Legal Portal

LEGAL PORTAL / POLICIES

Privacy Policy

Last updated 5 June 2026

1. Who We Are

Webb Technology Limited, trading as Spiderware (“Spiderware”, “we”, “us”, or “our”), is a company registered in England and Wales (company number 11663507).

Registered office: 483 Green Lanes, Enfield, London, N13 4BS, United Kingdom

We develop and publish Soulbound, a multiplayer action RPG. Soulbound is currently available on Steam. We plan to make the Game available on additional platforms in the future. This Privacy Policy applies to all platforms where Soulbound is available.

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We have not appointed a Data Protection Officer (DPO) as we are not required to do so under Article 37 of the UK GDPR. For all data protection enquiries, please contact us using the details below.

Contact:

Your use of Soulbound is also governed by our Terms & Conditions, which you should read alongside this Privacy Policy.

2. About This Policy

This Privacy Policy explains:

  • What personal data we collect when you play Soulbound
  • How and why we use your data
  • Who we share your data with
  • How long we keep your data
  • Your rights and how to exercise them

What this policy covers:

  • The Game on Steam and any future platforms where Soulbound is made available
  • Our website at soulbound.game
  • Our support channels, community forums, and official Discord server
  • Any services we operate in connection with the Game

What this policy does not cover:

  • Data collected by Valve Corporation through the Steam platform. For Steam’s data practices, see Steam’s Privacy Policy.
  • Data collected by any third-party platform, website, or service linked from within the Game or our website, unless we explicitly state otherwise.
  • Cookie usage on our website soulbound.game, which is covered by our separate Cookie Notice available on the website.

If we add new platforms in the future, we will update this policy to reflect any changes to our data practices on those platforms.

3. What Data We Collect

We collect different categories of personal data depending on how you interact with Soulbound. We have listed every category below so you know exactly what we gather and why.

a. Account and Platform Data

  • Your Steam ID and Steam display name (received via the Steamworks API when you launch the Game)
  • Date of first login, login timestamps, and session duration
  • Platform and region information associated with your Steam account
  • Language and locale preferences
  • Friend list and social connections within the Game (e.g. party members, guild membership)

b. Gameplay Data

  • Game session duration and activity logs
  • Character progression, including level, class, items collected, quests completed, and achievements unlocked
  • Multiplayer matchmaking preferences and party information (group size, role preferences, queued activities)
  • In-game chat messages (text only) and player-to-player interactions
  • Leaderboard rankings, scores, and competitive statistics
  • Guild or group membership, roles, and associated metadata

c. Technical and Device Data

  • Device type, operating system, and version
  • CPU, GPU, RAM, and other hardware specifications
  • Screen resolution and display settings
  • IP address (used to derive approximate geographic location and time zone; we do not store precise geolocation)
  • Device identifiers (hardware IDs used for session management and anti-cheat, not for advertising)
  • Game client version, build number, and platform runtime information
  • Network performance data (latency, packet loss, connection quality)

d. Crash and Diagnostic Data

  • Crash logs, error reports, and stack traces generated by the game client
  • Performance telemetry (frame rates, load times, memory usage) collected to diagnose and resolve technical issues
  • System environment data captured at the time of a crash or error

e. Communication and Support Data

  • Messages sent through in-game text chat systems, including public chat channels, party chat, guild chat, and direct messages between players
  • Support tickets, bug reports, and feedback submitted through our official channels
  • Communications through our community platforms (e.g. Discord server, Steam forums) where you interact with us directly

Note: Soulbound does not currently include voice chat. If voice features are introduced in future, this policy will be updated before any voice data is collected.

f. Purchase and Transaction Data

  • Records of in-game purchases made through Steam (we receive transaction confirmations, product identifiers, and timestamps from Valve)
  • We do not process or store your payment card details, billing address, or any financial information directly. All payment processing is handled by Valve as merchant of record.
  • Regional pricing, local tax calculations, and currency conversion are managed by Steam. We do not determine or have access to your specific payment method or billing details.

g. Analytics and Telemetry Data

  • Gameplay analytics collected via Mixpanel, including feature engagement metrics, progression funnels, and session flow data
  • These analytics are pseudonymised using unique identifiers that do not directly identify you, and aggregated for reporting
  • Telemetry data on game system usage (e.g. which crafting stations are used, skill builds, dungeon completion rates)
  • A/B test group assignments and associated interaction data
  • This data is collected solely for game improvement and internal analysis. We do not use analytics data to build advertising profiles or sell to third parties.

