Ludeon Privacy Policy

Effective May 25, 2018

About this policy

Ludeon Studios Inc. (together with its parents, subsidiaries, affiliates, agents, representatives, consultants, employees, officers, and directors — collectively, “Ludeon,” “we,” or “us”) is an independent game development studio. Our main product is video games, and we also offer other services online. We are a corporation based in Ottawa, Canada.

This Ludeon Privacy Policy (“Policy”) outlines the information that Ludeon Studios, Inc. (“Ludeon”, “we”, “us” or “our”) gathers, how we use that information, and the options you have to access, correct, or delete such information. It covers all interaction with all of our products and services (collectively, “Services”) including our games, apps, software, websites, events, direct communications, and others, unless a different policy is displayed.

By using a Service offered by Ludeon, you’re acknowledging that you have read and understood this Privacy Policy. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.


Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.

Third-party data sales

Ludeon never sells data to third parties.


Like many websites, we use cookies and similar technologies to collect some website usage data and handle logged-in users through multiple pages, but we do not require cookies for many parts of our Services. A cookie is a small data file that is transferred to your computer or mobile device. We may use both session cookies and persistent cookies to better understand how you interact with our Services, to monitor aggregate usage by our users and web traffic routing on our Services, and to customize and improve our Services. Although most web browsers automatically accept cookies, some browsers’ settings can be modified to decline cookies or alert you when a website is attempting to place a cookie on your computer.

Data retention

Some data, like forum posts, is retained indefinitely since it’s used indefinitely unless erasure is requested. Other data, like security logs, is retained for up to one year.

All the data we keep is regularly backed up through multiple different mechanisms, both in online services like Amazon AWS and offline backups.

Data security

We take all reasonable steps to protect information we receive from you from loss, misuse or unauthorized access, disclosure, alteration, and/or destruction. We have put in place appropriate physical, technical, and administrative measures to safeguard and secure your information.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

International information transfers

We collect information globally and primarily store that information in the United States and Canada. We transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services.  Whenever we transfer your information, we take steps to protect it.

Data subject rights

Users residing in certain countries, including the EEA, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the right to access, correct, and request deletion your personal information.

If you believe we have data about you and you want a copy of that data, or want the data erased, please email Ludeon support at [email protected] with the specifics of your subject access request (“SAR”). We will respond within thirty (30) days.

In the case of erasure SARs, we will erase what we can but be aware that in some cases we need to retain data as required by law or for our legitimate business purposes (including tax reporting and security).

For any SAR, we will need to verify a requestor is inquiring about their own information before we can assist. Where a SAR may implicate the personal data of another individual, we must balance the request against the risk of violating another person’s privacy rights. We will comply with SARs to the extent required by applicable law. If you reside in the EEA, you also have the right to lodge a complaint with a supervisory authority.

Forum users can delete their posts and account themselves by using the delete functions in the forum software. Other Services we provide also have export and delete functionality built-in.

You may manage your receipt of e-mail from us by clicking on the “unsubscribe” link located on the bottom of such emails.

Legal basis

For users in the EEA to whom the GDPR applies, our various data processing is legally based on one of several legal bases as defined in the GDPR:


We need to process data to give you what you paid for.

Legitimate interest

This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.

For example, we use identity and device information to prevent fraud and abuse and to keep the Services secure. We may also send you communications about our Services, subject to your right to control whether we do so.

We analyze how users interact with our site so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the experience we offer all our users.

Legal obligation

Sometimes we need to process your data to comply with a legal obligation.

What we collect and receive and how we use it

We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.  

Sales information

Our game sales page for RimWorld uses SendOwl, together with Stripe and PayPal payment processors, to handle direct sales of the game and all the record-keeping and fraud-prevention that goes along with that. Through our partners, we collect information you provide by completing the sales forms, including name, email, and credit card information. SendOwl also helps us send update emails to customers to help them receive the game they paid for. We may occasionally send customers emails for the purposes of direct marketing.

