Updated February 19th 2024
We collect only the information necessary for the operation of our service, ensuring your privacy and security are at the forefront of our operations.
This policy outlines the following:
- What personally identifiable information is collected, how it is used, and with whom it may be shared.
- The security procedures in place to protect the misuse of your information.
- How to correct any inaccuracies in the information.
- How you can remove your personally identifiable information from Melee.
Information Collection, Use, and Sharing
Keyrune Incorporated is the sole owner of the information collected on this site. We only collect or have access to information that is voluntarily given to us via online form submission, email, or other direct contact. We do not sell or rent this information to anyone.
We will not share your information with any third-party outside of the organization, other than as necessary to fulfill duties.
This website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
Methods of Collection
At Melee.gg, we are committed to transparency regarding the collection of user data. Our methods of data collection are designed to respect user privacy while providing a seamless experience on our platform. Data is collected through two primary methods: direct user interactions and passive collection.
Direct User Interactions:
Online Forms and Account Creation: When you sign up for Melee.gg, participate in tournaments, or utilize our services, we collect information you provide directly. This includes but is not limited to your name, email address, user preferences, and game-related IDs.
Email and Communication: Any information sent to us directly via email or through our communication tools is collected and stored to assist with your inquiries and improve our services.
Information from Organization Staff: For tournament organizers and other partners who use Melee.gg to manage events, we may collect information provided by these organizations' staff. This includes participant information for event management purposes. It is our policy to ensure that such data collection is done with the consent of the individuals involved or under the direction of the organization responsible for obtaining such consent.
Analytics and Performance Monitoring: Tools such as Google Analytics and DataDog help us understand how our platform is used and identify ways to improve our services. This data is collected in an aggregated form and does not identify individual users.
Consent and Choice:
We believe in empowering our users with choices about their data. During the data collection process, whether directly or passively, we provide clear information about the types of data being collected and the purposes for which it will be used. Users have the opportunity to opt-out of certain types of data collection, in line with our commitment to privacy and user control.
Information from Third Parties:
Occasionally, we may receive information about users from third parties, including social media platforms and payment services, in accordance with their privacy policies. This information is only used to provide our services and is processed under the same strict privacy standards as all other user data.
What Information is Stored
Melee uses online submission forms to collect and store your data for use in its operations. Here is a list of information about you that we may store:
Personally Identifiable Information:
Other Information Linked to Your Personal Information
- First and Last Name
- Email Address
- IP Address
- MTG Arena Username
- MTG Online Username
- DCI Number
- Flesh and Blood GEM Player Id
- Profile Picture and Bio
- Profile Information from Third-Party Social Media and Payment Websites
- Social Media URLs
- Mobile Number
- Content You Post Publicly or Privately on Melee
- Preference Settings
- Date and Time of Website Logins
- Browser Type and Operating System Type
- Emails Sent to Melee
- Changes Made to Your Information and Content
By default, your first and last names are not made public after creating your Melee account. However, you have the option to share this information on your public profile in your Melee account settings. Alternatively, your Melee account can be identified by your Melee account username. Accounts created before June 2023 do have their first and last names public on their profile which can be changed in your Melee account settings.
The Melee platform utilizes the services of certain third-party sub-processors to assist in providing and improving our services. These sub-processors may process personal data on behalf of the Melee platform. We have carefully selected these sub-processors and have implemented appropriate safeguards to ensure the security and protection of your data.
Amazon Web Services (AWS):
AWS provides cloud computing infrastructure and services for data storage and processing. They adhere to stringent security and data protection standards.
Azure is a cloud computing platform that provides a range of services, including data storage and processing. They have robust security measures in place to safeguard your data.
SendGrid is a cloud-based email delivery service that enables us to send transactional emails. They process email content and recipient information to ensure reliable email delivery.
Twilio provides communication APIs for messaging and voice services. They process phone numbers and message content to facilitate communication features within the Melee platform.
Specializes in secure user authentication and management, FusionAuth ensures data protection through rigorous security protocols.
A monitoring platform that offers insights into application performance and security, DataDog commits to data encryption and privacy in processing operational metrics.
Google Analytics (aggregated):
Provides aggregated web traffic analytics, focusing on user privacy through data anonymization and adherence to privacy laws.
A business intelligence tool for analyzing and sharing aggregated data insights, Looker emphasizes secure and responsible data handling practices.
Cerberus Enterprise Software, LLC (development):
Located in Connecticut, USA, Cerberus Enterprise Software, LLC is an outsourcing development house that aids in both infrastructure and coding. Their expertise is vital for the scalability and reliability of our platform, enhancing our technical infrastructure and coding capabilities. Cerberus Enterprise Software, LLC works closely with our team to ensure that all development and operational practices meet our high standards for data security and privacy.
An outsourcing development house based in Uruguay, Somnio assists with coding aspects of our platform, bringing innovative solutions and technical prowess to our development efforts. Their involvement is crucial for implementing new features and maintaining the agility of our service offerings. Somnio operates with a strong commitment to privacy and security, ensuring that their development practices align with our data protection policies.
Please note that while we strive to work with reputable sub-processors, their own data processing practices are governed by their respective privacy policies. We recommend reviewing the privacy policies of these sub-processors for more information on how they handle and protect data.
By using the Melee platform, you acknowledge and agree to the engagement of these sub-processors in the processing of your data as outlined in this section.
Data Sharing with Organizers
For tournament operations, some personal data must be shared with organizers operating the tournament. Sensitive information such as emails, age, and location are shared only if users give explicit permission to Melee to share that information during the registration process.
