Blood on the Clocktower ONLINE
PRIVACY POLICY
Last Modified on 30 April 2025

1. What’s in this Privacy Policy?

In this Privacy Policy, you’ll find:

  • What information we collect about you
  • How we might use that information
  • What information we might share with others
  • Your rights and choices about that information

2. What does this Privacy Policy cover?

We are The Pandemonium Institute Pty Ltd. In this document, we will refer to ourselves as “TPI,” “we,” or “us.” We will refer to you and any other users as “you.”

In this Privacy Policy, we will cover the products and services that we offer to you related to the “Blood on the Clocktower” software applications, including any online browser-based and downloadable versions. Together, we’ll refer to these as the “Service.”

By using the Service, you agree to the terms of this Privacy Policy. Please read our Terms of Use, as well, for general guidance about your use of the Service. Except as otherwise expressly agreed, this Privacy Policy and our Terms of Use are the complete agreement between you and TPI.

3. What types of personal data do we collect?

Below you’ll find details about the types of personal data we collect from you and how we use it. We call this “processing” your data.

We’ll also tell you the reason for processing that data, which is known as our “legal basis.”

First, the personal data we collect from you:

Type of data Examples of the data How we use it Our legal basis
Contact Information
  • Your name
  • Your email address
 To contact you for technical support and customer support purposes, for marketing and promotional purposes, and to administer contests and sweepstakes. Based on your explicit consent, under GDPR Art. 6 (1) (a).
Account Information
  • Your name
  • Your email address
 To allow you to create an account on the Service, to contact you for technical support and customer support purposes, for marketing and promotional purposes, and to administer contests and sweepstakes. The collection is necessary to fulfill a contract with you, under GDPR Art. 6 (1) (b).
Analytic Information

Technical and analytic information about your devices, usage, and other info, which may include:

  • Technical information about your device and device software
  • Your IP address and geolocation information
  • Gameplay-related information, such as gameplay times, number of players, etc.
 To analyze and improve Service functionality and bug fixing. The collection is necessary to fulfill a contract with you, under GDPR Art. 6 (1) (b).
Your Content Your public video streams, gameplay audio, chats, messages, comments, and other public postings on the Service and Service-related applications To operate public posting and communications capabilities on the Service, including in-game chat, video, and Service-related community spaces such as Discord. The collection is necessary to fulfill a contract with you, under GDPR Art. 6 (1) (b).

The personal data that others share with us:

Third party sharing the data Type of data shared with us How we use it Our legal basis
Patreon Account Information To confirm your Patreon patron level to ensure you receive the appropriate Service access and functionality The collection is necessary to fulfill a contract with you, under GDPR Art. 6 (1) (b).

And the personal data that we share with others:

Our reason for sharing What data is being shared? Who are we sharing it with? Their privacy policy
Creating your Account on the Service Account Information Shopify https://www.shopify.com/legal/privacy
Operating Service-related community spaces Your Content Discord, Twitch, and other online community spaces operated or controlled by TPI which may be added from time to time

https://discord.com/privacy

https://www.twitch.tv/p/en/legal/privacy-notice/
Newsletter mailing list Contact Information, Account Information Mailchimp or other third-party mailing list services we engage with https://mailchimp.com/legal/
Quickly detect and resolve technical bugs in the app client Your app user ID, username, IP address, browser version and OS version, and session name.
The internal application state and a history of events on the app leading up to the error being reported.		 Sentry (Europe) https://sentry.io/privacy/

We may also need to share your personal data in a few other situations:

  • To follow the law, a court order, or orders from government agencies
  • To detect and combat fraud or security issues
  • To protect the Service, our employees, and our business’s rights or safety

Other than that, we will not share your personal data with anyone else.

4. How long do we keep your personal data?

We only keep your personal data as long as it’s required to provide you with the Service. Sometimes a longer period might be required by law.

After that, we will delete your personal data within a reasonable time.

Please note that we may retain some data, if necessary to:

  • resolve disputes,
  • enforce our user agreements,
  • follow any technical and legal requirements related to the Service.

5. Children’s privacy rights

We don’t knowingly collect any personal data from children under the age of 13. We also don’t knowingly allow them to create accounts, sign up for newsletters, make purchases, or use the Service.

