Melee.gg - Privacy Policy
Updated February 19th 2024
Revision: 8
Welcome to Melee.gg. This privacy policy outlines our practices concerning the collection, use, and sharing of your information through our website. Operated by Keyrune Incorporatedorporated, a US-based Delaware corporation with headquarters in California. Your use of the Melee website signifies your agreement to this Privacy Policy, our Cookie Policy, and our Terms of Service. If you disagree with any part of these policies, please refrain from using our website.
Our Commitment
We collect only the information necessary for the operation of our service, ensuring your privacy and security are at the forefront of our operations.
This policy outlines the following:
- What personally identifiable information is collected, how it is used, and with whom it may be shared.
- The security procedures in place to protect the misuse of your information.
- How to correct any inaccuracies in the information.
- How you can remove your personally identifiable information from Melee.
Information Collection, Use, and Sharing
Keyrune Incorporated is the sole owner of the information collected on this site. We only collect or have access to information that is voluntarily given to us via online form submission, email, or other direct contact. We do not sell or rent this information to anyone.
We will not share your information with any third-party outside of the organization, other than as necessary to fulfill duties.
We use "cookies" on this site. A cookie is a piece of data stored on a site visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site. Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies.
This website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Methods of Collection
At Melee.gg, we are committed to transparency regarding the collection of user data. Our methods of data collection are designed to respect user privacy while providing a seamless experience on our platform. Data is collected through two primary methods: direct user interactions and passive collection.
Direct User Interactions:
Online Forms and Account Creation: When you sign up for Melee.gg, participate in tournaments, or utilize our services, we collect information you provide directly. This includes but is not limited to your name, email address, user preferences, and game-related IDs.
Email and Communication: Any information sent to us directly via email or through our communication tools is collected and stored to assist with your inquiries and improve our services.
Information from Organization Staff: For tournament organizers and other partners who use Melee.gg to manage events, we may collect information provided by these organizations' staff. This includes participant information for event management purposes. It is our policy to ensure that such data collection is done with the consent of the individuals involved or under the direction of the organization responsible for obtaining such consent.
Passive Collection:
Cookies and Tracking Technologies: As detailed in our Cookie Policy, we use cookies and similar technologies to enhance your experience, understand site usage, and improve our services. This includes collecting data such as IP addresses, browser types, and page views.
Analytics and Performance Monitoring: Tools such as Google Analytics and DataDog help us understand how our platform is used and identify ways to improve our services. This data is collected in an aggregated form and does not identify individual users.
Consent and Choice:
We believe in empowering our users with choices about their data. During the data collection process, whether directly or passively, we provide clear information about the types of data being collected and the purposes for which it will be used. Users have the opportunity to opt-out of certain types of data collection, in line with our commitment to privacy and user control.
Information from Third Parties:
Occasionally, we may receive information about users from third parties, including social media platforms and payment services, in accordance with their privacy policies. This information is only used to provide our services and is processed under the same strict privacy standards as all other user data.
What Information is Stored
Melee uses online submission forms to collect and store your data for use in its operations. Here is a list of information about you that we may store:
Personally Identifiable Information:
- First and Last Name
- Email Address
- IP Address
- Username
- MTG Arena Username
- MTG Online Username
- DCI Number
- Flesh and Blood GEM Player Id
- Profile Picture and Bio
- Profile Information from Third-Party Social Media and Payment Websites
- Social Media URLs
- Pronouns
- Mobile Number
- Birthday
- Country/Region
Other Information Linked to Your Personal Information
- Content You Post Publicly or Privately on Melee
- Preference Settings
- Date and Time of Website Logins
- Browser Type and Operating System Type
- Emails Sent to Melee
- Changes Made to Your Information and Content
By default, your first and last names are not made public after creating your Melee account. However, you have the option to share this information on your public profile in your Melee account settings. Alternatively, your Melee account can be identified by your Melee account username. Accounts created before June 2023 do have their first and last names public on their profile which can be changed in your Melee account settings.
Data Sub-Processors
The Melee platform utilizes the services of certain third-party sub-processors to assist in providing and improving our services. These sub-processors may process personal data on behalf of the Melee platform. We have carefully selected these sub-processors and have implemented appropriate safeguards to ensure the security and protection of your data.
-
Amazon Web Services (AWS):
AWS provides cloud computing infrastructure and services for data storage and processing. They adhere to stringent security and data protection standards.
