Privacy Policy - substellar.io

Overview

We explain what data we collect, how we use it, and the rights you have.

Data We Process

Account data: username, email (via Cognito).
Gameplay data: inventory, stats, in-game actions.
Real-time media: camera video, microphone audio, and facial landmark coordinates (all optional, each requiring separate explicit consent). Transmitted peer-to-peer via WebRTC to other players in your session. Not stored on our servers.
Technical data: IP, device, logs for security and performance.
Advertising data: ad impressions, viewability, interactions, shared with our advertising partner Anzu and its demand partners.

How We Use Data

To operate gameplay, networking, moderation, and feature toggles. Camera, microphone, and facial landmark data are transmitted in real time between players in your session via peer-to-peer WebRTC connections (using PeerJS) and are not stored on our servers.

Facial Landmarks (Google MediaPipe)

We use Google MediaPipe, a third-party library, to detect facial landmark coordinates in your browser. All facial processing happens locally on your device. Neither we nor Google receive your camera feed or raw biometric data through this processing. We do not store biometric data.

The MediaPipe library files are loaded from Google's servers when you enable this feature. These requests may be subject to Google's Privacy Policy (e.g. IP address logging by Google's CDN).

The resulting landmark coordinates (numerical point positions, not images) may be transmitted to other players in your session via peer-to-peer WebRTC connections for avatar animation. Facial landmark data may constitute biometric data under applicable data protection law (including GDPR Article 9). This feature is activated solely on the basis of your explicit consent.

Consent: You must opt in before enabling facial landmarks; you can revoke any time via the Settings menu in-game. Revocation immediately stops processing and transmission.
Video independence: You can enable landmarks without sending camera video; camera, microphone, and facial landmarks are separate consent choices.
Minors: We may restrict landmark features for underage users depending on region and applicable law.
Retention: We do not store landmark data. Landmark coordinates exist only during real-time transmission within your session.

Peer-to-Peer Connections (WebRTC)

Video, audio, and facial landmark data are transmitted directly between players using WebRTC (via PeerJS). This means:

Your IP address may be visible to other players in your session through WebRTC ICE candidates.
We use a relay server (TURN) when direct connections fail, but cannot guarantee that your IP address will never be exposed to other participants.
Media data travels directly between browsers and does not pass through or get stored on our servers.

Consent & Controls

Camera, microphone, and facial landmarks each require separate, explicit consent via an in-game consent prompt before activation. You can grant or revoke per-feature consent in-game via the Settings menu. We may require re-consent for material changes.

Withdraw Consent

You can withdraw consent at any time:

In-game: open Settings, then revoke Camera, Microphone, or Facial Landmarks. Revocation takes effect immediately, disabling the feature and stopping all associated data capture and transmission.
OS/Browser: you may also revoke camera/microphone permissions in your device or browser settings; the game will reflect the change.
Scope: withdrawal stops further capture, processing, and transmission of the affected feature. Since we do not store media or landmark data on our servers, there is no server-side data to delete.

In-Game Advertising

This game contains in-game advertising provided by Anzu Virtual Reality LTD ("Anzu"). Ads appear as billboards and surfaces within the game world. When ads are displayed, the following data may be collected and shared with Anzu and its advertising partners:

Your consent status (whether you have accepted this Privacy Policy and our Terms of Service).
Technical identifiers: IP address, browser type and version, operating system, screen resolution.
Ad interaction data: impressions viewed, viewability metrics, clicks on ad surfaces.
Contextual data: the game environment in which the ad is displayed.

Anzu works with third-party advertising partners including supply-side platforms (SSPs), demand-side platforms (DSPs), and measurement providers. These partners may use the data listed above to serve, measure, and report on advertisements. A full list of authorised advertising sellers is published in our ads.txt file.

For more information on how Anzu processes data, see Anzu's Privacy Policy.

Sharing

Data may be shared with the following parties:

Other players in your session: When you enable camera, microphone, or facial landmarks, that data is transmitted directly to other players via peer-to-peer WebRTC connections. Your IP address may also be visible to other participants.
Google: The MediaPipe library files are loaded from Google's servers. These CDN requests may expose your IP address to Google. See Google's Privacy Policy.
AWS: Account and gameplay data are processed via AWS services (Cognito, DynamoDB, etc.). Cross-border transfers are governed by AWS's regional configurations and applicable safeguards.
Advertising partners: As described in the In-Game Advertising section above.

Retention

Gameplay/account data are kept while you have an account; media streams are ephemeral unless stated. Consent logs are kept for compliance.

Your Rights

Subject to your region: access, correction, deletion, portability, objection. Contact us to exercise rights.

Contact

hello@substellar.io

← Back to Login · Terms · Guidelines