h. User-Generated Content Metadata

  • Metadata associated with content you create in-game (e.g. character names, guild names, custom descriptions)
  • Timestamps, authorship, and context of User Content for moderation and safety purposes
  • We do not collect the content of files on your device or any data outside the Game

i. Anti-Cheat and Security Data

  • Behavioural patterns analysed server-side to detect anomalies consistent with cheating or exploitation
  • Session integrity data (e.g. input frequency, action timing, game state consistency)
  • This data is processed solely for security and fair play purposes. No kernel-level software or client-side scanning tools are used.

j. Cookies and Similar Technologies

Our website (soulbound.game) uses cookies and similar technologies for the following purposes:

  • Essential cookies: Required for the website to function, including authentication, session management, and login persistence. These cookies are necessary and cannot be disabled.
  • Analytics cookies: We use analytics tools (such as Mixpanel) to understand how visitors interact with our website and to improve the experience. These are non-essential and you can opt out.
  • Tracking cookies: We use tracking technologies to measure the effectiveness of our marketing and to understand how players find Soulbound. These are non-essential and you can opt out.

You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to play the Game.

4. How We Use Your Data

We process your personal data only for the purposes listed below. Every data type described in Section 3 maps to one or more of these purposes.

  • Operating the Game: Authenticating your account via Steam, saving and syncing your game progress, enabling multiplayer matchmaking and party systems, maintaining friend lists and guild rosters, and delivering in-game content.

Data used: Account and Platform Data, Gameplay Data, Technical Data, Purchase Data

  • Improving the Game: Analysing gameplay telemetry and analytics to balance game systems, fix bugs, prioritise new features, and improve performance.

Data used: Gameplay Data, Analytics and Telemetry Data, Crash and Diagnostic Data, Technical Data

  • Player Safety and Moderation: Detecting cheating, enforcing our Community Standards, investigating player reports, and taking action against abusive behaviour. Automated moderation systems assist with initial detection, but final account-affecting decisions (bans, suspensions) always involve human review.

Data used: Gameplay Data, Communication Data, Anti-Cheat Data, User-Generated Content Metadata

  • Customer Support: Responding to support tickets, resolving technical issues, processing bug reports, and communicating about account-related matters.

Data used: Account Data, Communication and Support Data, Technical Data, Crash Data

  • Analytics and Research: Understanding player behaviour in aggregate to guide development decisions, measure feature engagement, and evaluate game health. Analytics outputs are aggregated and pseudonymised where possible.

Data used: Analytics and Telemetry Data, Gameplay Data

  • Security and Anti-Cheat: Maintaining fair play through server-side monitoring, protecting the integrity of game systems, and preventing fraud or unauthorised access.

Data used: Technical Data, Anti-Cheat Data, Account Data

  • Communications (Service-Related): Sending you necessary service announcements, such as maintenance windows, terms updates, security alerts, or account notifications. These are not marketing and you cannot opt out of essential service communications.

Data used: Account Data

  • Marketing Communications (Opt-In Only): If you have given us your explicit consent, we may send you news about Soulbound, development updates, events, and promotional content. You can opt out at any time by clicking the unsubscribe link in any marketing email, or by contacting us at legal@spiderware.gg. We will never send marketing without your prior opt-in consent, and we will never share your contact details with third parties for their marketing purposes.

Data used: Account Data (email, where provided with consent)

  • Legal Compliance: Meeting our obligations under UK, EU, and other applicable data protection, tax, consumer protection, and online safety laws.

Data used: Any data as required by the specific legal obligation

6. Who We Share Your Data With

We share your personal data only when necessary to operate, improve, or secure the Game.

a. Platform and Infrastructure Providers

  • Valve Corporation (Steam): Authentication, matchmaking, achievements, community features, and payment processing. Valve acts as the merchant of record for all purchases.
  • Google Cloud Platform: Server hosting, data storage, and backend infrastructure.

b. Analytics Providers

  • Mixpanel: Gameplay analytics, session tracking, feature engagement metrics, and funnel analysis. Data sent to Mixpanel is pseudonymised using unique identifiers that do not directly identify you. This sharing is based on our legitimate interest in improving the Game (see Section 5).

c. Anti-Cheat and Security

  • Server-side anti-cheat systems: We use proprietary server-side detection to identify cheating, exploitation, and anomalous behaviour. These systems do not install kernel-level drivers or access files outside the Game directory.