-
Microsoft Azure:
Azure is a cloud computing platform that provides a range of services, including data storage and processing. They have robust security measures in place to safeguard your data.
-
SendGrid:
SendGrid is a cloud-based email delivery service that enables us to send transactional emails. They process email content and recipient information to ensure reliable email delivery.
-
Twilio:
Twilio provides communication APIs for messaging and voice services. They process phone numbers and message content to facilitate communication features within the Melee platform.
-
FusionAuth:
Specializes in secure user authentication and management, FusionAuth ensures data protection through rigorous security protocols.
-
DataDog:
A monitoring platform that offers insights into application performance and security, DataDog commits to data encryption and privacy in processing operational metrics.
-
Google Analytics (aggregated):
Provides aggregated web traffic analytics, focusing on user privacy through data anonymization and adherence to privacy laws.
-
Looker (aggregated):
A business intelligence tool for analyzing and sharing aggregated data insights, Looker emphasizes secure and responsible data handling practices.
-
Cerberus Enterprise Software, LLC (development):
Located in Connecticut, USA, Cerberus Enterprise Software, LLC is an outsourcing development house that aids in both infrastructure and coding. Their expertise is vital for the scalability and reliability of our platform, enhancing our technical infrastructure and coding capabilities. Cerberus Enterprise Software, LLC works closely with our team to ensure that all development and operational practices meet our high standards for data security and privacy.
-
Somnio (development):
An outsourcing development house based in Uruguay, Somnio assists with coding aspects of our platform, bringing innovative solutions and technical prowess to our development efforts. Their involvement is crucial for implementing new features and maintaining the agility of our service offerings. Somnio operates with a strong commitment to privacy and security, ensuring that their development practices align with our data protection policies.
Please note that while we strive to work with reputable sub-processors, their own data processing practices are governed by their respective privacy policies. We recommend reviewing the privacy policies of these sub-processors for more information on how they handle and protect data.
By using the Melee platform, you acknowledge and agree to the engagement of these sub-processors in the processing of your data as outlined in this section.
Data Sharing with Organizers
For tournament operations, some personal data must be shared with organizers operating the tournament. Sensitive information such as emails, age, and location are shared only if users give explicit permission to Melee to share that information during the registration process.
Personal Data Shared with Organizers:
- First and Last Name
- MTG Arena Username
- MTG Online Username
- DCI Number
- Flesh and Blood GEM Player Id
For tournaments where organizers create Melee accounts on behalf of players, it is the responsibility of the organizers to ensure that players are aware of and approve their Melee account creation, including Melee's terms, conditions, and privacy policies.
Data Sharing with Wizards of the Coast LLC and Hasbro, Inc.
If a user plays in a MTG tournament that is explicitly supported by Wizards of the Coast LLC (such as World Championships, Pro Tours, Regional Championships, etc.), that user's information will be shared with Wizards of the Coast LLC in the same manner as it is shared with the organizers of that tournament.
Data Sharing with Ravensburger AG and The Walt Disney Company
Users that sign up for the Lorcana Play program as a retailer or tournament host will have their retailer application information shared with Ravensburger and Disney. If a user plays in a Lorcana tournament, that user's information will be shared with Ravensburger and Disney in the same manner as it is shared with the organizers of that tournament.
User Rights and Data Management
Account Deletion and Response Time
Melee.gg empowers users and parents with the ability to manage their or their children's information directly. Should a user or a parent decide to delete their account or their child's information, the action is processed instantaneously upon their request through our self-service account management tools. This ensures immediate removal of the user's personal data from our platform, aligning with our commitment to user privacy and data control.
Inactivity and Account Deletion
Accounts on Melee.gg are considered inactive under the following conditions:
- The account has been closed and deleted by the user.
- The account has been suspended due to a breach of our terms of service or other policies.
In line with our data retention policy, we automatically delete the account data and personal information of inactive accounts 1 year after the last payment or activity date. This measure is part of our ongoing efforts to ensure that personal data is not retained indefinitely on our platform without a valid reason.
Handling Children's Data Without Parental Consent
Melee.gg adheres to strict protocols regarding the collection and handling of children’s personal information. In instances where we are made aware of the collection of a child's personal information without prior parental consent, we take immediate steps to rectify the situation in compliance with applicable laws and our commitment to safeguarding children's privacy.
Our process includes:
- Promptly notifying the parent or guardian about the collection of the child’s personal information.