Personal Data Shared with Organizers
- First and Last Name
- MTG Arena Username
- MTG Online Username
- DCI Number
- Flesh and Blood GEM Player Id
For tournaments where organizers create Melee accounts on behalf of players, it is the responsibility of the organizers to ensure that players are aware of and approve their Melee account creation, including Melee's terms, conditions, and privacy policies.
Data Sharing with Wizards of the Coast LLC and Hasbro, Inc.
If a user plays in a MTG tournament that is explicitly supported by Wizards of the Coast LLC (such as World Championships, Pro Tours, Regional Championships, etc.), that user's information will be shared with Wizards of the Coast LLC in the same manner as it is shared with the organizers of that tournament.
Data Sharing with Ravensburger AG and The Walt Disney Company
Users that sign up for the Lorcana Play program as a retailer or tournament host will have their retailer application information shared with Ravensburger and Disney. If a user plays in a Lorcana tournament, that user's information will be shared with Ravensburger and Disney in the same manner as it is shared with the organizers of that tournament.
User Rights and Data Management
Account Deletion and Response Time
Melee.gg empowers users and parents with the ability to manage their or their children's information directly. Should a user or a parent decide to delete their account or their child's information, the action is processed instantaneously upon their request through our self-service account management tools. This ensures immediate removal of the user's personal data from our platform, aligning with our commitment to user privacy and data control.
Inactivity and Account Deletion
Accounts on Melee.gg are considered inactive under the following conditions:
- The account has been closed and deleted by the user.
- The account has been suspended due to a breach of our terms of service or other policies.
In line with our data retention policy, we automatically delete the account data and personal information of inactive accounts 1 year after the last payment or activity date. This measure is part of our ongoing efforts to ensure that personal data is not retained indefinitely on our platform without a valid reason.
Handling Children's Data Without Parental Consent
Melee.gg adheres to strict protocols regarding the collection and handling of childrenâ€™s personal information. In instances where we are made aware of the collection of a child's personal information without prior parental consent, we take immediate steps to rectify the situation in compliance with applicable laws and our commitment to safeguarding children's privacy.
Our process includes:
- Promptly notifying the parent or guardian about the collection of the childâ€™s personal information.
Utilizing the FusionAuth process to obtain parental consent. If consent is not granted or we receive no response within 7 days, we proceed to delete the child's information from our platform. This ensures that the child's access to our site is restricted until parental consent is verified.
These practices affirm our dedication to protecting the privacy of all users, especially minors, and our adherence to legal standards concerning childrenâ€™s online privacy.
We take appropriate measures to keep your information secure, both online and offline.
Whenever we collect sensitive information, we use encryption and secure methods to protect it. We do not store or handle credit card or other payment data, but third-party payment services may do so at your request.
In addition to online security measures, we also protect your information offline. Only employees who need the information to perform specific tasks (such as billing or customer service) have access to it. The computers and servers where we store personally identifiable information are kept in a secure environment.
Monitoring and Enforcement
At Melee.gg, we are dedicated to upholding the highest standards of data protection and policy compliance. Our comprehensive approach to monitoring and enforcement ensures that our practices align with our privacy commitments and regulatory requirements.
Data Protection Impact Assessments: For new projects or when introducing significant changes to our platform, we carry out data protection impact assessments. This helps identify any risks to user privacy and implement mitigating measures before deploying changes.
User Complaints and Feedback: We take user complaints and feedback seriously as part of our monitoring process. Users can report concerns or violations of their privacy rights to us via our privacy report submission page. We investigate all reports promptly and take appropriate action to address any issues.
Data Breach Response:
Rapid Response Plan: In the unlikely event of a data breach, we have a rapid response plan in place. This plan includes notifying affected users, relevant authorities, and taking steps to mitigate any potential harm. Our goal is to manage and resolve any such incidents transparently and efficiently.
Vendor and Partner Agreements: Our agreements with third-party vendors and partners include strict data protection and privacy clauses. We regularly review these agreements to ensure that third parties adhere to our privacy standards and applicable laws.
Oversight and Review: We maintain oversight of third-party practices that impact our users' data, conducting periodic reviews to ensure compliance with our privacy commitments.
We have procedures for managing user access to our systems, applications, and data, including password policies, access controls, and authorization processes. We use multi-factor authentication to ensure that only authorized individuals can access our systems and data. We regularly review and update our access management processes and procedures to ensure that they remain effective and compliant with applicable laws and regulations. Databases, key vaults, and other private data sources are only accessible via certain IP addresses.
User Data Encryption
To protect your data while it is being transmitted between your device and our servers, we use SSL/TLS encryption. This means that all data transmitted between your device and our servers is encrypted and cannot be read by unauthorized parties. We also use the secure HTTPS protocol to prevent data from being modified or tampered with during transmission. By using SSL/TLS encryption and HTTPS, we can ensure that your data remains confidential, integral, and authentic during transmission.
All user data is stored within Keyruneâ€™s cloud service. This service uses encryption to protect data at-rest, including backups. The encryption keys are system-managed and the storage encryption is always on and can't be disabled.
Backup and Disaster Recovery
Our database automatically creates server backups and stores them in user-configured locally redundant or geo-redundant storage. These backups include data files and transaction logs and can be used to restore our servers to a point-in-time within our configured backup retention period of seven days. All backups are encrypted.
You can easily update nearly all of your personally identifiable information collected on this site at your leisure. If you find that you cannot update a piece of information, please contact us at email@example.com.
Removing Your Information
You have the right to be forgotten on Melee. If you would like to delete your account, you may do so via your Profile Page. Deleting your account will delete all personally identifiable information from Melee but may not delete all content generated by your use of the site (such as submitted decklists, pairings, and standings).