website and in the game. An automatic report may include the exception type and sanitized stack trace, release, operating-system family and version, platform, coarse hardware class, and allowlisted technical action codes. It does not include account identity, a stable device identifier, request bodies, cookies, headers, query strings, full local paths, dialogue, prompts, API keys or AI-provider response bodies.
These diagnostics are required to keep the pre-alpha secure and operational. We rely on our legitimate interests in detecting defects, protecting the service and improving stability (Article 6(1)(f) GDPR), balanced by data minimization and redaction. Sentry data is retained for no more than 30 days. You cannot disable this narrow automatic reporting while using a build that includes it; you can avoid it by not running that build.
5. Optional analytics
PostHog analytics are optional and run only after your consent (Article 6(1)(a) GDPR). The website offers equally prominent choices to allow analytics or continue without them. The game does the same before Play. Refusal does not restrict the website, account, download or game. A browser Global Privacy Control or Do Not Track signal disables website analytics by default. You may later make an explicit choice in Privacy settings to allow analytics for this site despite that signal.
After consent, the website creates a random website installation identifier and may record route-only page views, login-link outcomes, portal views and build-download starts. The game creates a separate random game installation identifier and may record launch and session information, save operations, areas, combat, abilities, crafting and inventory actions, objectives, NPC and model identifiers, AI request timing and outcomes, errors and performance. We do not use autocapture, session replay, heatmaps, surveys, person profiles or other profiling, account identifiers, email, prompts, dialogue, generated output, free-form input, full paths, query strings, referrers or precise location.
The game stores the decision (Unknown, Granted or Denied), notice version and decision time in user://privacy.cfg, and stores the random game identifier there only after consent. A consented offline analytics queue is kept for no more than seven days. PostHog is configured in its EU region and received analytics records are retained for no more than 90 days. You can withdraw consent at any time through Privacy settings on the website or in the game. Withdrawal stops future collection and immediately clears the local queue and random identifier; it does not affect earlier lawful processing. Privacy settings displays the current anonymous identifier before reset so you can include it in an erasure request to legal@echoesofesker.com.
6. Data on your device and AI features
Local game data
Save files, settings, screenshots, downloaded models and NPC conversations are stored on your device. The game examines processor, memory and graphics information locally to recommend a suitable model. This local information is not sent to us except for the limited, coarse diagnostic or consented analytics properties described above. You control local files through your operating system and can delete them there.
Supported local AI and model downloads
The supported NPC AI runs locally. When you choose a model, your device downloads it directly from Hugging Face. Hugging Face and the relevant model publisher may receive ordinary request data such as your IP address, User-Agent and requested file under their own privacy terms. We do not receive your prompts or generated dialogue from local inference.
Unsupported remote-provider configuration
An advanced developer route can be configured to use a player-selected OpenAI-compatible provider. It is unsupported. If you enable it, the base address, model and API credential are stored in plaintext in local settings, and prompts plus relevant conversation or game context are sent directly to the provider you select. Ricup does not receive or control that data. Review the provider's privacy notice and terms before enabling it, and do not use a credential or submit content you are unwilling to share with that provider.
Optional crash attachments
After a crash, a later game launch may offer separately unchecked and previewable attachments: redacted logs up to 256 KiB, the latest 20 dialogue messages or 32 KiB, and optional free text up to 2,000 characters. Nothing is attached automatically. If you confirm, we process only the attachments you selected, with your consent (Article 6(1)(a) GDPR), through Sentry. Skip content that contains private information. The local bundle is deleted when sent or skipped, and in any event after seven days; the submitted report is deleted from Sentry within 30 days. You may withdraw consent for future reports at any time, but a report already used to investigate a defect may still be retained where our overriding legal interests require it.
7. Service providers and international transfers
We disclose data only as needed to the following recipients, which process it for us or provide a service directly to you:
- Vercel
- Website hosting and global content delivery; request and security data may be processed outside the EEA.
- Supabase
- EU-region authentication and account database services.
- Cloudflare R2
- EU-region build storage and global download delivery.
- Resend
- Transactional email; United States metadata storage with Ireland dispatch.
- Proton AG
- Legal and privacy correspondence in Switzerland.
- Sentry
- EU-region error and crash diagnostics.
- PostHog
- EU-region consented product analytics.
- Hugging Face and model publishers
- Direct model downloads requested by your device, under their own terms.
- Your selected remote AI provider
- Prompts and context only if you deliberately enable the unsupported remote configuration.
Where a processor handles data outside the European Economic Area, we use an adequacy decision where available or contractual safeguards such as the European Commission's standard contractual clauses, together with supplementary measures where appropriate. Switzerland is recognized by the European Commission as providing adequate protection. You may request information about the safeguard relevant to your data.
8. Retention
We keep personal data only for the purpose and period described in this notice. The principal maximum periods are:
- Application, security and backup logs
- 30 days
- Transactional email data
- 30 days
- Sentry diagnostics
- 30 days
- PostHog analytics
- 90 days
- Privacy preference cookie
- 6 months
- Closed support and legal correspondence
- Normally 3 years
- Minimum proof of accepted Terms
- 6 years after account closure
Your active account and required access records remain until you request deletion or we close the account service. A legal hold, unresolved dispute, security investigation or binding retention duty may require a longer period for the affected record. Data is then restricted to that purpose and deleted when the reason ends.
9. Your rights and choices
Subject to the conditions in the GDPR, you may request access to and a copy of your data, correction, erasure, restriction, portability, and information about recipients. You may object to processing based on legitimate interests for reasons arising from your situation. We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.
You may withdraw consent at any time without affecting processing before withdrawal. Use Privacy settings for analytics or contact legal@echoesofesker.com. To delete an account, email that address; we will normally verify the request with a fresh magic link and will not ask for an identity document unless reasonably necessary. Deleting the account does not delete files stored only on your device.
You may complain to a data protection authority, in particular the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, www.lda.bayern.de.
10. What is required
- Website delivery, security data, an email account, authentication cookies, eligibility declarations, current Terms acceptance and delivery data are required to provide account-gated builds. Without them, we cannot create the account or supply a download.
- Narrow technical diagnostics are a condition of running a build that includes them. They cannot be disabled in that build.
- PostHog analytics and detailed crash attachments are optional. Refusal has no effect on access.
- A model download is needed for supported NPC AI. The unsupported remote AI route is never required.
11. Uses we do not make
We do not sell personal data, use it for targeted advertising, send marketing email, merge analytics with accounts, profile you, operate cloud saves, or provide multiplayer communication. We do not use your prompts or NPC dialogue to train AI models.
12. Changes to this notice
We will update this notice when our processing materially changes. The version and effective date at the top identify the current text. Where required, we will provide additional notice or ask for fresh consent before a new use begins.