-
Utilizing the FusionAuth process to obtain parental consent. If consent is not granted or we receive no response within 7 days, we proceed to delete the child's information from our platform. This ensures that the child's access to our site is restricted until parental consent is verified.
These practices affirm our dedication to protecting the privacy of all users, especially minors, and our adherence to legal standards concerning children’s online privacy.
Security Procedures
We take appropriate measures to keep your information secure, both online and offline.
Whenever we collect sensitive information, we use encryption and secure methods to protect it. We do not store or handle credit card or other payment data, but third-party payment services may do so at your request.
In addition to online security measures, we also protect your information offline. Only employees who need the information to perform specific tasks (such as billing or customer service) have access to it. The computers and servers where we store personally identifiable information are kept in a secure environment.
Monitoring and Enforcement
At Melee.gg, we are dedicated to upholding the highest standards of data protection and policy compliance. Our comprehensive approach to monitoring and enforcement ensures that our practices align with our privacy commitments and regulatory requirements.
Compliance Monitoring:
Regular Audits: We conduct regular audits of our data handling and privacy practices to ensure compliance with this privacy policy and applicable laws. These audits are performed by internal teams and, when necessary, external auditors who specialize in data protection and cybersecurity.
Data Protection Impact Assessments: For new projects or when introducing significant changes to our platform, we carry out data protection impact assessments. This helps identify any risks to user privacy and implement mitigating measures before deploying changes.
Enforcement Procedures:
Immediate Action on Non-Compliance: If our monitoring activities uncover any non-compliance with our privacy policy or data protection laws, we take immediate action. This may include suspending the activity in question, conducting a thorough investigation, and implementing corrective measures.
Staff Training and Awareness: We ensure that all staff members are trained on our privacy policy, data protection best practices, and their specific responsibilities regarding data handling. Regular training sessions and updates are provided to keep our team informed about the latest developments in privacy and data protection.
User Complaints and Feedback: We take user complaints and feedback seriously as part of our monitoring process. Users can report concerns or violations of their privacy rights to us via our privacy report submission page. We investigate all reports promptly and take appropriate action to address any issues.
Data Breach Response:
Rapid Response Plan: In the unlikely event of a data breach, we have a rapid response plan in place. This plan includes notifying affected users, relevant authorities, and taking steps to mitigate any potential harm. Our goal is to manage and resolve any such incidents transparently and efficiently.
Third-Party Compliance:
Vendor and Partner Agreements: Our agreements with third-party vendors and partners include strict data protection and privacy clauses. We regularly review these agreements to ensure that third parties adhere to our privacy standards and applicable laws.
Oversight and Review: We maintain oversight of third-party practices that impact our users' data, conducting periodic reviews to ensure compliance with our privacy commitments.
Access Management
We have procedures for managing user access to our systems, applications, and data, including password policies, access controls, and authorization processes. We use multi-factor authentication to ensure that only authorized individuals can access our systems and data. We regularly review and update our access management processes and procedures to ensure that they remain effective and compliant with applicable laws and regulations. Databases, key vaults, and other private data sources are only accessible via certain IP addresses.
User Data Encryption
In-transit
To protect your data while it is being transmitted between your device and our servers, we use SSL/TLS encryption. This means that all data transmitted between your device and our servers is encrypted and cannot be read by unauthorized parties. We also use the secure HTTPS protocol to prevent data from being modified or tampered with during transmission. By using SSL/TLS encryption and HTTPS, we can ensure that your data remains confidential, integral, and authentic during transmission.
At-rest
All user data is stored within Keyrune’s cloud service. This service uses encryption to protect data at-rest, including backups. The encryption keys are system-managed and the storage encryption is always on and can't be disabled.
Backup and Disaster Recovery
Our database automatically creates server backups and stores them in user-configured locally redundant or geo-redundant storage. These backups include data files and transaction logs and can be used to restore our servers to a point-in-time within our configured backup retention period of seven days. All backups are encrypted.
Updating Information
You can easily update nearly all of your personally identifiable information collected on this site at your leisure. If you find that you cannot update a piece of information, please contact us at contact@melee.gg.
Removing Your Information
You have the right to be forgotten on Melee. If you would like to delete your account, you may do so via your Profile Page. Deleting your account will delete all personally identifiable information from Melee but may not delete all content generated by your use of the site (such as submitted decklists, pairings, and standings).
If you feel that we are not abiding by this privacy policy, you should contact us immediately via contact@melee.gg.