← Return

Privacy Policy

Broken Window LLC
Last updated: July 12, 2026

This Privacy Policy explains how Broken Window LLC ("Broken Window," "we," "us"), a Delaware limited liability company, collects, uses, and shares information when you use brokenwindow.ai, the game Barons of Steel, and related services (the "Service").

1. Information We Collect

Account information. When you register, we collect your email address and username. Sign-in uses secure one-time links sent to your email ("magic links") — we do not require a password, and we do not use third-party sign-in providers. If your account was created under an earlier password-based system, any password is stored only as a salted hash, never in plaintext.

Gameplay and platform data. We record your in-game activity, including matches played, game state and results, Shard balance and every Shard transaction (our ledger records how Shards were earned and spent), leaderboard standings, subscription status, and competition participation.

Usage and device data. We automatically collect standard technical data: IP address, approximate location derived from your IP address (country/region level), browser and device type, pages viewed, referral source, session timestamps, and interactions with the Service. We use this for analytics, security, and to operate the Service.

Cookies. We use only essential cookies — those required for authentication (keeping you signed in), security, and core functionality of the Service. Our analytics runs without cookies (see Section 4), and we do not use advertising cookies or third-party tracking cookies.

Communications. If you contact support or communicate with us, we keep those communications.

The Service is not intended for anyone under 16, and we do not knowingly collect information from children under 16. If we learn we have done so, we will delete it. If you believe someone under 16 has an account, contact us at the address below.

2. How We Use Information

We use your information to:

Legal bases (EEA/UK users). Where GDPR or UK GDPR applies, we process your data on the following bases: performance of our contract with you (operating your account and the game), legitimate interests (security, anti-cheat, analytics, service improvement), and legal obligation where applicable.

3. What Is Public

Your username, public profile, gameplay statistics, and leaderboard standings are publicly visible, including to people without accounts, and may appear in search engines. Do not choose a username that identifies you personally if you don't want that association to be public. Your email address, Shard transaction details, and account settings are not public.

4. How We Share Information

We do not sell your personal information, and we do not share it with third parties for advertising.

We share information only with:

5. International Transfers

We are a US company and our Service is hosted in the United States. If you use the Service from outside the US, your information will be transferred to and processed in the US. For EEA/UK users, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK Addendum) with our service providers where required.

6. Data Retention

We keep your information for as long as your account is active. When you delete your account:

7. Your Rights

Depending on where you live, you may have the right to:

To exercise any of these rights, email us at the address below. We will verify your identity and respond within the timeframe required by law (30 days under GDPR, 45 days under the CCPA). You can also delete your account directly from account settings.

EEA/UK users may lodge a complaint with their local data protection authority. California residents: we do not "sell" or "share" personal information as those terms are defined in the CCPA/CPRA.

8. Security

We protect your information with industry-standard measures, including encryption in transit (TLS), hashed passwords, access controls, and logging. No system is perfectly secure; if we experience a breach affecting your personal information, we will notify you and regulators as required by law.

9. Do Not Track

Because we use only essential cookies and do not track users across third-party sites, browser "Do Not Track" and Global Privacy Control signals do not change how the Service operates — there is no cross-site tracking to opt out of.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced through the Service or by email before they take effect. The "Last updated" date at the top reflects the latest revision.

11. Contact Us

For privacy questions, rights requests, or support:

Broken Window LLC
8 The Green, Ste B, Dover, DE 19901, United States
Email: support@brokenwindow.ai