SharedXPGet in touch

EmptyEpsilon Services

Shared XP Privacy Policy

Artianic Ltd, trading as Shared XP


1. Who we are

Artianic Ltd (trading as Shared XP) is the data controller for the personal data described in this policy.

Our company registration number is 15930130.

Our registered address is Unit 29 Highcroft Industrial Estate, Enterprise Road, Horndean, Waterlooville, United Kingdom, PO8 0BT.

For any privacy-related queries, you can contact us at privacy@shared-xp.com.

This policy covers personal data collected and processed in connection with our EmptyEpsilon-based bridge simulator activities, including our game-master tools, personnel/profile system, and related community spaces. Other Shared XP services are covered by a separate privacy policy.


2. What we collect

We collect the following categories of personal data:

Account & identity data

  • Discord ID (used for authentication)
  • Discord display name / username
  • Discord avatar URL (a link to your avatar image, hosted by Discord)

We do not collect email addresses, real names, guild membership, message history, or phone numbers from Discord. Our authentication only requests Discord's 'identify' scope.

In-game profile

  • Callsign (chosen in-game handle)
  • Current and historical rank
  • Uploaded photo (optional; EXIF data is stripped and the file is virus-scanned before storage)

Activity & service records

  • Mission participation records (ship, role/station, rank at time of play)
  • Commendations
  • Session notes (written by game masters or players, scoped accordingly)
  • Session scheduling responses (e.g. attendance confirmations and preferred station)

Audit log

For accountability, we keep a permanent, append-only record of administrative actions taken within the system (who did what, and when). This includes the Discord ID and name of the person taking the action.

Technical & session data

  • A session cookie (valid for 24 hours) containing your Discord ID, display name, role, and onboarding state. Nothing from this cookie is written to our database.
  • IP address, used only transiently to enforce rate limits on sensitive actions (held in memory for 60 seconds, never stored in our database)

Separately, our web server (Caddy) automatically logs standard request data for all visitors, using its default configuration. This includes IP address, requested URL, browser/device information, response status, and timestamp. These logs are used for security and troubleshooting, and their retention is determined by our hosting setup rather than by our application.

We do not use analytics, tracking pixels, telemetry, or behavioural tracking of any kind.


3. How we collect it

Personal data is collected in the following ways:

  • Directly from you, when you register, set up a profile, or update your details
  • Automatically, via Discord authentication when you log in
  • From game-master records, when mission outcomes and participation are logged during sessions

4. Why we collect it (our legal basis)

Under UK GDPR, we rely on the following legal bases:

  • Legitimate interests — to operate and administer our sessions, maintain personnel records, and run the community
  • Consent — for optional profile fields you choose to add (e.g. bio content, commendation text)

We do not collect any data under a contractual or legal obligation basis.


5. Who we share it with

We share personal data with the following third parties, only as needed to operate the service:

  • Discord — used for authentication; your avatar image is fetched directly from Discord's own servers (cdn.discordapp.com) when displayed
  • Google Fonts — used only when generating printable PDF reports; this involves a font file request, not personal data
  • Webhooks — when a session is scheduled or completed, we send mission/session data to our Discord server and to the UFN website. These payloads contain mission name, ship name, crew callsigns and stations, awards/promotions by callsign, session summary, and server address, but never your Discord ID.

If file storage is configured to use Amazon S3 or MinIO instead of local storage, uploaded photos would be stored with that provider instead.

We do not use any analytics or third-party tracking tools, and we do not sell personal data to any third party.


6. Where your data is processed

Our primary infrastructure is a Hetzner server located in Helsinki, Finland, within the European Economic Area (EEA). The UK's adequacy decision for the EEA means this storage does not require additional safeguards.

Some third-party services we use (such as Discord) may process data outside the EEA. Where this happens, it is governed by that provider's own safeguards (e.g. Standard Contractual Clauses).

We have players based outside the UK, including in the United States. UK GDPR governs this policy regardless of where a player is located, since Artianic Ltd is the UK-based data controller.


7. How long we keep it

Retention periods vary depending on the type of data, as set out below:

Data Retention period
Account & profile data (Discord ID, display name, avatar, callsign, rank, photo) Until you or an admin deletes the account or profile
Mission participation records Kept permanently, as part of our game history
Commendations, rank history Kept permanently, as part of our game history
Session notes & scheduling responses Until deleted by a GM/admin or the player who created them
Audit log Kept permanently (append-only, for accountability)
Session cookie 24 hours
Rate-limit data (IP address) 60 seconds, held in memory only
Server (Caddy) logs Determined by our hosting setup

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Request a copy of your data in a portable format
  • Object to or restrict certain processing

Please note that mission records and the audit log are retained permanently as part of our game history and accountability practices. Where deletion is requested, we will remove personally identifying details (such as your Discord ID or display name) from these records where reasonably possible, while retaining the non-identifying game history itself.

To exercise any of these rights, contact us using the details in Section 1.


9. Security

We take the security of your personal data seriously. Access to our server is restricted to admin users, and backend access to our systems is limited to authorised personnel only (currently the founders of Shared XP). All connections to our server are secured using encrypted connection methods.


10. Children's data

Our service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under this age. If we become aware that a user is under 18, or are asked to remove such data, we will delete the relevant personal data without undue delay.


11. Changes to this policy

We may update this policy from time to time. Any significant changes will be communicated to users via our Discord server.


12. Contact us

For any questions about this policy or your personal data, contact us at privacy@shared-xp.com.