Legal

Privacy Policy

Last updated: February 2026  ·  pursuant to GDPR (EU) 2016/679

We take the protection of your personal data seriously and process it only in accordance with applicable data protection laws. This policy informs you about what data we collect in the context of the Mafia Inc. browser game, how we use it and what rights you have.

1. Controller

The controller within the meaning of the GDPR is the provider named in the Legal Notice:

Daniel Drexlmaier
Krautgartenstr. 26
70329 Stuttgart, Germany

Data protection enquiries: datenschutz@mafia-inc.de

2. Data we collect

On registration:
Alias/username (required — no real name needed), e-mail address (for account confirmation and important game notifications), password (stored exclusively as a bcrypt hash with individual salt — never in plain text), registration date.

While playing (game data):
Game state (resources, points, rank, progress), game actions (attacks, trades, building construction, market transactions), syndicate membership and role (Don, Officer, Member), in-game messages between players, login timestamps and session data, IP address (automatically anonymised after 7 days — used solely for security and detection of multiple accounts as per game rules).

Technical data:
Browser type and operating system (for technical compatibility only, not stored permanently), session cookie (for login status, deleted when browser is closed).

V3 newsletter sign-up:
Only your e-mail address — exclusively for the one-time launch notification for Mafia Inc. Version 3.

What we do not collect: No real name, no postal address, no phone number, no payment data (the game is free), no location data, no tracking profile, no data from social networks.

3. Purpose of processing

We process your data exclusively for the following purposes:

  • Providing and operating the Mafia Inc. browser game
  • Creating and managing your game account
  • Enforcing the game rules (e.g. detection of multiple accounts via IP comparison)
  • Sending important account notifications (password reset, e-mail confirmation)
  • One-time newsletter at V3 launch (only if explicitly subscribed)

No sharing with third parties. Your data is never sold, rented or passed on to third parties. No processing for advertising purposes by third parties takes place.

4. Legal basis for processing

  • Art. 6(1)(b) GDPR (contract performance): Processing to provide the game and manage your account
  • Art. 6(1)(a) GDPR (consent): Processing your e-mail for the V3 newsletter — you can unsubscribe at any time without giving reasons
  • Art. 6(1)(f) GDPR (legitimate interest): Short-term storage of IP addresses to prevent abuse and ensure fair gameplay (max. 7 days)

5. Retention period

  • Account data: For the duration of active use — after account deletion all personal data is completely and irrevocably removed within 30 days
  • Game data & logs: Automatically purged at the end of each game round
  • IP addresses: Automatically anonymised after 7 days at the latest
  • V3 newsletter e-mail: Irrevocably deleted immediately after the one-time launch notification is sent
  • Session cookies: Automatically deleted on logout or session expiry
  • Inactive accounts: Accounts with no login for 24 months may be deleted following prior e-mail notification

6. Cookies & Tracking

We use only technically necessary session cookies that are strictly required for login status and language preferences. These cookies contain no personal data and are automatically deleted when the browser is closed.

We do not use tracking cookies, analytics cookies, advertising cookies, social media plugins or any other third-party services. No user data is transmitted to external services (e.g. Google Analytics, Meta Pixel, etc.).

7. Data security

To protect your data we apply the following technical and organisational measures:
  • Encrypted transmission of all data via HTTPS (TLS)
  • Passwords stored exclusively as bcrypt hashes with individual salts
  • Database-level access restrictions (least-privilege principle)
  • Regular security updates of all software used
  • No storage of payment data (the game is free)

8. Your rights (Art. 15–22 GDPR)

As a data subject you have the following rights at any time:
  • Access (Art. 15): Information about whether and what data we hold about you
  • Rectification (Art. 16): Correction of inaccurate or incomplete data
  • Erasure (Art. 17): Deletion of your data where no legal retention obligation applies
  • Restriction (Art. 18): Restriction of the processing of your data
  • Data portability (Art. 20): Receipt of your data in a common, machine-readable format
  • Objection (Art. 21): Objection to processing based on legitimate interests
  • Withdrawal: Withdrawal of any consent given at any time without giving reasons (e.g. newsletter unsubscribe)

Please direct requests to: datenschutz@mafia-inc.de
We process requests within 30 days.

9. Right to lodge a complaint

You have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

Competent authority for Baden-Württemberg:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de
→ View Legal Notice