Ludeon partners with other companies (such as Stripe) for payment processing, and the payment information you submit is collected and used by them in accordance with their privacy policies (for Stripe’s, click here). Ludeon doesn’t store your payment information directly; our processing partners store information like the last four digits of your credit card or bank account (as applicable), expiration date, and country, which we require for tax, government regulatory, and security purposes.

Steam key automated registration

The automated Steam registration system processes data between SendOwl order records, Steam account data, and its own linking database to allow users to instantly register their game on Steam without allowing fraud. We collect information you enter, including email, and link it with your Steam account and purchase records. We retain this information to be able to support users when something goes wrong, and to keep the system secure.

Support and direct communications

Our support staff process communications you send us in order to offer technical support, accept problem reports, and so on. This includes contact information, any files you send up, contents of correspondence and any technical information you send us. To do this effectively and securely, we may keep several kinds of records about communications you send us (like, for example, the names and email addresses of people to whom we have sent Steam keys).

Creative rewards

Our creative rewards system allows purchasers of certain tiers of our products to enter creative content into the game through a web interface with a convenient automated interface and feedback/review mechanisms. We collect all the information you enter into this Service. This Service stores the fictional information users intend to publish, as well as login-handling and security-related information like email, IP address, and user agent data identifying your browser and machine, and links this information to purchase records. This information may be reprocessed over time to re-export and improve creative content, remove refunded orders, and keep the system secure.

Forums, blog comments, wikis, bug trackers

We run forums, blog comment sections, wikis, and bug tracking Services which allow people to create accounts, post information, and send messages to each other. Users are pseudonymous, but users can state any information they like about themselves in public discussions. We collect all the information you enter into the Services, as well as any files you upload to our Services. Unless otherwise noted, any information you enter into these Services should be considered public. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services.

If you would like to participate in any of these Services, but don’t want others to see your name or image, you may choose an account image or name that is not identifiable (e.g., SpaceFan25) and simply not enter profile information you don’t want to be public.

Forum users have the option to enter information into their profile like gender, birth date, and location; this information is public. You can modify or delete certain information associated with your forum account from your forum account settings page.

Game startup checks

When you run one of our games, it may grab a small amount of data from our web server, like version information (to notify you of available updates) or news to display. The only purpose of this is for the game to have this information; the game doesn’t send any information about you to us. Though we do receive your IP address when you do this, we don’t store or process it outside server access logs.

Automatically-collected information

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

Our Services, including CAPTCHAs, forums, creative reward systems, and others, may automatically collect information about you like IP address, browser identity, referral information, and operating system information, which we use to enhance site security and prevent spam.

How much of this information we collect depends on the type and settings of the device you use to access the Services.  Server and data center service administrators can disable collection of this information via the administrator settings or prevent this information from being shared with us by blocking transmission at the local network level.

Our site uses Google reCAPTCHA to prevent spam. This reCAPTCHA collects complex information about the user’s system and browser, attempting to correlate it with Google’s other tracking information to identify people apart from machines. Information on interacting with Google reCAPTCHA can be found in Google’s Privacy Policy and Terms of Use.

Analytics and spam prevention

We collect information about the ways people visit and interact with our Services in the form of traffic analytics. You can opt out of being included in Google Analytics here. We also use Akismet to check public comments on the blog against a global database to block spam and facilitate discussion.

Information that’s shared to protect Ludeon and comply with the law

We do reserve the right to disclose personal information when we believe that doing so is reasonably necessary to comply with the law or law enforcement, to prevent fraud or abuse, or to protect Ludeon’s legal rights, property, or the safety of Ludeon, its employees, users, or others.

Links to other websites and services

Our site may include links to other websites or services whose privacy practices may differ from Ludeon’s. When you use a link to an external site or service, the privacy policy and data processing disclosures for that site or service governs.

Business transactions

We may assign or transfer this Policy, as well as information covered by this Policy, in the event of a merger, sale, change in control, or reorganization of all our part of our business.

Contact information

For general support or questions please email: [email protected]

Data protection and privacy handling policies are the responsibility of Tynan Sylvester: [email protected]