Mythral
Get access

Privacy Policy

Effective date: April 18, 2026
Last updated: April 18, 2026

This Privacy Policy explains what personal data we collect when you use the Mythral website and software (the "Service"), why we collect it, how we use it, and the rights you have over it.

The data controller is Mythral. Contact us via Discord.

1. What we collect

1.1. Data you give us

  • Account data: email address, password hash, and any profile information you choose to add.
  • Purchase data: the product purchased, payment method type, billing country, timestamp, and any invoice-required information.
  • Support data: messages you send to us, including any information you include in them.

1.2. Data generated by your use of the Service

  • Session data: login events, IP address, user agent, and approximate region derived from the IP.
  • License enforcement data: a hardware identifier ("HWID") derived from your device, used to bind your license to a single installation.
  • Software diagnostics: crash logs and basic version/build telemetry sent by the loader to help us detect and fix bugs. These do not include the contents of files on your device or your activity in any other software.
  • Website analytics: aggregate visit statistics (page views, referrers, time on page). We do not use ad-tracking or cross-site identifiers.

1.3. Data we do not store

  • Full credit card or bank account numbers. Payments are processed by our processor(s); they handle card data directly and send us only a transaction reference and high-level billing metadata.
  • Passwords in plain text. All passwords are hashed using a modern password-hashing algorithm before storage.

2. Why we use your data

PurposeData usedLegal basis
Creating and maintaining your accountAccount dataContract
Delivering and enforcing your licenseAccount data, license enforcement dataContract
Processing paymentsPurchase dataContract; Legal obligation
Protecting the Service from fraud and abuseSession data, license enforcement dataLegitimate interest
Fixing bugs and improving stabilitySoftware diagnosticsLegitimate interest
Complying with legal obligationsPurchase dataLegal obligation

3. Who we share it with

We share personal data only with the following categories of recipients, and only as needed for them to perform their function:

  • Payment processors (e.g., Stripe) — to process purchases.
  • Hosting and infrastructure providers — for running the website, database, and API.
  • Authorities — when required by valid legal process.

We do not sell your personal data. We do not share it with advertisers.

4. International transfers

Our infrastructure is located in the European Union. Some sub-processors may be located outside the EU/EEA. When personal data is transferred outside the EU/EEA, we rely on one of the legal transfer mechanisms permitted under GDPR, such as the European Commission's Standard Contractual Clauses.

5. How long we keep it

  • Account data: while your account exists, and for up to 12 months after account closure for fraud prevention and to handle disputes. Then deleted or anonymized.
  • Purchase and invoicing data: for the period required by applicable tax and accounting law (commonly 8 years in Hungary).
  • Session and diagnostic logs: up to 12 months.
  • Support tickets: up to 24 months after resolution.

6. Your rights

If you are in the EU/EEA, UK, or another jurisdiction with similar laws, you have the right to:

  • Access your personal data and receive a copy of it;
  • Rectify inaccurate or incomplete data;
  • Erase your data, subject to retention obligations above;
  • Restrict or object to certain processing;
  • Data portability — receive your data in a machine-readable format;
  • Withdraw consent at any time, where processing is based on consent;

To exercise any of these rights, contact us via Discord. We will respond within 30 days.

7. Security

We protect your data with reasonable technical and organizational measures, including TLS encryption, password hashing, restricted administrative access, and regular patching. No system is perfectly secure. If we become aware of a breach that affects your personal data, we will notify you and the relevant authorities as required by law.

8. Cookies and similar technologies

The website uses only the cookies strictly necessary to operate (e.g., session and authentication cookies). If we add analytics or marketing cookies in the future, we will ask for your consent first via a cookie banner and update this policy.

9. Children

The Service is not intended for and not directed to anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We will update this policy when our practices change. The "Last updated" date shows the current version. Material changes will be announced at least 14 days before taking effect.

11. Contact

For privacy questions or to exercise your rights: Contact us via the Discord server.