Privacy Policy — MajesticMU

1. Who We Are

MajesticMU is a privately operated MuOnline Season 21 game community. For the purposes of data protection law, MajesticMU acts as the data controller for personal information collected through this Website.

We are committed to protecting your personal data in accordance with applicable privacy protection law, and where applicable, the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Data We Collect

We collect only the minimum data necessary to operate our services:

Data Category	Specific Data Points	When Collected
Account Data	Username (max 10 chars), email address, hashed password (MD5)	Registration
Technical Data	IP address, browser type, operating system, session cookies	Every visit / login
Login History	IP address, timestamp, connection state, HWID (hardware ID)	Each login / logout
Gameplay Data	Character names, levels, resets, guild membership, in-game activity	During gameplay
Transaction Data	Donation records (amount, timestamp), virtual currency ledger (MC)	When donations are made
Support Data	Support ticket content, correspondence	When contacting support
Usage Data	Pages visited, features used, casino game history, shop purchases	During website use

We do not collect: real names, physical addresses, phone numbers, or any government-issued identification unless specifically required by law.

3. How We Use Your Data

We use your personal data for the following purposes:

Account management: Creating and authenticating your account, maintaining sessions
Service delivery: Operating the game server, website features, shop, casino, and market
Security & fraud prevention: Detecting cheating, unauthorized access, and abuse using IP addresses, login history, and HWID data
Donation processing: Recording donation transactions and distributing virtual currency rewards
Communication: Responding to support requests, sending service-related notifications to your registered email
Legal compliance: Maintaining records as required by applicable law and regulations
Website improvement: Analyzing usage patterns (aggregated, non-personally identifiable) to improve the service

We do not use your data for targeted advertising or sell your data to third parties.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we rely on the following legal bases under GDPR Article 6:

Contract performance (Art. 6(1)(b)): Processing necessary to provide our services (account creation, gameplay, virtual economy)
Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, abuse detection, and service improvement
Legal obligation (Art. 6(1)(c)): Retaining records where required by applicable law
Consent (Art. 6(1)(a)): For optional cookies and non-essential communications. You may withdraw consent at any time

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Policy:

Active account data: Retained for the duration of your account's existence
Login and security logs: Retained for up to 12 months for security and fraud investigation purposes
Donation/transaction records: Retained for 7 years in accordance with applicable accounting and tax retention requirements
Support correspondence: Retained for 3 years from the date of resolution
Deleted account data: Anonymized or deleted within 90 days of account deletion request, except where retention is required by law

Upon permanent service shutdown, all personal data will be securely deleted within 180 days, except where legal obligations require longer retention.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

HTTPS/TLS encryption for all data transmitted between your browser and our servers
Passwords stored using MD5 hashing (game server compatibility requirement) — we strongly recommend using a unique password for your MajesticMU account
Strict access controls — only authorized administrators can access personal data
Regular security reviews and vulnerability scanning
Separate database infrastructure for website data vs. game data
Rate limiting and IP-based access controls on sensitive endpoints

Password security notice: Due to game server compatibility requirements, passwords are stored using MD5 hashing, which is less secure than modern hashing algorithms. We strongly recommend using a password unique to MajesticMU that you do not use on other platforms.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and the relevant authorities in accordance with applicable data protection law and GDPR where applicable.

7. Cookies & Tracking Technologies

We use the following types of cookies:

Essential cookies: Session cookies required for login, authentication, and basic website functionality. These cannot be disabled without breaking core features
Preference cookies: Store your language preference, theme selection, and UI settings
Security cookies: CSRF tokens to protect against cross-site request forgery attacks

We do not use:

Third-party advertising cookies
Cross-site tracking pixels
Social media tracking scripts
Behavioral analytics services that share data with third parties

You can disable non-essential cookies in your browser settings. Disabling cookies may affect your ability to log in and use certain features. We honor browser "Do Not Track" (DNT) signals by not activating any non-essential tracking when DNT is enabled.

8. Third Parties & Data Sharing

We do not sell, trade, or rent your personal information to third parties.

