Privacy Policy

2.1. Introduction

Bakeland (“we”, “us”, “our”) is committed to protecting player privacy. This Privacy Policy explains what data we collect, why, and how we process it.

2.2. Controller and Contact

Operator: 8 Bit Studio Ltd., British Virgin Islands. Contact: support@bakeland.xyz

2.3. Data We Collect

A. Information You Provide

• Account registration details (username, email, country)
• Wallet addresses and transaction history relevant to in-game operations
• Payment information submitted to licensed payment partners (we do not store raw payment card numbers)
• User content (chat messages, avatar customizations, uploaded images)

B. Automatically Collected Data

• Device identifiers and hardware info
• IP address and geolocation (approximate)
• Usage data (session times, in-game actions, logs)
• Crash and diagnostic reports

C. On-Chain Data

Public blockchain addresses and transactions involving our smart contracts are public and not controlled by the Operator. We may record on-chain interactions that occur within our smart contracts for service functionality and dispute resolution.

2.4. Purpose & Legal Bases

We process data to: (a) provide and maintain the Service; (b) process payments and manage accounts; (c) detect and prevent fraud and abuse; (d) comply with legal obligations; (e) personalize user experience; (f) improve the Game.

Where applicable, we rely on legal bases including performance of contract, legitimate interests (security, fraud prevention), and legal obligations.

2.5. Sharing & Third Parties

Trusted service providers (analytics, hosting, payment/VASP partners) process data on our behalf.

For fiat on/off ramps, identity verification (KYC) providers may process user identity data under their terms.

We may disclose data to comply with legal processes, enforce terms, or respond to emergencies.

2.6. International Transfers

Data may be processed in jurisdictions outside your country, including the BVI and other service provider locations. We implement safeguards to protect data during transfer.

2.7. Data Retention

We retain personal data as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data category.

2.8. Security

We employ administrative, technical, and physical safeguards (encryption-in-transit, access controls, security reviews). However, no system is perfect; you must secure wallets and private keys.

2.9. Your Rights

Subject to local law, you may have rights to access, correct, delete, object to processing, and data portability. For requests, contact team@bakeland.xyz. We may require identity verification.

2.10. Children

We do not knowingly target children under the applicable age. If we learn we have collected data from a child without consent, we will take steps to delete it.

2.11. Changes to Privacy Policy

We will notify material changes and update the effective date. Continued use indicates acceptance.

3. End-User License Agreement (EULA)

Effective Date: 20 November 2025

3.1. License Grant — Subject to your compliance with these Terms and payment of applicable fees, the Operator grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Game for personal, non-commercial entertainment.

3.2. Ownership — All rights, title, and interest in the Game and associated intellectual property remain with the Operator and its licensors. NFTs minted by users remain user-owned on-chain but the Operator retains IP in game assets and branding.

3.3. Restrictions — You may not: (a) reverse engineer, decompile, or modify the Game client; (b) redistribute or sell the Game client; (c) use the Game for commercial hosting or streaming products except as permitted in writing; (d) remove or alter copyright notices.

3.4. User-Created Content — By creating, uploading, or minting content, you grant the Operator a worldwide, royalty-free license to use and display the content in connection with the Service.

3.5. Security and Keys — You are solely responsible for wallet security. Lost private keys or compromised wallets are not the Operator’s responsibility.

3.6. Updates and Maintenance — The Operator may provide updates, patches, or discontinue features. You agree that the Operator may update the Game automatically.

3.7. Termination — The Operator may suspend or terminate this license for violations of these Terms or EULA.

3.8. Warranty Disclaimer — The Game is provided “as is”. The Operator disclaims all warranties to the fullest extent permitted by law.

3.9. Limitation of Liability — See Terms Section 1.11 for limits on liability.

4. Data Processing Addendum (DPA)

Effective Date: 20 November 2025

This DPA sets out the data protection obligations for processing personal data where the Operator acts as a data controller and, where applicable, as a processor in relation to customer data.

4.1. Roles — Controller: 8 Bit Studio Ltd. determines the purposes and means of processing personal data. Processor / Sub-Processor: Third-party services (hosting, analytics, KYC providers) process data on behalf of Bakeland Ltd.

4.2. Subject Matter and Duration — Subject Matter: Processing of personal data necessary for offering, maintaining, and improving Bakeland, including account data, gameplay data, wallet information, blockchain interactions, user-generated content, security logs, and technical data. Duration: Personal data will be processed for as long as the user maintains an active account, or as required for legal, regulatory, fraud-prevention, or dispute-resolution purposes.

4.3. Types of Personal Data & Categories of Data Subjects — Types of Data: email, username, IP address, wallet address, transaction hashes, payment verification data (via partners), device info, gameplay logs, UGC, metadata, crash logs. Categories of Data Subjects: Bakeland players, wallet-connected participants, visitors, customer support requesters.

4.4. Purpose of Processing — Personal data is processed solely for: - providing the Bakeland service - enabling in-game and blockchain functionality - processing payments and verifying transactions - maintaining account integrity and preventing fraud - meeting regulatory and tax obligations (including AML/KYC when required) - customer support and dispute resolution - improving and securing the Game

4.5. Security Measures — Bakeland implements industry-standard security measures including but not limited to: - encryption of data in transit - secured access controls with role-based permissions - smart contract audits and monitoring - routine penetration testing - incident response protocols - secure backup and archival

4.6. Subprocessors — Bakeland may engage subprocessors for hosting, blockchain infrastructure, analytics, support systems, payment/KYC verification, or fraud screening. A list of subprocessors will be maintained and supplied upon written request.

4.7. Data Subject Rights — Bakeland will reasonably assist with: - access to personal data - correction of inaccurate data - deletion requests when legally permissible - export or portability requests - objections to processing when applicable. Identity verification may be required for compliance and fraud-prevention.

4.8. International Transfers — Personal data may be transferred to jurisdictions outside the BVI. Safeguards include contractual protections, encrypted transmission, and partnerships with compliant processors.

4.9. Audit and Compliance Assistance — Upon reasonable written request, Bakeland will provide documentation demonstrating compliance with this DPA. Audits may be permitted under confidentiality terms and with reasonable notice.

4.10. Breach Notification Procedures — If Bakeland becomes aware of a personal data breach that is likely to result in risk to users, affected individuals will be notified as required by applicable law. Notifications will include: - nature of breach - categories of affected data - steps taken to mitigate harm - contact details for further information

4.11. Data Deletion and Return — Once data processing is no longer required, Bakeland will: - delete or anonymize personal data, or - return it to the user upon request (where permitted). Residual blockchain data cannot be deleted as it is immutable; however, Bakeland minimizes on-chain personal data.

5. Token-Specific Risk Disclosure

Tokens and Digital Items may have speculative value and are subject to volatility. Blockchain transactions are irreversible. Regulatory status of tokens varies by jurisdiction; your local laws may restrict certain activities. Do not consider in-game tokens as investment advice.

6. Contact

For legal requests, privacy inquiries, or DPA/subprocessor inquiries, contact: team@bakeland.xyz.

7. Versioning

Document versions, effective dates, and change logs should be recorded here. Users must be presented with updated documents and accept materially changed terms.