d. Content Moderation and Player Safety

  • Automated moderation tools: Automated text filtering to detect abusive language, harassment, hate speech, and other violations of our Community Standards. Flagged content may be reviewed by human moderators.

e. Crash Reporting and Diagnostics

  • Crash and error reporting services: When the Game crashes or encounters an error, diagnostic data may be collected and transmitted to help us identify and fix bugs.

f. Email and Marketing Communications (Opt-In Only)

  • Email service provider: If you opt in to marketing communications, your email address and communication preferences are processed by our email service provider to deliver newsletters, updates, and promotional content. You can unsubscribe at any time.

g. Legal and Regulatory Bodies

  • Law enforcement, regulators, and courts: We may disclose your personal data when required by law, in response to valid legal process, to protect the safety of our players or the public, to enforce our Terms & Conditions, or to protect our legal rights.

h. Data Shared with Other Players

Certain data you provide or generate is visible to other players as part of the Game’s multiplayer features:

  • Your Steam display name and in-game character details are visible to other players.
  • If you appear on leaderboards, your display name and relevant scores are publicly visible within the Game.
  • Messages you send in public chat channels, party chat, or other in-game communication systems are visible to other participants.
  • Your membership in guilds or parties, and your in-game activity status, may be visible to other guild or party members.

You should not share personal or sensitive information through in-game chat or other public-facing features.

i. What We Do NOT Do

We do not sell your personal data. We have never sold personal data and have no plans to do so.

We do not share your personal data with advertising networks for targeted advertising. We do not rent, trade, or otherwise make your personal data available to third parties for their own marketing purposes.

7. International Data Transfers

Webb Technology Limited is based in England. Some of the third-party service providers we work with are based outside the United Kingdom, including in the United States.

When your personal data is transferred outside the United Kingdom, we ensure it is protected using one or more of the following legal safeguards:

  • UK Adequacy Decisions: Where the UK Government has determined that a country provides an adequate level of data protection.
  • UK International Data Transfer Addendum (IDTA): Issued under Section 119A of the Data Protection Act 2018, requiring the recipient to provide equivalent protections to those under UK GDPR.
  • EU Standard Contractual Clauses (SCCs): Where applicable for transfers governed by EU GDPR.
  • Supplementary Measures: Additional technical measures (such as encryption) and organisational measures (such as access controls and data processing agreements).

The primary international transfers we make are:

  • Valve Corporation (United States): Platform services.
  • Mixpanel (United States): Analytics.
  • Google Cloud Platform (various locations): Infrastructure.

If you have questions about the specific safeguards applied to your data, please contact us at legal@spiderware.gg.

8. Data Retention

We retain different categories of personal data for different periods, depending on the purpose for which it was collected:

  • Account and platform data: Retained for the duration of your account plus 12 months after account deletion or deactivation.
  • Gameplay analytics: Retained for 18 months, after which it is aggregated and permanently anonymised.
  • Support and communication logs: Retained for 24 months from the date of the last communication.
  • Chat logs (moderation): Retained for 6 months, unless flagged in connection with an ongoing investigation.
  • Crash and error logs: Retained for 90 days.
  • Purchase records: Retained as required by applicable tax law, which may be up to 7 years.
  • Anti-cheat anomaly data: Retained for 12 months.

After these retention periods, data is either permanently deleted or permanently anonymised so that it can no longer be linked to you.

9. Your Rights

UK and EU Residents (UK GDPR / EU GDPR)

If you are located in the United Kingdom or European Economic Area, you have the following rights:

  • Right to Access – You may request a copy of the personal data we hold about you, together with information about how and why we process it.
  • Right to Rectification – You may ask us to correct any personal data that is inaccurate or to complete data that is incomplete.
  • Right to Erasure – You may ask us to delete your personal data where there is no compelling reason for us to continue processing it (sometimes called the “right to be forgotten”).
  • Right to Restrict Processing – You may ask us to limit how we use your data in certain circumstances, for example while we verify the accuracy of data you have challenged.
  • Right to Data Portability – You may request that we provide your personal data in a structured, commonly used, machine-readable format, or that we transmit it directly to another controller where technically feasible.
  • Right to Object – You may object to our processing of your personal data where that processing is based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to Withdraw Consent – Where we rely on your consent for optional features (such as marketing communications), you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew.
  • Right Regarding Automated Decision-Making – You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

Response time: We will respond within 30 days. For complex or numerous requests, we may extend this by a further 60 days (up to 90 days total), and we will notify you of any extension within the initial 30-day period.

