AionFlexAionFlex

Privacy Policy

Last updated: May 27, 2026

AionFlex (“we”, “us”, “our”) operates a desktop application and associated website at aionflex.gg. This Privacy Policy explains what personal data we collect, why we collect it, and your rights regarding that data.

1. Data Controller

AionFlex is the data controller for the personal data described in this policy. You can reach us at support@aionflex.gg.

2. Data We Collect

2.1 Account & License Data

When you purchase a subscription or activate a license, we collect:

  • Email address — provided via Paddle (our payment processor) during checkout.
  • License key — generated by us and associated with your subscription.
  • Hardware fingerprint — a SHA-256 hash of your machine identifier, used to bind the license to a single device. We do not store the raw hardware identifier.

2.2 Payment Data

All payments are processed by Paddle.com Market Limited, who acts as the Merchant of Record. We do not collect, store, or have access to your credit card number, bank account details, or other financial information. Paddle processes this data under their own privacy policy at paddle.com/legal/privacy.

2.3 Gameplay Telemetry (Character Snapshots)

When you use the AionFlex desktop application, we may collect character snapshots that include:

  • Character name, class, level, server, and faction.
  • Gear score, combat power, and equipment details.
  • Combat session summaries (DPS, skill usage, boss encounters).

Consent is required.On first launch, the application presents a consent dialog. Free-tier users must accept data sharing to use the application. Pro-tier users may decline and still use all features — a toggle in Settings controls whether data is uploaded.

2.4 Technical Data

When the application communicates with our servers, the following is transmitted automatically:

  • IP address — inherent in any HTTPS connection.
  • Application version — sent during license validation and update checks.
  • License identifier — sent during validation requests.

We do not use tracking cookies, analytics scripts, or third-party advertising on our website or in the application.

3. Why We Collect Data

  • License management — to issue, activate, validate, and enforce licenses (legal basis: contract performance, GDPR Art. 6(1)(b)).
  • Payment processing — to fulfil your subscription via Paddle (legal basis: contract performance).
  • Gameplay telemetry — to provide player profiles, leaderboards, and aggregate analytics on the website (legal basis: consent, GDPR Art. 6(1)(a)).
  • Auto-update checks — to deliver software updates (legal basis: legitimate interest, GDPR Art. 6(1)(f)).
  • Security & abuse prevention — to prevent license sharing, fraud, and abuse (legal basis: legitimate interest).

4. Data Sharing

We share personal data only with:

  • Paddle.com Market Limited (UK) — payment processing and subscription management.
  • Supabase Inc. (US, EU infrastructure) — database hosting. Data is stored in the EU (Frankfurt region).
  • Cloudflare Inc. (US) — CDN, DNS, and email routing.
  • Microsoft Azure — transactional email delivery (Azure Communication Services).

We do not sell, rent, or trade your personal data to any third party.

5. Data Retention

  • License data — retained for the duration of your subscription plus 30 days after cancellation.
  • Gameplay telemetry — retained for as long as your account exists, to power player profiles and historical analytics. Deleted upon account deletion request.
  • Technical logs (IP addresses, validation requests) — retained for 90 days.

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of all personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data (“right to be forgotten”).
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — for gameplay telemetry, withdraw consent at any time via the Settings toggle (Pro users) or by contacting us.

To exercise any of these rights, contact us at support@aionflex.gg. We will respond within 30 days.

7. Data Deletion

You may request complete deletion of your account and all associated data by contacting support@aionflex.gg. Upon request, we will delete your license records, gameplay telemetry, and any associated personal data within 30 days. Active Paddle subscriptions will be cancelled as part of the deletion.

8. Security

We protect your data with encryption in transit (TLS 1.3), encryption at rest (database-level encryption via Supabase), and access controls limited to essential personnel. Hardware fingerprints are stored as irreversible SHA-256 hashes.

9. Children

AionFlex is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the application or our website. The “Last updated” date at the top reflects the most recent revision.

11. Contact

Email: support@aionflex.gg