Privacy Policy
For the Isle Craft website and related browser-based game services operated by SAUNA PISCES LTD
Effective date: 9 April 2026
Operator: SAUNA PISCES LTD (Company No. 15568666), 20 Wenlock Road, London, England, N1 7GU, United Kingdom
Contact: info@isle-craft.com
| Who this applies to | Players, account holders, purchasers of digital content, website visitors, and support requesters using Isle Craft or related pages and services. |
| What this covers | How SAUNA PISCES LTD collects, uses, stores, shares, and protects personal data when operating Isle Craft, processing purchases, providing support, securing the service, and complying with legal obligations. |
1. Introduction and Scope
SAUNA PISCES LTD (“Company”, “we”, “us”, or “our”) operates the Isle Craft website, the related playable browser-based game environment, customer support channels, checkout integrations, and associated community and informational pages (together, the “Service”).
This Privacy Policy explains how we process personal data in connection with the Service. It applies when you browse the website, create or use an account, purchase digital content such as virtual currency, virtual items, or game features, contact support, participate in community or promotional interactions, or otherwise interact with us.
This Privacy Policy should be read together with our Terms of Use and End User Licence Agreement, Cookie Policy, Refund Policy, Payment Policy, Cancellation Policy, and Digital Product Fulfillment Policy, where applicable.
2. Data Controller and Contact Details
The data controller for the personal data described in this Privacy Policy is SAUNA PISCES LTD, a private limited company incorporated in England and Wales under company number 15568666, with registered office at 20 Wenlock Road, London, England, N1 7GU, United Kingdom.
You may contact us regarding privacy matters, data protection requests, or complaints using the contact details published on the Service, including info@isle-craft.com. If we appoint a dedicated privacy contact or representative in the future, the Service may be updated to reflect that appointment.
3. Age Position
The Service is intended for users aged 13 and above. We do not knowingly design the Service for unsupervised use by children below the minimum age permitted under our Terms or applicable law.
If we become aware that personal data has been submitted in breach of our age rules or without any required parental or guardian involvement, we may suspend the account, limit features, and delete or restrict relevant data as appropriate.
4. Categories of Personal Data We Collect
We may collect the following categories of personal data depending on how you use the Service:
| Category | Typical data elements |
| Account and identity data | Username, display name, login credentials, account identifiers, account status, registration date, and records needed to create, administer, secure, or close your account. |
| Contact and communications data | Email address, phone number if provided, support ticket content, complaint records, correspondence history, and communication preferences. |
| Transaction and purchase data | Order identifiers, purchase history, purchased digital goods, currency used at checkout, transaction timestamps, payment status, refund status, and fraud review notes. |
| Limited payment metadata | Payment method type, masked card or wallet information, processor reference numbers, billing country, payment authorisation outcome, and anti-fraud signals received from payment processors. We do not intentionally store full payment card numbers. |
| Technical and device data | IP address, device identifiers where available, browser type, operating system, language settings, time zone, referring URLs, crash logs, diagnostics, and performance telemetry. |
| Gameplay and service usage data | Session activity, in-game interactions, entitlement records, virtual inventory records, delivery logs for digital content, progression metrics, and security event history. |
| Cookie and similar technology data | Cookie identifiers, preference selections, session information, analytics events, and consent signals as described further in our Cookie Policy. |
| Legal and compliance data | Records relating to fraud prevention, abuse management, chargeback handling, sanctions screening where necessary, law-enforcement requests, dispute resolution, and compliance with legal obligations. |
5. Sources of Personal Data
We collect personal data directly from you when you enter information, create an account, contact us, make a purchase, submit a refund request, or otherwise interact with the Service.
We also collect data automatically from your device and browser through logs, cookies, analytics tools, and technical monitoring systems.
In addition, we may receive personal data from third parties such as payment processors, hosting providers, fraud prevention vendors, analytics providers, customer support tools, law-enforcement bodies, or professional advisers where relevant to operating or protecting the Service.
6. How We Use Personal Data
We use personal data only where this is reasonably necessary for the operation, improvement, protection, and lawful administration of the Service.