How to exercise your rights: Contact us at legal@spiderware.gg with details of your request. We may need to verify your identity before processing it.

Complaints: If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk, or your local data protection authority.

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with the following rights:

  • Right to Know – You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom we share it.
  • Right to Delete – You may request that we delete the personal information we have collected from you, subject to certain exceptions permitted by law.
  • Right to Correct – You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale – We do not sell your personal information. If this ever changes, we will provide a “Do Not Sell My Personal Information” link on our website and within the Game.
  • Right to Limit Use of Sensitive Personal Information – You may direct us to limit our use and disclosure of sensitive personal information to purposes necessary to provide Soulbound and its services.
  • Right to Non-Discrimination – We will not deny you goods or services, charge you different prices, or provide a different level of service as a penalty for exercising your rights.

Authorised agents: You may designate an authorised agent to make requests on your behalf. The agent must provide proof of authorisation, and we may still verify your identity directly.

Response time: We will respond within 45 days. If we need additional time, we may extend this by a further 45 days (up to 90 days total) and will notify you.

How to exercise your rights: Contact us at legal@spiderware.gg with the subject line “CCPA Request”.

CalOPPA Disclosure

In accordance with the California Online Privacy Protection Act (CalOPPA):

  • This Privacy Policy is accessible from our website and from within the Game.
  • We will notify you of material changes by updating the “Last Updated” date and, where appropriate, by in-game notification or email.
  • We honour Do Not Track signals to the extent required by applicable law.

10. Children's Privacy (COPPA)

  • Soulbound is not directed at children under 13 years of age.
  • We do not knowingly collect personal data from children under 13.
  • If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that data promptly.
  • Parents and guardians: If you believe your child under 13 has provided personal data to us, please contact us immediately at legal@spiderware.gg so we can take appropriate action.
  • Users aged 13-17: We comply with all applicable laws regarding the collection and processing of personal data from minors.

11. Other Jurisdictions

  • Brazil (LGPD): Brazilian residents have rights under the Lei Geral de Proteção de Dados, including the right to access, correct, delete, and port personal data. Contact legal@spiderware.gg to exercise these rights.
  • Canada (PIPEDA): Canadian residents may request access to and correction of personal information under the Personal Information Protection and Electronic Documents Act.
  • Australia (Privacy Act 1988): Australian residents have rights under the Australian Privacy Principles, including the right to access and correct personal information.
  • All other jurisdictions: Regardless of where you reside, you may contact us at legal@spiderware.gg to exercise any data protection rights available to you under applicable local law.

12. Anti-Cheat and Security Systems

We use server-side anti-cheat monitoring to maintain fair play and protect the integrity of Soulbound.

How our anti-cheat systems work:

  • Our anti-cheat operates entirely on our servers. It analyses gameplay telemetry, server logs, and statistical patterns to detect behaviour consistent with cheating, exploitation, or abuse.
  • We do not install kernel-level drivers, rootkits, or ring-zero software on your device.
  • We do not scan your files, running processes, installed software, or any data outside the Soulbound game client.
  • We do not capture screenshots, monitor your screen, or access your webcam or microphone for anti-cheat purposes.

What data anti-cheat systems collect:

  • Gameplay actions and timing data (inputs, movement patterns, interaction rates)
  • Server-side event logs (damage calculations, item acquisition, economy transactions)
  • Network metadata (latency, packet timing, connection stability)
  • Game client version and integrity checks

This data is processed solely for security, fair play, and player safety purposes.

Retention of anti-cheat data:

  • Flagged anomaly data (cases under investigation): retained for up to 12 months, then deleted or anonymised
  • Confirmed violation records (where a penalty was issued): retained for the duration of the associated account plus 24 months
  • Cleared data (false positives): deleted within 30 days

Automated decision-making and human review:

  • Anti-cheat systems may automatically flag accounts for review. Automated flags alone do not result in account penalties.
  • All enforcement actions are reviewed by a human before being applied.

Your right to appeal:

If you believe an anti-cheat decision was made in error:

  1. Contact us at legal@spiderware.gg with the subject line “Anti-Cheat Appeal” and include your Steam ID and a description of why you believe the decision was incorrect.
  2. Your appeal will be reviewed by a member of our team who was not involved in the original decision.
  3. We will respond within 14 days with our decision, including the reasoning behind it.