We may also limit our personal data processing for EU users between 13 and 16.

We take children’s privacy seriously and encourages parents to play an active role in their children’s online experience. If you have any concerns about your child’s personal data, please contact us at app@bloodontheclocktower.com.

6. Transfers of your personal data

Our headquarters is in Australia and we use data servers located in the United States and the European Union.

No matter where you live, by using the Service you consent to the processing and transfer of your personal data in and to Australia, the United States, and the European Union. This processing will be under the privacy policies of third parties that we share personal data with.

The laws of these countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

If you would like more information, please contact us (see “How to contact us” below).

7. Cookies

Certain parts of the Service may feature cookies. A cookie is a small amount of data that is sent to your browser from a web server and is stored on your computer’s hard drive. Cookies are not spyware or adware and can’t deliver viruses or run programs on your computer. Other similar methods include tracking pixels and web beacons.

For more information about our use of Cookies, please view our Cookie Policy below.

8. EU residents’ rights

We are regulated under the General Data Protection Regulation (GDPR), which applies across the European Union (including in the United Kingdom). We are responsible as a controller of personal data for GDPR purposes.

Your rights as an EU resident:

Under the GDPR, EU residents have several important rights:

  • By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
  • If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
  • If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
  • You have the right to ask us to stop using your information for a period of time.
  • Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.

If you would like to exercise any of those rights, please email us at app@bloodontheclocktower.com. We may ask for additional info to verify that you’re the owner of that data.

Also, in some cases where the law requires it, we may not be able to help with the above requests.

9. California residents’ rights

We are regulated under the California Consumer Privacy Act (CCPA), which applies to California residents.

Under the CCPA, California residents have several important rights:

Right to Know: You can ask us what personal data we hold about you and request a copy. This includes:

  • The type and specific pieces of personal data we have collected
  • The types of sources we collect the data from
  • The purpose for collecting your personal data
  • The third parties we share that data with

Right to Delete: You can request that we erase your personal data. There are some exceptions to this right, if we:

  • Need to complete the transaction for which the personal data was collected or if there is an ongoing business relationship or contract with you
  • Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity
  • Need to identify and repair errors affecting Service functionality
  • Exercise free speech or ensure another consumer can exercise (or another lawful right)
  • Need to comply with the California Electronic Communications Privacy Act
  • Engage in research in the public interest
  • Enable solely internal uses that are in line with your expectations for using your personal data
  • Need to comply with a legal obligation
  • Otherwise use your personal data internally, in a way that’s compatible with the reason we collected it in the first place

Sale of your personal data: We don’t sell any of your personal data for any purposes.

Other Rights: California residents also have the right to request information about our disclosure of personal data to third parties for direct marketing purposes during the calendar year before your request. This request is free and may be made only once a year.

We also won’t discriminate against you for exercising any of the rights listed above.

If you would like to exercise any of those rights, please email us at app@bloodontheclocktower.com. We may ask for additional info to verify that you’re the owner of that data.

10. How do we protect personal data?

We have taken steps and put security measures in place to prevent the accidental loss or misuse of personal data.

For example, we limit access to those who have a genuine business need. Those processing your information will do so only in an authorized manner.

We also have procedures in place to deal with any suspected data security breach. We’ll notify you and any applicable regulator of a suspected data security breach when legally required.

11. Resolving Disputes

We hope that we can resolve any questions or concerns you raise about our use of your personal data.

Please contact us at app@bloodontheclocktower.com to let us know if you have questions or concerns. We will do our best to resolve the issue.

For EU residents, the GDPR also gives you right to lodge a complaint with a supervisory authority. You may do this in the EEA state where you live, work, or where any alleged infringement occurred.

12. How will we notify you of changes?

We last updated this Privacy Policy on 30 April 2025.

We may make further updates from time to time. If we have your email address on file, we will inform you via email. Otherwise, we will post a message on the Service about the change.

13. How to contact us

Please contact us if you have any questions about this Privacy Policy or your personal data.

You can do so using the following contact info:

  • Email: app@bloodontheclocktower.com
  • Postal Mail: PO Box 151, Enmore, NSW, Australia 2042