Privacy Policy
Effective Date: March 18, 2026
This Privacy Policy describes how Nexorion ("we", "us", or "our") collects, uses, and protects your personal information when you use our website at nex-orion.com and our multiplayer game services (collectively, the "Service").
1. Information We Collect
We collect the following categories of personal data:
- Account Information: Username, email address, and a cryptographically hashed password (we never store your plaintext password).
- Game Data: In-game progress, inventory, world data, chat messages, and other gameplay-related information.
- Technical Data: IP addresses, connection timestamps, and basic device/browser information collected automatically when you access the Service.
- Email Verification Data: Verification codes and their expiration timestamps used during account registration and password reset flows.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Authentication: To verify your identity when you log in and to secure your account.
- Game Functionality: To provide, maintain, and improve the multiplayer game experience, including world persistence, inventory management, and player interactions.
- Email Communications: To send email verification codes, password reset links, and important account-related notifications. We do not send marketing emails.
- Security: To detect and prevent fraud, abuse, cheating, and unauthorized access.
- Service Improvement: To monitor server health, fix bugs, and improve game performance.
3. Cookies
We use a single essential cookie to maintain your authenticated session:
- nexo_token: An HTTP-only, secure authentication cookie that stores a signed JSON Web Token (JWT). This cookie expires after 7 days and is used solely to keep you logged in. It cannot be accessed by client-side JavaScript due to the httpOnly flag.
We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.
4. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share data only in the following limited circumstances:
- When required by law or legal process.
- To protect the rights, safety, or property of Nexorion, our users, or the public.
- With service providers who assist in operating the Service (e.g., hosting providers), under strict confidentiality obligations.
5. Data Retention
We retain your account data for as long as your account is active. If you wish to delete your account and all associated data, please contact us at [email protected]. Upon receiving a valid deletion request, we will remove your personal data within 30 days, except where retention is required by law.
Game data associated with worlds (e.g., blocks placed, locks, signs) may be retained independently of account deletion to preserve the shared game environment for other players.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Passwords are stored using double SHA-256 hashing and are never stored in plaintext.
- All web traffic is encrypted via HTTPS/TLS.
- Authentication tokens are signed with a secret key and expire automatically.
- Rate limiting is applied to prevent brute-force attacks.
7. Children's Privacy
Nexorion is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will promptly delete such information.
8. Your Rights (GDPR / KVKK)
If you are located in the European Economic Area (EEA) or the Republic of Turkey, you have the following rights under the General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK, Law No. 6698):
- Right of Access: You may request a copy of the personal data we hold about you.
- Right to Rectification: You may request correction of inaccurate or incomplete data.
- Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.
- Right to Restriction: You may request restriction of processing in certain circumstances.
- Right to Data Portability: You may request your data in a structured, machine-readable format.
- Right to Object: You may object to processing of your data in certain circumstances.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.
9. International Data Transfers
Your data may be processed on servers located outside your country of residence. We take appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised effective date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: