⚖️ Privacy Policy

Last updated: November 16, 2025

This Privacy Policy explains how mortis.icu (“we”, “us”, or “our”) collects, stores and uses information when you use the mortis.icu website and related services (“Service”).

By creating an account or using the Service you consent to this Policy.

1. Data Controller

mortis.icu is operated as a personal, non-commercial project.

Responsible contact:

[email protected] (General inquiries)
[email protected] (Security or privacy questions)

All data is processed and stored on servers located in the European Union.

2. Information We Collect

We collect the following types of information:

Category	Details	Purpose / Legal Basis (GDPR Art. 6(1))
Account credentials	Username (chosen by you); password stored hashed with bcrypt	Contract performance — to create and maintain your account
Two-factor authentication	Optional secret key for TOTP	Contract performance — secure access
Discord link	Discord ID (if linked)	Contract performance — support integration
Invites	Invite code, creator ID, used by ID, timestamps	Legitimate interest — moderating access
Sessions / tokens	Random UUIDs for session, refresh, pending 2FA tokens	Contract performance — authentication
Steam account data	Account ID, username, password/secret/refresh-token (encrypted); playtime stats	Contract performance — to operate optional boosting features
Technical logs	Basic request data, timestamps; no analytics currently enabled	Legitimate interest — security and service integrity
Cookies	session, refreshToken, pendingToken; no tracking cookies set by us	Contract performance — login persistence

3. How Information Is Used

To register and authenticate users
To operate and synchronize Steam-related boosting functions
To protect accounts through 2FA and sessions
To provide support via Discord or email
To maintain system security and prevent abuse

We never sell, rent, trade, or share user data with any third parties.

We do not use advertising or analytics tracking. If analytics are introduced in the future, this policy will be updated to describe the data collected and the provider's role. Network and connection data may be processed by Cloudflare, Inc. for security and performance purposes as part of our website protection.

4. Storage and Retention

Account data are stored securely until deletion.
On account deletion, all identifiable data are removed immediately except optional items the user chooses to keep anonymized.
Invites already used remain only as anonymized relationship records (no personal identifiers).
Back-ups and cached follow the same retention policy.

5. Data Security

Passwords hashed with bcrypt
Steam credentials and refresh token encrypted with a master and per-user key system
All internal communication between the website and other microservices uses secure WebSocket channels
Access restricted by role-based permissions

6. Security Incidents and Data Breaches

While we take strong measures to protect all data, no system is completely immune to security issues.

If a breach or incident affecting user data occurs, a public notice will be posted on the mortis.icu website and in the official Discord server announcements channel.

Since we do not collect email addresses, this is the only way users can be notified.

7. Your Rights (GDPR / CCPA)

You may:

Access or export your personal data
Correct inaccurate information
Delete your account at any time (instant purge)
Withdraw consent (by deleting your account)

To exercise these rights, contact [email protected].

EU users may lodge a complaint with their local data-protection authority.

California (USA) residents may request disclosure or deletion under the CPRA.

8. Children's Privacy

mortis.icu is intended only for Steam users aged 13 years and older. We do not knowingly collect data from children under 13 (or under 16 where local law applies).

9. Third-Party Services

Discord Inc. — used for optional account linking and technical support tickets (see discord.com/privacy).
Cloudflare Inc. — provides website security and performance services (see cloudflare.com/privacypolicy).

No analytics, advertising networks, or payment processors are currently integrated.

10. International Transfers

Data are stored and processed within the European Union.

By using the Service you consent to this processing within the EU.

11. Contact

For any privacy-related questions:

[email protected]
[email protected]
or open a ticket in the official Discord server.

12. Changes to This Policy

If the policy changes, a notice will appear on the website with the effective date updated. Continued use of the Service implies acceptance of the new version.