Privacy Policy for Tons of XP

Effective Date: 2025-04-06

1. Introduction

Welcome to Tons of XP ("we," "us," "our"). We are committed to protecting the privacy of our users ("you," "user," "customer"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://tonsofxp.com and use our Old School RuneScape (OSRS) related services.

Please read this privacy policy carefully. By using our site and services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

Our primary contact for privacy concerns is support@tonsofxp.com.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

• Personal Identification Information:
  • Email address (provided during communication or order).
  • Discord Username/ID (if contacting us via Discord).
• OSRS Account Information (Account Services Only):
  • OSRS Username (Login Name/Email) - Collected temporarily.
  • OSRS Password - Collected temporarily.
  • OSRS Authenticator Codes (e.g., temporary backup codes if provided by you) - Collected temporarily.
  • Other details needed for specific services discussed via chat (e.g., current stats, quest points).
• Payment Information:
  • Cryptocurrency wallet addresses (involved in transactions).
  • Transaction IDs or details related to crypto payments.
  • Information required by future payment processors (e.g., PayPal, Stripe) when implemented. Note that processing by these third parties will be subject to their own privacy policies.
• Technical & Usage Data (Collected Automatically):
  • IP Address.
  • Browser type and version.
  • Operating System.
  • Referring URLs.
  • Pages visited on our site (https://tonsofxp.com).
  • Date and time stamps of visits.
  • Other data typically collected by analytics tools like Google Analytics.
• Communication Data:
  • Live Chat transcripts.
  • Discord messages (within our server or direct messages related to orders/inquiries).
  • Email correspondence.

How Data is Collected: We collect information directly from you when you interact with us via Live Chat, Discord, or Email. Technical and usage data is collected automatically through server logs, cookies, and analytics tools (like Google Analytics) when you browse our website.

3. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you to:

• Provide Services: Deliver the requested OSRS services, which requires temporary access to necessary OSRS account information.
• Communicate: Respond to your inquiries, provide customer support, send order updates, and manage our communication history for better support.
• Process Payments: Facilitate payments for services and process refunds where applicable (requires payment info).
• Improve Website: Analyze usage data (via tools like Google Analytics) to understand how users interact with our website and improve its functionality and user experience.
• Maintain Security: Monitor for potentially fraudulent activities or security threats using data like IP addresses and payment information.
• Legal Compliance: Comply with applicable legal or regulatory obligations.
• Record Keeping: Maintain internal records of orders and communications for operational purposes.

4. How We Share Your Information

We do not sell your personal information. We may share information we have collected about you in certain situations:

• Service Providers (Workers & Staff):
  • Temporary OSRS account login information (username, password, auth codes) is shared strictly with the assigned worker performing the specific service on your account.
  • Administrative staff may have access to necessary information (like order details, communication logs) for oversight and support purposes. Access to temporary OSRS credentials by admin staff is limited and on a need-to-know basis.
• Payment Processors: Information required to process payments (e.g., wallet addresses for crypto, or details passed to PayPal/Stripe when implemented) is shared with the relevant payment network or processor.
• Analytics Providers: Aggregated and anonymized technical/usage data is shared with analytics providers like Google Analytics to help us understand website traffic.
• Website Hosting Providers: Our website hosting provider stores the data processed through our website on their servers.
• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
• With Your Consent: We may share your information with other third parties when you explicitly consent to it.

5. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. Key measures include:

• Encryption of sensitive data where appropriate.
• Strict access controls limiting who can view or handle specific data.
• Secure methods for storing necessary information.
• Immediate Deletion Policy: Sensitive OSRS login credentials (passwords, temporary auth codes) are deleted immediately after the service is completed.
• Regular reviews of our security practices.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

6. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• OSRS Account Information (Username, Password, Auth Codes): Retained only for the duration required to complete the specific ordered service and then immediately deleted.
• Communication Logs (Chat, Discord, Email) & Order History: Retained for up to 2 years after your last order or interaction to provide ongoing customer support, handle potential disputes, and maintain operational records.
• Technical & Usage Data: Retention periods are largely determined by the third-party tools we use (e.g., Google Analytics). Refer to their respective privacy policies for details.

7. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR). We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Your rights include:

• The Right to Access: You have the right to request copies of your personal data we hold.
• The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions (e.g., if it's no longer necessary for the purpose it was collected).
• The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• The Right to Object: You have the right to object to our processing of your personal data, under certain conditions.

To exercise any of these rights, please contact us via Email (support@tonsofxp.com), Discord ([Provide Discord Server Link or Contact Info]), or our Website Live Chat ([Link or describe location on https://tonsofxp.com]). We may need to verify your identity before responding to such requests.

8. Cookies

Our website (https://tonsofxp.com) uses cookies. Cookies are small text files placed on your device to help the site provide a better user experience. We use cookies for:

• Site Functionality: Essential cookies required for basic website operations.
• Analytics: To help us understand how visitors interact with our website (e.g., via Google Analytics).
• Functionality: To remember choices you make (like username, language, or region) and provide enhanced features.

We use a cookie consent tool/banner which allows you to manage your preferences. You can also typically disable or manage cookies through your web browser settings. However, disabling essential cookies may affect the functionality of the website.

9. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you become aware that a child has provided us with Personal Data without parental consent, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@tonsofxp.com
• Website Live Chat: Use the button on bottom right
• Discord: LINK