13. Moderation and Player Safety Data

To keep Soulbound safe and to meet our legal obligations, we process certain personal data for moderation and safety purposes.

What we process for moderation:

  • In-game text chat messages, party and guild chat, and direct messages between players
  • Player and guild/clan names and other player-set display text
  • User Content you create or submit within the Game
  • Reports you or other players submit through in-game reporting tools
  • Records of moderation actions taken on your account and the reasons for them

Legal bases:

  • Legitimate interests: keeping players safe and enforcing Community Standards
  • Legal obligation: complying with the UK Online Safety Act 2023 and other applicable laws
  • Contractual necessity: providing safe multiplayer services

Retention of moderation data:

  • General chat logs: 6 months, unless flagged for investigation
  • Flagged or reported content: duration of the investigation plus up to 12 months
  • Records of enforcement actions: retained for the duration of your account plus up to 24 months

14. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it.

Encryption:

  • All data transmitted between your device and our servers is encrypted using industry-standard encryption protocols (such as TLS 1.2 or higher).
  • Personal data stored on our servers is encrypted at rest using industry-standard encryption (such as AES-256 or equivalent).

Access controls:

  • We operate strict role-based access controls. Only personnel who need access to personal data to perform their duties can access it.
  • We follow the principle of least privilege.
  • Access to production systems and personal data is logged and auditable.

Security assessments:

  • We conduct regular internal security reviews and vulnerability assessments.
  • We engage independent third parties to perform penetration testing on a periodic basis.

Employee and contractor security:

  • All staff and contractors with access to personal data receive security awareness training.
  • Staff are bound by confidentiality obligations and data handling policies.

Data breach notification:

In the event of a personal data breach:

  • Where the breach poses a risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office (ICO) without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach, in accordance with Article 33 of the UK GDPR.
  • Where the breach poses a high risk to your rights and freedoms, we will notify affected individuals without undue delay, providing: a description of the breach, the likely consequences, the measures taken to address it, and recommendations for steps you can take to protect yourself.
  • Not all data breaches require notification. We assess each incident on a case-by-case basis in accordance with ICO guidance.

No security system is completely secure. You are responsible for keeping your account credentials private. We recommend enabling Steam Guard (two-factor authentication) on your Steam account.

15. Third-Party Services and SDKs

Soulbound integrates the following third-party services:

Platform:

  • Valve / Steam (Steamworks SDK) – Authentication, matchmaking, achievements, payments

Steam Privacy Policy

Analytics:

  • Mixpanel – Gameplay analytics, session tracking, feature engagement

Mixpanel Privacy Policy

Infrastructure:

  • Google Cloud Platform – Server hosting, database storage, backend computation

Google Cloud Privacy Notice

We require all third-party service providers to process your data in accordance with applicable data protection laws, implement appropriate security measures, and process your data only for the purposes described in their agreements with us.

We do not use any third-party advertising SDKs. We do not embed social media tracking pixels or share data with social media platforms for advertising purposes.

16. Online Safety

Soulbound includes features that allow users to interact and share content with one another. As a service operating in the United Kingdom, we take our online safety duties under the UK Online Safety Act 2023 seriously. We:

  • Operate systems designed to identify, assess, and reduce the risk of illegal content and content harmful to children
  • Provide in-game tools to report content and behaviour that breaches our Community Standards or the law
  • Act promptly to review reports and remove illegal content
  • Take steps to protect younger players
  • Keep records of reports and moderation actions

For details of how reports are handled and how to appeal a decision, please see the Community Standards section of our Terms & Conditions.

17. Early Access

Soulbound is currently in Early Access on Steam. This means:

  • Game features, content, and systems may change significantly during development
  • Character progress may be reset during Early Access
  • Data collection practices may evolve as new features are introduced

We will update this Privacy Policy to reflect any material changes to our data practices.

18. Changes to This Policy

When we make changes to this Privacy Policy:

  • We will update the “Last Updated” date at the top of this document
  • Where changes are material, we will notify you via in-game notices, Steam announcements, or email (where we hold your email address)
  • Your continued use of the Game after changes take effect constitutes your acknowledgement of the updated policy
  • Where changes to this policy require your consent as a legal basis (for example, new types of optional data processing), we will seek that consent separately before any such processing begins

We encourage you to review this policy periodically.

19. Contact Us

If you have questions, concerns, or wish to exercise your rights:

By playing Soulbound, you acknowledge that you have read and understood this Privacy Policy.

NEXT

Next: Cancellation Policy

On this page