We may use personal data for the following purposes:
• to register, authenticate, administer, and maintain user accounts;
• to provide access to the website, playable game environment, purchased digital content, virtual currency, virtual items, and other service features;
• to process one-time purchases, verify transactions, reconcile payments, and coordinate refunds or payment reversals;
• to investigate failed delivery, duplicate charges, unauthorised payment reports, suspected fraud, abuse, exploitation of bugs, or other misuse of the Service;
• to provide customer support, respond to complaints, and maintain service communications;
• to monitor performance, diagnose technical issues, troubleshoot crashes, and improve functionality, stability, and user experience;
• to personalise non-essential preferences where lawful and enabled;
• to enforce our contractual rights, policies, and community or acceptable use standards;
• to comply with legal, regulatory, tax, accounting, consumer protection, law-enforcement, and dispute-resolution obligations;
• to establish, exercise, or defend legal claims and manage business risk;
• to carry out internal reporting, recordkeeping, corporate transactions, or audits in connection with legitimate business operations.
7. Lawful Bases for Processing
Where United Kingdom data protection law or materially equivalent standards apply, we rely on one or more of the following lawful bases depending on the relevant processing activity:
| Lawful basis | Examples of use |
| Contract | Creating and operating accounts, providing gameplay access, delivering purchased digital content, handling support linked to the service contract, and administering account closure. |
| Legitimate interests | Service security, fraud prevention, diagnostics, product improvement, internal administration, recordkeeping, abuse prevention, chargeback defence, and proportionate business analytics. |
| Legal obligation | Tax, accounting, consumer law, law-enforcement cooperation, sanctions or fraud checks where required, record retention, and compliance with court or regulatory requests. |
| Consent | Non-essential cookies, optional marketing communications if introduced, or other processing where consent is required by law. |
| Legal claims | Establishing, exercising, or defending legal rights in disputes, complaints, payment investigations, or enforcement actions. |
8. Payments and Checkout
Payments for digital content may be processed by third-party payment providers integrated into or linked from the Service. Those providers may process your payment data in accordance with their own privacy notices, terms, security procedures, and regulatory obligations.
We may receive limited payment-related information from those providers, such as transaction identifiers, payment status, masked instrument details, anti-fraud results, billing country, refund status, and evidence needed to resolve disputes. We use that information to fulfil purchases, handle customer support, investigate suspected unauthorised use, and manage chargebacks or payment reversals.
9. Cookies and Similar Technologies
We use cookies and similar technologies for website operation, user preferences, session continuity, security, and analytics. Some cookies are strictly necessary for the Service to function. Others are used only where permitted by law and, where required, based on your consent.
Further detail, including cookie categories and a cookie table, is provided in our Cookie Policy. You can also manage cookies through your browser controls, subject to the possibility that disabling certain cookies may affect Service functionality.
10. Sharing of Personal Data
We do not sell personal data. We may share personal data only where reasonably necessary for the purposes described in this Privacy Policy, including with the following categories of recipients:
• payment processors and payment service providers involved in checkout, refunds, fraud controls, and dispute handling;
• cloud hosting, infrastructure, security, and technical support providers;
• analytics, diagnostics, and website performance providers;
• customer support and communications providers;
• professional advisers such as lawyers, accountants, auditors, insurers, or corporate service providers;
• courts, regulators, law-enforcement agencies, or public authorities where disclosure is required or reasonably necessary;
• actual or prospective acquirers, investors, or restructuring parties in connection with a corporate transaction, subject to appropriate confidentiality protections.
11. International Transfers
The Service may use providers located in, or accessible from, jurisdictions outside the United Kingdom. Where personal data is transferred internationally, we take reasonable steps to implement an appropriate transfer mechanism where required by law.
Depending on the transfer route and legal regime involved, this may include an adequacy decision, the United Kingdom International Data Transfer Agreement, the United Kingdom addendum to standard contractual clauses, contractual safeguards, technical security controls, or another recognised legal basis for transfer.
12. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to provide the Service, maintain records, resolve disputes, comply with law, and protect the Company.
