Privacy

Privacy Policy

Version 3.0 · Effective July 12, 2026 · GDPR / RODO notice (Regulation (EU) 2016/679)

This Privacy Policy explains how Novera collects, uses, shares and protects your personal data, and the rights you have under the EU General Data Protection Regulation (GDPR / Polish "RODO"). It applies to novera.gg, api.novera.gg and related Novera services during Season 0 open access.

Data controller

The controller of your personal data is the owner/operator of Novera ("Novera", "we", "us"), currently operating the service before incorporation of a company. Controller: owner of Novera. Contact for privacy matters: [email protected]. This policy will be updated with full registration details once a legal entity is established.

Categories of personal data we process

  • Account & identity: your Discord user ID, username and display name, avatar URL, and email address where your Discord account provides it.
  • Game identity: your Riot ID (game name and tagline), Riot account identifiers (e.g. PUUID), Wild Rift / other in-game names, and verification status.
  • Competitive data: queue entries, ready checks, match rooms, scores and results, evidence screenshots you upload, disputes you open, tournament registrations and check-ins, rankings/ratings, badges/titles, Novera Points wallet, ledger and progression.
  • Communications: in-match chat messages, dispute reasons, notification history and support correspondence.
  • Invite and referral data: invite-code clicks, registrations attributed to an invite, reward milestones such as verified Riot account or first played match, and related wallet credits.
  • Technical & security data: a salted hash of your IP address (we do not store your raw IP in application records), device/browser metadata, device fingerprints, timestamps, audit logs of account and staff actions, rate-limit signals and anti-abuse/trust signals.
  • Preferences: language, game, region/country and notification settings, including web push category preferences.
  • Discord community data: Discord server membership snapshots and managed role/channel assignments where you link Discord and use Novera community features.
  • Prize payout data, when cash prizes are enabled: account owner name, IBAN in encrypted form, IBAN last four characters, country, payout consent, payout request and payment history.

How we collect data

We collect data directly from you (e.g. when you set an in-game name, upload evidence, subscribe to push notifications or contact us); from Discord via OAuth when you sign in; from the Riot Games API when you verify your Riot ID or when tournament/match results are checked; from invite links you use; and automatically as you use the service (technical and security data).

Purposes and legal bases (Art. 6 GDPR)

  • Creating and operating your account and providing ladders, matchmaking, tournaments and progression — performance of a contract with you (Art. 6(1)(b)).
  • Verifying your Riot/game identity — performance of a contract and, where required, your consent given at verification (Art. 6(1)(b) / 6(1)(a)).
  • Keeping competition fair and preventing cheating, fraud, multi-accounting and abuse, and securing the platform — our legitimate interests and those of other players (Art. 6(1)(f)).
  • Operating invite attribution, referral rewards, badges, titles and community roles — performance of a contract and our legitimate interest in growing and protecting the community (Art. 6(1)(b), 6(1)(f)).
  • Sending website notifications and optional web push notifications about matches, tournaments, teams/social features and wallet/rewards — performance of a contract for core alerts and consent/legitimate interest for optional push alerts (Art. 6(1)(b), 6(1)(a), 6(1)(f)).
  • Complying with legal obligations that apply to us — Art. 6(1)(c).
  • Optional communications or newsletters, if offered — your consent (Art. 6(1)(a)), which you may withdraw at any time.
  • Processing cash prize payout details and payout history where a tournament explicitly offers real-money prizes — performance of a contract, legal obligations for accounting/tax records, and our legitimate interest in payout integrity (Art. 6(1)(b), 6(1)(c), 6(1)(f)).

Cookies, sessions and local storage

Novera uses essential cookies and browser storage to keep you signed in, remember your language and active game, store invite attribution before login, protect accounts and route requests correctly. The main login session is stored in an HttpOnly cookie named novera_session. These technologies are necessary for the service to work and are not used to sell advertising profiles.

IP addresses

To prevent abuse and apply rate limits we process your IP address only as a keyed (salted) cryptographic hash. We do not retain your raw IP address in application records, and the hash cannot be reversed to your original IP without the secret key.

Third-party services

Signing in uses Discord (provided by Discord Inc.) and identity verification/result checks use Riot Games services (provided by Riot Games, Inc.). Web push delivery depends on your browser/platform push service. When you use these features, those providers process data under their own privacy policies; verifying your Riot ID sends that Riot ID to Riot to confirm it. Novera is an independent project and is not affiliated with Discord, Riot Games or any game publisher.

Recipients and disclosure

We do not sell your personal data. We share it only with: infrastructure/hosting providers acting as our processors under data-processing agreements; referees and tournament organizers, who see data relevant to running a competition; Discord where we manage server roles/channels or send messages you requested; payout/accounting support where cash prizes are processed; and competent authorities where legally required. Some information — your display name, avatar, Riot ID, public profile, rankings, registrations, badges, titles, results and prize assignments — is visible to other users or visitors as an inherent part of competitive features.

International transfers

Our hosting and primary data storage are located within the EU/EEA. Where a third party (such as Discord or Riot Games) processes data outside the EEA, such transfers are protected by appropriate safeguards under Chapter V GDPR, such as European Commission adequacy decisions or Standard Contractual Clauses.

Retention

We keep personal data only for as long as needed for the purposes described above and review it periodically. Account data is kept for the life of the account and deleted or anonymised after account deletion unless we must keep specific records longer. Security logs, OAuth callback logs and hashed IP anti-abuse records are normally kept for up to 12 months. Competition, integrity, evidence, dispute and staff audit records are normally kept for up to 3 years after the relevant event or account closure, because they may be needed to resolve disputes, protect fair play and defend claims. Records required by law, accounting or tax rules, including cash prize payout records and related bank-account details, are kept for the statutory period that applies to that category, generally up to 5 years from the end of the relevant tax year for tax/accounting records and up to 6 years from the end of the relevant year where needed for civil claims. After those periods, data is deleted or anonymised unless a longer retention is required by law or an active dispute, investigation or claim.

Automated processing

Matchmaking, rating updates, leaderboard placement, invite reward milestones and anti-abuse/trust scoring involve automated processing of your data. Anti-abuse signals may place account creation or competitive access on hold pending staff review, but you can contact us at [email protected] to request human review and contest the decision.

Your rights under GDPR / RODO

  • Access your data and obtain a copy (Art. 15).
  • Rectify inaccurate or incomplete data (Art. 16).
  • Erasure — request deletion of your data ("right to be forgotten") (Art. 17).
  • Restrict processing in certain cases (Art. 18).
  • Object to processing based on our legitimate interests (Art. 21).
  • Data portability — receive your data in a structured, machine-readable format (Art. 20).
  • Withdraw consent at any time, without affecting prior lawful processing (Art. 7(3)).
  • Lodge a complaint with the supervisory authority — in Poland, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), uodo.gov.pl.

Children

Novera is not directed to children under 16. If you are under 16, you may use the service only with the consent of a holder of parental responsibility. We delete data we learn was collected from a child below the applicable age without proper consent.

Security

We protect your data with measures including encryption of OAuth tokens and full IBANs at rest (AES-256-GCM), hashing of IP addresses, HttpOnly session cookies, authenticated and role-restricted access, audit logging of staff actions and authenticated real-time connections. No system is perfectly secure, but we work to protect your data appropriately to the risk.

Changes to this policy

We may update this policy as the service evolves. We will post the new version with an updated effective date here, and for material changes we will provide a more prominent notice where appropriate.

Contact

For any privacy question or to exercise your rights, contact us at [email protected]. We respond to data-subject requests within the timeframes required by GDPR (generally within one month).

Novera | Mobile Esports Tournaments