Mortal Online 2 · Legal
Privacy Policy
This Privacy Policy explains what information Mortal Online 2 Map(the “Service”) collects, why we collect it, who processes it, and the choices and rights you have. The Service is operated by Tom Novakin. If anything here is unclear, contact us at a.tsubanov@gmail.com.
Last updated · 2026-07-04
1. Who we are and what this covers
Tom Novakin is the operator and data controller for the Service. This policy covers the Mortal Online 2 Map website and its interactive map at https://mortalonline2map.com. It does not cover Mortal Online 2 itself, Star Vault AB, Discord, Google, or any other third-party service, which each have their own privacy policies.
2. Information we collect
Sign-in and profile data (OAuth)
When you sign in through Discord or Google, that provider shares a limited profile with us. Depending on the provider and the permissions you approve, this includes your account identifier, username or display name, avatar image, and — where you grant it — your email address. We use this to create and identify your account and to show your name and avatar alongside your contributions.
Discord servers and roles
If you connect Discord and grant the relevant permission, the Service reads the Discord servers (guilds) you belong to and your roles within them. We use this only to verify clan or guild membership so we can grant access to the correct private or clan-restricted map layers. We do not read your Discord direct messages or message content.
Content you create
We store the content you submit, including map markers, routes, notes, chat messages, and feedback, together with metadata such as the account that created it and timestamps.
Technical and usage data
Like most web services, our infrastructure records technical data automatically. This includes your IP address and the timing of your requests, which we use for rate-limiting, security, and anti-abuse purposes — for example, to detect and block scraping, brute-force attempts, and spam.
3. How we use your information
- To create your account and authenticate you when you sign in.
- To verify clan/guild membership from your Discord roles and grant access to the appropriate map layers.
- To store, display, and let you and others interact with map content and messages.
- To keep the Service secure and available — rate-limiting, abuse detection, and debugging.
- To moderate content and enforce our Terms and Rules.
- To respond to your questions, requests, and reports sent to our contact email.
4. Private layers: watermarks and access logging
Private and clan-restricted map layers are meant to be seen only by authorised members. To protect that data and to be able to trace leaks, we apply two safeguards:
- Personalised visible watermark. When you view a private or clan layer, the view may carry a visible watermark that identifies your account, so that any screenshot or export can be traced back to the account that produced it.
- Access logging. We log views of private layers — including a session identifier and your user identifier, together with timestamps — so that if private content is leaked we can identify the source.
These logs are used strictly for security, abuse-prevention, and leak-tracing, and are retained only as long as needed for those purposes.
6. Third-party service providers
We rely on a small number of trusted providers to run the Service. They process data on our behalf, under their own security and privacy terms, only as needed to provide their function:
- Supabase — database, authentication, and storage of your account data and User Content.
- Vercel — website and application hosting, including server logs and IP-based request handling.
- Resend — sending transactional and notification emails.
- Replicate — running AI/image-generation models used by certain features.
- Stripe — payment processing, applicable once paid plans launch. Stripe handles card details directly; we do not store full card numbers.
We also receive data from the identity providers you choose to sign in with (Discord and Google). We do not sell your personal information.
7. Data retention
We keep your account data and User Content for as long as your account is active or as needed to provide the Service. Technical logs (such as IP and request-timing data) and private-layer access logs are kept only for the period needed for security and abuse-prevention and are then deleted or anonymised. When you delete your account we remove or anonymise your personal data within a reasonable period, except where we are required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. Content you posted publicly and content others have re-shared may persist, and residual copies may remain in routine backups for a limited time before being overwritten.
8. Account deletion
You can request deletion of your account and associated personal data at any time by emailing a.tsubanov@gmail.com from, or otherwise verifying, the account you want deleted. We will action verified requests as described in the retention section above.
9. Your privacy rights (GDPR / CCPA)
Depending on where you live, you may have rights over your personal data, including the right to access the data we hold about you, to correct it, to request its deletion, to object to or restrict certain processing, and to data portability. Residents of the EEA/UK have these rights under the GDPR; residents of California have comparable rights under the CCPA/CPRA, including the right not to be discriminated against for exercising them. We do not sell or “share” personal information as those terms are used under California law.
To exercise any of these rights, email us at a.tsubanov@gmail.com. We may need to verify your identity before acting. If you are in the EEA/UK, you also have the right to lodge a complaint with your local data-protection authority.
10. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided us with personal information, contact us and we will delete it.
11. International data transfers
Our providers may process and store data in countries other than your own, including the United States. Where required, our providers rely on appropriate safeguards (such as standard contractual clauses) for such transfers. By using the Service you understand that your information may be processed in these locations.
12. Changes to this policy
We may update this Privacy Policy as the Service evolves. When we make material changes we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect indicates your acceptance of the updated policy.
13. Contact
For any privacy question or request, contact Tom Novakin at a.tsubanov@gmail.com.