Effective Date: March 26, 2026 — Last Updated: March 26, 2026
Mansion of Mayhem (“the Game”) is a browser-based WebXR experience developed by ImmersiVerse OS (“we”, “us”, “our”). We are committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights under applicable data protection laws including the EU General Data Protection Regulation (GDPR).
Summary: We collect minimal data. No cookies. No advertising trackers. No personally identifiable information is sold or shared with third parties for marketing purposes.
1. Data We Collect
Local Storage (Browser)
Your chosen display name and game preferences
Session state so you can resume gameplay
Achievement progress and archetype selections
Access grant status (whether you have entered the game before)
This data is stored only in your browser via localStorage. It never leaves your device unless you use multiplayer features.
Supabase (Multiplayer Backend)
If you create an account: email address, hashed password, and display name
Multiplayer session data: room state, game phase, player positions, votes, and alliances
Drama Room posts: text content you voluntarily submit in-game
Anonymous usage metrics: event counts such as page views, play sessions, and phase completions (no personal identifiers attached)
Data We Do NOT Collect
No IP address logging for analytics
No device fingerprinting
No location data
No payment or financial information
No social media profiles
2. Cookies
Mansion of Mayhem does not use cookies. We use browser localStorage for persistence, which is not transmitted to any server with HTTP requests. No cookie consent banner is required because no cookies are set.
3. Third-Party Services
We rely on the following third-party services:
Supabase (supabase.co) — Backend database and authentication for multiplayer features. Supabase processes account data (email, password hash) and game session data. See Supabase Privacy Policy.
A-Frame / three.js (aframe.io) — WebXR rendering framework loaded from CDN. No user data is sent to A-Frame. See A-Frame.
Google Fonts (fonts.googleapis.com) — Font delivery for Playfair Display and Outfit typefaces. Google may log standard HTTP request data. See Google Privacy Policy.
No advertising networks, social media trackers, or analytics services (such as Google Analytics) are used.
4. Legal Basis for Processing (GDPR)
Where the GDPR applies, our legal bases for processing data are:
Consent — You choose to create an account and provide your email and display name. You may delete your account at any time.
Legitimate Interest — Anonymous usage metrics help us improve the game experience. These metrics contain no personal identifiers.
Contract Performance — Processing game session data is necessary to provide the multiplayer service you requested.
5. Data Retention
localStorage data: Persists until you clear your browser data or uninstall the app.
Account data: Retained until you request deletion.
Game session data: Automatically deleted 30 days after the session ends.
Anonymous metrics: Aggregated and retained indefinitely (no personal data).
6. Your Rights
Under the GDPR and similar regulations, you have the right to:
Access — Request a copy of any personal data we hold about you.
Rectification — Correct inaccurate personal data.
Erasure — Request deletion of your personal data (“right to be forgotten”).
Portability — Receive your data in a machine-readable format.
Objection — Object to processing based on legitimate interest.
Withdraw Consent — Withdraw consent at any time without affecting prior lawful processing.
To exercise any of these rights, contact us using the details below.
7. Children’s Privacy
Mansion of Mayhem is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
8. Data Security
All data transmitted to Supabase is encrypted via HTTPS/TLS. Authentication passwords are hashed and never stored in plaintext. We follow industry-standard security practices to protect your information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Continued use of the Game after changes constitutes acceptance of the revised policy.
10. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us: