GalaxyWarden ("we," "us," or "our") provides gaming security services that help users monitor, detect, and remediate data breaches affecting their gaming accounts. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.
This policy applies to all users of GalaxyWarden, including visitors to our website and registered users of our breach monitoring services. For California residents, this notice also serves as our "Notice at Collection" under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
GalaxyWarden and DoxxScan™ do not crawl, scrape, or directly access third-party platforms such as Facebook, Twitch, Discord, PayPal, Twitter/X, Instagram, Steam, Reddit, or any other operator’s website or service. We do not log into platforms on your behalf, use platform APIs to enumerate accounts, or extract data from those services in any manner that could violate their Terms of Service.
When we report “exposure” or “link mapping” for a username, email, phone number, real name, or other identifier, the data we surface comes exclusively from one or more of the following lawful sources:
We do not claim, suggest, or imply that any platform referenced in our marketing materials (Twitch, Discord, Steam, Kick, YouTube, etc.) shares data with us, partners with us, or has authorized us to access their systems. Platform names are referenced solely to describe the breadth of breach corpora we cross-reference on your behalf.
If you operate a platform referenced in our marketing and have questions about our data sources, contact legal@galaxywarden.com.
In the past 12 months, we have collected the following categories of personal information as defined under CCPA/CPRA:
| Category | Examples | Sources | Business Purpose |
|---|---|---|---|
| Identifiers | Email address, gaming usernames/aliases, Steam ID (if linked) | Directly from you during registration and profile setup | Account creation, breach scanning, notifications, personalized security missions |
| Account Records | Subscription level (Ranger/Commander/Elite), payment information (processed by third-party), account preferences | From you or payment processors | Manage subscriptions, provide tiered features, process transactions |
| Internet/Network Activity | Gaming habits (frequency, platforms), security habits (password reuse, 2FA usage), breach history, session data | From you (profile/onboarding), app usage, third-party breach intelligence providers | Risk scoring, AI security insights, mission generation, breach monitoring |
| Commercial Information | Selected gaming platforms (Steam, Epic, etc.), games monitored, credit purchases, subscription history | From you (onboarding/profile updates) | Customize services, analyze engagement, provide relevant recommendations |
| Inferences | Security risk scores, mission progress, completion rates, decay-based risk calculations | Derived from collected data and AI analysis | Provide personalized security recommendations, track improvement over time |
We do not intentionally collect sensitive personal information such as precise geolocation, health data, racial/ethnic origin, religious beliefs, or sexual orientation. If you believe we have inadvertently collected such information, please contact us immediately.
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Breach Database Intelligence | Check if your email appears in known breaches | Email address (hashed via k-anonymity where possible) |
| DoxxScan™ Intelligence | Premium deep breach scanning across 15B+ records for exposed credentials, addresses, phone numbers | Email address, usernames (used as search queries only) |
| AI Services (xAI/Grok) | Generate personalized security insights, remediation steps, and risk assessments | Anonymized breach metadata (breach name, data types exposed). No direct identifiers (email, password) are sent to AI services. |
| Payment Processing (Stripe) | Process subscription payments securely | Payment information is sent directly to Stripe; we do not store credit card numbers |
| Cloud Hosting | Store and process application data securely | Encrypted account data |
| Email Services | Send breach alerts and notifications | Email address, notification content |
If you are a California resident, you have the following rights under the CCPA/CPRA (exercisable up to twice per 12-month period, free of charge):
| Right | Description |
|---|---|
| Right to Know/Access | Request disclosure of categories and specific pieces of personal information we've collected about you, sources, purposes, and third parties we've shared with. |
| Right to Delete | Request deletion of your personal information (subject to legal exceptions). |
| Right to Correct | Request correction of inaccurate personal information. |
| Right to Opt-Out of Sale/Sharing | Direct us not to sell or share your personal information. Note: We do not currently sell or share data for advertising. |
| Right to Limit Sensitive Data Use | Limit use of sensitive personal information to essential purposes. (We do not collect sensitive PI.) |
| Right to Non-Discrimination | We will not deny services, charge different prices, or provide different quality based on exercising your rights. |
You can exercise your rights through any of these methods:
Verification: We will verify your identity using your email address and account information. Response time is 45 days (extendable to 90 days for complex requests). If we deny a request, you may appeal by contacting us.
Authorized Agents: You may designate an authorized agent to make requests on your behalf. Agents must provide written authorization and proof of identity.
Regardless of your location, you have the following rights:
For EU/EEA residents under GDPR, our legal basis for processing includes: contract performance (providing services), legitimate interests (improving security), and consent (marketing communications).
We retain your personal information based on the following criteria:
We implement reasonable administrative, technical, and physical safeguards to protect your information:
While we strive to protect your data, no system is 100% secure. We encourage you to use strong, unique passwords and enable 2FA on your account.
GalaxyWarden is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@galaxywarden.com, and we will promptly delete such information.
For users between 13-16 in California, we require opt-in consent before any sale or sharing of data (though we do not sell or share data for advertising).
If our practices change in the future, we will update this policy and provide a clear opt-out mechanism. You can manage your privacy preferences at any time in your Account Settings.
We honor Global Privacy Control (GPC) browser signals as valid opt-out requests.
For questions about this Privacy Policy or to exercise your rights, contact us:
We will respond to inquiries within 45 days. If you are not satisfied with our response, you may file a complaint with your local data protection authority or the California Privacy Protection Agency.
We review and update this policy at least annually or when our practices change. Material changes will be notified via email or in-app notification. Continued use after changes constitutes acceptance of the updated policy.