We may share limited data in the following circumstances only:

Payment processors: When you make a donation, your payment details are processed by our third-party payment provider. We receive only confirmation of the transaction (amount, timestamp, reference). We never store full payment card numbers on our servers
Law enforcement: We may disclose data when required by a valid legal order, court warrant, or binding request from competent law enforcement or judicial authorities
Fraud prevention: IP addresses and security logs may be shared with hosting partners strictly for abuse prevention purposes
Service continuity: In the event of a transfer of operations to another party, user data may be transferred with appropriate safeguards in place

Any third-party service providers we engage are contractually required to process your data only for the specified purpose and to maintain appropriate security standards.

9. Donations & Payment Data

All financial transactions on MajesticMU are voluntary donations. Regarding payment data:

Payment card details are processed entirely by our third-party payment gateway
We do not store, log, or have access to full card numbers, CVV codes, or bank account details
We retain donation records (amount, date, associated account ID) for accounting and fraud prevention purposes, as required by applicable tax and financial record-keeping law (up to 7 years)
Donation amounts may be disclosed to authorities if required by a valid legal order

Our payment processing complies with PCI-DSS requirements through our payment gateway provider. Financial data never passes through or is stored on our servers.

10. Children's Privacy

Users under the age of 13 are not permitted to register accounts on MajesticMU. We do not knowingly collect personal data from children under 13.

Users between 13 and 18 may use the free gameplay features but are prohibited from making donations or participating in features involving virtual currency transactions.

If we become aware that we have collected personal data from a child under 13 without parental consent, we will promptly delete such data. Parents or guardians who believe their child has registered on MajesticMU should contact us immediately at our support portal.

This service is designed to align with applicable privacy protection law concerning minors and, for US residents, with COPPA principles.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data. Much of this can be done via your account panel.

Right to Erasure

Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Data Portability

Request your data in a structured, machine-readable format (GDPR users in the EEA).

Right to Object

Object to processing based on legitimate interests. This does not apply to processing necessary for contract performance.

To exercise any of these rights, contact us via our Discord server (link available in the navigation bar). We will respond within 30 days, or within the timeframe required by applicable privacy law.

We may need to verify your identity before processing rights requests. We will not charge a fee for reasonable requests.

12. Applicable Data Protection Law

This Website and its operations are subject to applicable data protection and privacy laws in the jurisdiction where MajesticMU operates, as well as to the EU GDPR for users in the European Economic Area.

Key principles we follow:

You have the right to review personal information held about you in our systems
You have the right to request correction of inaccurate information
Processing of sensitive data (if any) is conducted with appropriate safeguards
Data is not transferred to third countries without adequate data protection except with appropriate safeguards in place
We maintain appropriate technical and organizational security measures as required by applicable data protection regulations

If you have unresolved concerns about our data handling practices, you may lodge a complaint with the data protection supervisory authority in your country of residence.

13. International Data Transfers

Our services are operated internationally. If you access our services from the European Economic Area (EEA) or other regions with specific data protection laws, please be aware that your data may be transferred to and processed in a jurisdiction outside your own.

Where required, we ensure such transfers are carried out with appropriate safeguards in place — such as standard contractual clauses or transfers to jurisdictions recognized as providing an adequate level of data protection.

For any questions about the safeguards applied to international data transfers, please contact us through our support system.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Post a prominent notice on the Website
Where practicable and required by law, notify registered users by email

We encourage you to review this Policy periodically. Your continued use of the Website after changes are posted constitutes acceptance of the updated Policy.

15. Contact & Data Requests

All privacy-related inquiries — including data access requests, deletion requests, and complaints — must be submitted via our Discord server. Discord is the only supported channel for reaching the MajesticMU team.

You can find the Discord invite link in the navigation bar at the top of the website. Open a ticket and specify that your request is a Privacy / Data Request.

We aim to respond to all privacy requests within 30 days. For complex requests, we may extend this by an additional 30 days, in which case we will notify you of the extension and the reason.

If you are unsatisfied with our response, you may lodge a complaint with the competent data protection supervisory authority in your country of residence.