← Home·TermsPrivacyCookies

Privacy Policy

Last updated: April 14, 2026

Marbl3D is operated by MAGKORE("we," "us," or "our").

1. Who we are

MAGKORE ("we," "us," or "our") operates Marbl3D(the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our websites, game, and related services.

2. Information we collect

  • Account and authentication: email address; password (handled by our auth provider—hashed); username; date of birth collected at registration; for users under 13 when our sign-up flow requires it, a parent or guardian email address; optional profile avatar image if you upload one to storage; linked OAuth identities when you choose Google or Discordsign-in (subject to those providers' policies).
  • Game and economy data: progression, level and XP, coins and gems, inventory and equipped cosmetics, item attributes we store (such as wear or quality values where applicable), match and mode statistics, ranked or campaign progress, case openings and related data (for example pity counters or history used for fairness), season pass tier progress and claimed rewards, marketplace listings and sales, recycling and trade history where those features are enabled, Terminal scans and purchases, and similar gameplay events stored in our database.
  • Social and competitive data: friends relationships, invites, in-Service notifications, leaderboard entries and profile information you make visible (such as username and stats), and tournament or event participation where offered.
  • Payments: when you buy gem packs, Stripe processes payment. We receive payment status, Stripe identifiers (such as Checkout session IDs), and metadata needed to credit gems to your account. We do notstore full payment card numbers on our servers—Stripe handles card data. See Stripe's Privacy Policy.
  • Bug reports: if you submit a report, we store the fields you provide (title, description, category, optional steps, page URL) and technical context such as client environment details you send with the report.
  • Technical and security data: server and provider logs may include IP addresses, user agents, and timestamps for security, abuse prevention, and debugging. Multiplayer connections send your session token to our game server for authentication and relay gameplay data.
  • Random reward integrity: data needed to apply pity or similar fairness rules, resolve case openings, and maintain audit trails for virtual item grants and economy actions.

Legal disclosures for cases and randomized cosmetics (including odds shown in-game and that these systems are not gambling) are in our Terms of Service.

3. What we do not do (current product)

The Service does not embed third-party advertising or analytics trackers (such as ad networks or behavioral analytics SDKs) in the application code as shipped in this repository. If we add them later, we will update this Policy and obtain consent where required.

4. How we use information

  • Provide, operate, secure, and improve Marbl3D.
  • Authenticate sessions, prevent fraud and abuse, and enforce our Terms.
  • Run matchmaking, leaderboards, friends, notifications, multiplayer, campaign, ranked, and other game modes.
  • Operate randomized cosmetic systems (cases), the marketplace, trades, season pass tracks, and the Terminal, including economy logs and anti-fraud checks.
  • Process purchases and maintain transaction records.
  • Respond to bug reports and support requests.
  • Comply with law and respond to lawful requests.

We do not sell your personal information. We do not use cross-context behavioral advertising as defined under U.S. state privacy laws in the current product.

5. Legal bases (EEA, UK, Switzerland)

Where GDPR-style laws apply, we rely on: performance of a contract (providing the Service); legitimate interests (security, anti-abuse, improving the product), balanced against your rights; consent where required; and legal obligations.

6. Service providers (subprocessors)

We use service providers that process data on our behalf, including:

  • Supabase— authentication, database, and file storage for the Service. Data is processed according to Supabase's terms and privacy documentation for your project region.
  • Stripe — payment processing for gem purchases.
  • Hosting — for example Netlify (or another host you configure) for serving the web application and related logs.
  • Multiplayer infrastructure — servers you operate for online play, processing gameplay messages and connection metadata.

We may add or change providers; when we do, we will update this Policy or provide notice as appropriate.

7. International transfers

Our providers may process data in the United States and other countries. Where required, we use appropriate safeguards (such as standard contractual clauses approved by the European Commission).

8. Retention

We keep personal information for as long as your account is active and as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. If you ask to delete your account (where we offer that process) or we delete inactive accounts per our policies, we will delete or anonymize personal information within a reasonable period—often within about 30 days—subject to legal, tax, or security retention needs.

9. Security

We use administrative, technical, and organizational measures designed to protect personal information, including industry-standard practices for web applications and database access controls. No method of transmission or storage is completely secure.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise these rights, contact us using the channels described below. You may also lodge a complaint with a supervisory authority where applicable.

11. California residents (CCPA/CPRA)

California residents may request to know, delete, and correct personal information we hold, subject to exceptions. We do not "sell" or "share" personal information for cross-context behavioral advertising in the current product. You may designate an authorized agent where permitted by law.

12. Children

We collect a date of birth at registration and, when applicable, a parent or guardian email for users under 13 as part of our sign-up flow. If you believe we have collected information from a child in a way that violates applicable law, contact us and we will take appropriate steps.

13. Cookies and local storage

We use cookies and local storage as described in our Cookie Policy, including Supabase authentication cookies and locally stored game settings.

14. Changes

We may update this Privacy Policy. We will post the new version and change the "Last updated" date. Material changes may require additional notice as required by law.

15. Contact

For privacy requests and questions, contact us through the Service (for example via bug reports or any official support channel we publish). See also our Terms of Service.

This Policy is written to match the Marbl3D implementation (Supabase, Stripe, hosting, multiplayer). Have legal counsel review it before relying on it as a sole compliance document.