Privacy Policy
This Privacy Policy explains what personal information we collect when you play Leap of Legends ("the Game") or visit leapoflegends.com (collectively, "the Service"), how we use it, who we share it with, and the choices you have. We try to keep it short and plain; where a term is legal-sounding, we explain it in context.
1. Who we are
Exceptionly Inc. ("we", "us", "our") is the data controller for personal information processed in connection with Leap of Legends. Our registered contact details are listed in section 14.
2. Data we collect
2.1 Account & identity data
When you sign in to the Game we work with an identity system provided by Epic Online Services (EOS). Depending on the platform you play on, you sign in with one of the following, and we receive:
| Platform | What we receive |
|---|---|
| Steam (Windows, macOS) | Your numeric Steam ID, your Steam display name, and a short-lived session ticket used once to verify you to EOS. |
| Apple (iOS) | Your Apple Sign-in identifier (a per-app "sub" value, not your email unless you share it), your display name, and a short-lived JWT identity token used once to verify you to EOS. |
| Google (Android) | Your Google OAuth identifier, your Google display name, and a short-lived ID token used once to verify you to EOS. |
| Device ID (guest play) | An anonymous identifier EOS generates for your device. No account needed. |
After a successful sign-in, EOS issues us a cross-platform Product User ID (PUID) — a pseudonymous
identifier that ties your progress together across platforms. The PUID is what we use for everything
else described in this policy.
2.2 Gameplay & progression data
We collect gameplay data so we can run matches, track progression, and show leaderboards:
- Aggregate statistics (kills, deaths, matches played, matches won, boxes opened, longest kill streak, minutes played, per-mode play counts).
- Per-match records (match identifier, duration, mode, your final placement, the kills and deaths you recorded in that match).
- Achievement unlocks.
- In-game cosmetic inventory (which hats, skins and animals you own).
2.3 Purchase & entitlement data
When you buy an in-game item, the purchase is processed by the platform's store, not by us. We never see your payment card or bank details. What we do receive from the store after a purchase, so we can grant you the item and handle refunds:
- Steam: the order id and transaction id.
- Apple App Store: the transaction JWS (a signed receipt).
- Google Play: the purchase token and order id.
We log the purchase in an append-only ledger (who bought what, when, at what price) as required by consumer-protection and tax-reporting regulations.
2.4 Voice chat
If you join a multiplayer lobby with voice chat enabled, your microphone audio is transmitted in real time to other players in that lobby via EOS's voice service. We do not store, record, or review voice chat audio. You can mute yourself or other players, disable voice entirely, or block a specific player from the in-game settings.
Microphone access requires your explicit permission, which you can grant or revoke in your device settings at any time.
2.5 Multiplayer networking
When you play online, the Game establishes peer-to-peer connections between players' devices through EOS's relay network. Your device's IP address is visible to EOS (which routes the connection) and, in direct connections, to the other player's device. We do not store IP addresses ourselves.
2.6 Diagnostic & operational data
Our servers receive standard request metadata (timestamp, request path, response code, approximate region) for operating and debugging the service. These logs are purged on a rolling basis and never combined with marketing data.
2.7 Information we do not collect
- We do not collect your email address, real name, postal address, date of birth, or phone number.
- We do not collect payment card details. Those stay with Steam, Apple, and Google.
- We do not track you across the web with advertising identifiers.
- We do not use third-party advertising SDKs inside the Game.
3. How we use it
- Operate the Game. Match you with other players, track your progression, grant rewards, open boxes, sync cosmetics across your devices.
- Process purchases. Validate the receipt a platform store issued, grant you the item, handle refunds if the store reverses the charge.
- Prevent abuse. Detect cheating, enforce fair-play rules, investigate reports of misconduct.
- Improve the Game. Review aggregate gameplay statistics to tune difficulty, balance, and matchmaking.
- Support you. Respond when you contact support, including looking up your account and recent match history.
- Comply with law. Respond to lawful requests, keep accounting records, honor refund obligations.
4. Legal basis (EU/UK players)
If you are in the EU or UK, we rely on the following legal bases under the GDPR:
- Contract — to provide the Game you've installed and the online services you use, we must process the account, match, and inventory data described above.
- Legitimate interests — for fraud and cheat detection, for operating and securing the servers, and for improving the Game with aggregate statistics.
- Consent — for microphone access (voice chat) and for any optional feature that later introduces a consent prompt.
- Legal obligation — to keep purchase records for tax and consumer-protection law.
5. Who we share with
We share your information only with the following categories of recipients, and only as necessary:
| Recipient | Why | Where |
|---|---|---|
| Epic Games, Inc. (EOS) | Identity, matchmaking, voice chat, stats, achievements, leaderboards. | United States / global |
| Valve Corporation (Steam) | Sign-in verification and Steam-side purchases, if you play on Steam. | United States |
| Apple Inc. | Sign in with Apple and App Store purchases, if you play on iOS. | United States / Ireland |
| Google LLC | Google Sign-In and Google Play purchases, if you play on Android. | United States / Ireland |
| Supabase (database hosting) | Managed Postgres hosting our game-state database. | European Union (Ireland) |
| Hetzner Online GmbH | Hosting our backend server. | Germany |
| Law enforcement / courts | Only where legally compelled, and only to the extent required. | Various |
We do not sell personal information, and we do not share it with advertising brokers, data resellers, or analytics networks.
6. International transfers
Some recipients are outside the EU/UK (notably Epic, Valve, Apple, and Google, which are U.S. companies). Where required, we rely on the European Commission's Standard Contractual Clauses and each recipient's own compliance program (including the EU–U.S. Data Privacy Framework where applicable).
7. Retention
- Account identifiers (PUID, native platform id) — for as long as you continue to play, plus up to 24 months of inactivity for recovery purposes.
- Match records — 12 months, then deleted or anonymized.
- Purchase records — 10 years for tax/consumer-protection compliance (this is a legal minimum in many jurisdictions).
- Server request logs — 30 days.
- Voice audio — not stored.
You can request earlier deletion — see section 9.
8. Security
We take reasonable technical and organizational measures to protect your information. Examples: our backend database has row-level security enabled, credentials are never stored in the game client, purchase receipts are cryptographically verified with the platform store before we grant anything, and our servers are accessed over encrypted channels only. No system is perfectly secure — if we ever become aware of a breach affecting you, we'll notify the relevant supervisory authority and (where required) you directly.
9. Your rights
If you're in the EU, UK, or another region with equivalent data-protection law, you have the following rights. You can
exercise any of them by writing to the contact address in section 14 — include your in-game display name and, if
possible, your PUID so we can find your account.
- Access — a copy of the personal information we hold about you.
- Rectification — correction of data that is wrong.
- Erasure ("right to be forgotten") — deletion of your data, subject to the retention rules in section 7 (e.g. we must keep purchase records for tax reasons).
- Restriction — limit how we use your data while we investigate a complaint.
- Portability — a machine-readable export of the data you provided.
- Objection — to any processing we do based on legitimate interests.
- Withdraw consent — for any processing based on consent, at any time, without affecting prior lawful processing.
- Complain — to your local data-protection regulator (e.g. the EDPB member list) if you think we've handled your data poorly.
We try to respond within 30 days.
10. Children
Leap of Legends is not intended for children under 13 (or the equivalent minimum age in your country — 16 in some parts of the EU). We do not knowingly collect data from them. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. California residents
If you are a resident of California, the California Consumer Privacy Act (CCPA) gives you the right to know what we collect, to request deletion, to correct inaccurate data, and to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information under the CCPA's definitions. To exercise any CCPA right, write to us using the contact in section 14.
12. Cookies & the website
The Game itself (the Unity build on Windows, macOS, iOS, Android) does not use cookies. Our website, leapoflegends.com, uses only essential cookies required to render the site. We do not use advertising, analytics-tracking, or social-embed cookies on our website. If we add any in the future, we will update this section and show a consent banner before enabling them.
13. Changes to this policy
If we make material changes, we will update the "Effective date" at the top of this page and, for registered players, show a notice in-game before the changes take effect. Minor corrections (typos, clarifications that don't change what we do) may be made silently.
14. Contact us
The easiest way to reach us about privacy questions or to exercise any of your rights:
- Email: hello@leapoflegends.com
- Postal mail: Exceptionly Inc.,
Company Name: Exceptionly, Inc.
Street Address: 131 Continental Dr Ste 305
City: Newark
State: DE
Zip: 19713