Retention periods vary by data category, the sensitivity of the data, the purpose of use, whether the account remains active, and whether there is an outstanding refund, complaint, chargeback, fraud investigation, or legal obligation requiring extended retention.
As a general approach, we may retain account and transaction records for a commercially and legally reasonable period after account closure or the final transaction, particularly where needed for tax, accounting, fraud prevention, audit, or legal defence purposes. Where data is no longer required, we may delete, anonymise, or securely aggregate it.
13. Data Security
We use administrative, technical, and organisational measures designed to protect personal data against unauthorised access, misuse, loss, alteration, or disclosure. These measures may include access controls, environment segregation, logging, encryption in transit where available, vendor controls, least-privilege access, and monitoring for suspicious activity.
No online system is completely secure. You are also responsible for maintaining the confidentiality of your credentials, using appropriate device security, and notifying us promptly if you suspect unauthorised access to your account or payment activity.
14. Your Privacy Rights
Depending on applicable law and your location, you may have the right to request access to your personal data, correction of inaccurate data, deletion of data in certain cases, restriction of processing, objection to certain processing, data portability, or withdrawal of consent where consent is the basis for processing.
You may also have the right to complain to the relevant supervisory authority. In the United Kingdom, this may include the Information Commissioner’s Office where United Kingdom data protection law applies.
We may need to verify your identity before acting on a request. Certain rights are not absolute and may be limited where the law allows us to retain or continue processing data, for example to comply with legal obligations, protect against fraud, complete a transaction, defend legal claims, or enforce our contractual terms.
15. Marketing Communications
As of the effective date of this Privacy Policy, the Service is primarily focused on product operation, account administration, and transactional communications. If we introduce optional marketing communications in the future, we will explain how to opt in or opt out where required by law.
We may continue to send non-marketing service messages that are necessary for account operation, purchase fulfilment, security alerts, policy updates, and support interactions.
16. Automated Decision-Making
We may use automated tools or rules to detect suspicious activity, prevent fraud, identify abuse, prioritise support or security review, or help decide whether a payment or account event should be escalated for manual review.
We do not intend this Privacy Policy to imply that all such tools amount to solely automated decision-making with legal or similarly significant effects under applicable law. Where such rules materially affect your account or transaction, we may conduct further review and consider additional evidence.
17. Third-Party Services and External Links
The Service may contain links to third-party websites, embedded services, social media features, or payment flows that are operated independently from us. We are not responsible for the privacy practices of those third parties. You should review their privacy notices before providing personal data or completing transactions through them.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to the Service, data practices, legal requirements, or operational arrangements. The updated version will be posted on the Service with an updated effective date or similar notice.
Where required by law, we will take additional steps to notify users of material changes.
19. How to Contact Us or Submit a Request
If you have a privacy question, would like to exercise a data right, or need to report a data concern, please contact us using the details provided on the Service, including info@isle-craft.com. To help us respond efficiently, you should describe your request clearly and provide enough information for us to verify and locate the relevant records.
We may ask for reasonable proof of identity before responding to certain requests. We may also decline or limit a request where the law permits us to do so, including where the request is manifestly unfounded, excessive, technically impracticable, or conflicts with legal obligations or the rights of others.
Schedule 1 — Practical Retention Guide
The following retention guide is illustrative and may be adjusted where longer retention is reasonably necessary for legal, contractual, security, fraud-prevention, or dispute-management reasons.
| Data type | Typical baseline approach | Reason for longer retention where needed |
| Basic account records | For the duration of the account and a reasonable period after closure. | Security investigations, reactivation disputes, legal claims, or abuse prevention. |
| Purchase and refund records | Retained for a commercially and legally reasonable accounting period. | Tax, accounting, chargeback defence, audit, fraud review, or legal obligations. |
| Support correspondence | Retained while the issue remains active and for a reasonable follow-up period. | Complaint handling, repeat incidents, legal claims, or service quality review. |
| Technical logs and security records | Retained according to operational need and risk sensitivity. | Incident response, abuse detection, forensic analysis, or infrastructure security. |
| Cookie consent signals | Retained for consent-management purposes for an appropriate period. | Demonstrating compliance with consent rules and preference management. |
End of Privacy Policy