Privacy Policy

Raidium is operated by Calvin Drakke Rulete, a sole trader based in General Santos City, South Cotabato, Philippines, doing business as Raidium. References to “Raidium”, “we”, “us”, or “our” in this policy refer to that operator.

Raidium is a guild-management platform for online games. We are not affiliated with, endorsed by, or sponsored by any game publisher; game names, images, and trademarks remain the property of their respective owners.

You can contact us about this policy at drekyz.business@gmail.com.

Raidium is intended for users who are at least 18 years old. The platform includes an in-guild marketplace, a points-based economy, and paid subscription features that may be settled in fiat currency or on the KAIA blockchain. Because of these features, we do not knowingly collect personal information from anyone under 18.

If you become aware that an account on Raidium belongs to a minor, please contact us at drekyz.business@gmail.com and we will delete the account.

The categories of personal information we collect are listed below. We collect only what we need to operate the service.

• Account & profileWe collect email address, username, password (stored only as a bcrypt hash), and optional first name, last name, phone number, and profile image. We use this information to authenticate you, provide guild membership, and display your identity to other members of your guild.
• Discord account (optional)We collect Discord user ID, username, global display name, and avatar hash, requested through the standard Discord OAuth scopes “identify” and “email”. We use this information to let you sign in with Discord and link Discord notifications to your account; we never read your Discord messages, servers, or contacts.
• Push-notification tokensWe collect Firebase Cloud Messaging (FCM) device token, a per-install device identifier, the platform (Android or web), and the timestamp of the last successful delivery. We use this information to deliver in-app push notifications for events you opt into (boss spawns, attendance, marketplace, raffles, alliance updates).
• Payment metadataWe collect on-chain transaction hash and sender wallet address (KAIA blockchain payments) or hosted-checkout session identifier and amount (PayMongo QRPh payments). We use this information to verify subscription payments and link them to the correct guild; we never see or store your card number, expiry, CVV, bank details, or cardholder name.
• Attendance screenshots and extracted textWe collect images you upload as proof of raid attendance (stored on Cloudinary) and the player names automatically extracted from those images by optical character recognition (OCR). We use this information to verify who attended a raid and award points; extracted names are matched against your guild’s member list.
• Activity & audit logsWe collect the actions you perform inside Raidium (logins, point adjustments, marketplace purchases, settings changes), along with the source IP address and user-agent string of the request. We use this information to support security investigations, fraud prevention, and admin visibility into guild operations.
• Authentication cookies & local storageWe collect a short-lived access-token cookie (six hours), a long-lived refresh-token cookie (seven days, HTTP-only), and on the Android app, the same tokens stored via Capacitor Preferences. We use this information to keep you signed in and refresh your session without asking for your password every time.
• Performance & diagnostic analyticsWe collect anonymized Web Vitals and page-load metrics gathered by Vercel Analytics and Vercel Speed Insights. We use this information to identify and fix performance regressions; we do not receive any personally identifying information from this telemetry.
• Advertising cookies (Google AdSense)We collect cookies and identifiers Google AdSense places when its loader script runs on our public marketing surfaces — typically NID, IDE, and similar Google ad-tech identifiers used for frequency capping, ad selection, and click measurement. We use this information to show contextual or interest-based ads on our public calculator tool pages and let Google measure ad performance; we never receive these identifiers ourselves and never combine them with your guild account data.

We do not collect precise or approximate location, contacts, calendar data, microphone or camera input, files outside of screenshots you actively upload, browsing history, SMS or call logs, or biometric identifiers. The Android app does not request these permissions.

• To create and authenticate your guild account.
• To run the features of the service (boss tracking, attendance, points, marketplace, requests, alliance management, raffles, push notifications).
• To verify subscription payments and apply them to the correct guild.
• To send transactional email such as password resets, email verification, and administrative notices.
• To investigate suspected fraud, abuse, or breaches of our Terms of Service.
• To monitor performance and reliability through anonymized analytics.
• To comply with applicable law, lawful requests, and to enforce our agreements.

We do not sell your personal information, and we do not run our own ad network or build advertising profiles ourselves. The public marketing surfaces — specifically the calculator tools at /tools/* — display ads served by Google AdSense, and Google may use its own cookies and identifiers to select and measure those ads under its own privacy terms. Authenticated areas of Raidium (anywhere under /g/* once you are signed in) display no ads.

For visitors in the EEA, the United Kingdom, and Switzerland, Google’s certified consent management platform asks for consent before personalised advertising identifiers are stored or read on your device. Visitors who decline see only non-personalised ads or no ads at all. For visitors in US states with applicable privacy laws (such as California, Virginia, Colorado, and Connecticut), the same platform injects a “Privacy options” control on the page that lets you opt out of the sale or sharing of personal information for personalised advertising.

Where the General Data Protection Regulation (GDPR), the UK GDPR, or similar laws apply, we rely on the following legal bases:

• Contract. Processing necessary to provide the service you have signed up for (account, guild membership, paid subscriptions).
• Legitimate interests. Operating the service securely, preventing fraud, debugging, and improving reliability.
• Consent. Where you opt in to receive push notifications or link your Discord account.
• Legal obligation. Where we are required to retain or disclose information by law.

We rely on a small set of vetted service providers (“processors”) to deliver Raidium. They process information on our behalf and are bound by their own privacy terms.

Cloudinary URLs for screenshots and profile images are publicly accessible to anyone who has the URL. Treat any image you upload to Raidium as content that could be shared with members of your guild.

Some information may be retained longer than the periods above where required by law (for example, financial records associated with subscription payments) or where it is needed to resolve a dispute or enforce our Terms of Service.

Depending on where you live, you may have the right to access, correct, delete, or port the personal information we hold about you, to object to or restrict certain processing, and to withdraw consent at any time.

• Access and correction. You can view and edit most of your account information directly inside the app under your profile.
• Deletion. You can ask your guild administrator to archive your account inside the app, or you can email drekyz.business@gmail.com and we will delete or fully archive your data within 30 days of verifying your request.
• Data portability. Email us at the same address to request a machine-readable export of the data tied to your account.
• Discord and push notifications. You can unlink your Discord account from your profile page and turn off push notifications from your device’s system settings or from the in-app notification preferences.
• Complaints. If you believe we have handled your information improperly, you may lodge a complaint with your local data-protection authority. We would also appreciate the chance to address your concern first.

All traffic between the app and our servers is encrypted with HTTPS. Passwords are hashed with bcrypt before being stored — we never see or store passwords in plain text. Authentication tokens are short-lived and refreshed with HTTP-only, SameSite=strict cookies. Database access is restricted by role and protected by network-level controls at MongoDB Atlas.

No system can be guaranteed completely secure. If you believe your account has been compromised, please change your password and contact us immediately.

Raidium is operated from the Philippines, but we use service providers whose infrastructure is located in the United States, the European Union, and other regions. Where personal information is transferred out of your country, we rely on the safeguards offered by those providers (including Standard Contractual Clauses where applicable) to protect it.

Raidium is not directed to children under 18, and we do not knowingly collect personal information from anyone in that age group. See section 02 for how to report a minor’s account.

When we make material changes to this policy, we will update the effective date at the top of the page and notify you in-app, by email, or by both. Continued use of the service after a change takes effect means you accept the updated policy.

For privacy questions, data-subject requests, or anything else covered by this policy, contact: