Privacy Policy

Last Updated: June 12, 2026

1. Introduction

Gremlin Automation ("Company," "we," "us," or "our") operates the website located at west.alfien.ca (the "Site") and provides alliance automation and manual recruitment services for the mobile game West Game (collectively, the "Services"). This Privacy Policy describes the types of information we collect from users of the Site and Services ("you" or "Customer"), how we use, store, protect, and share that information, and the choices available to you regarding your information.

By accessing or using the Site or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, you must not access or use the Site or Services.

2. Data Controller

For the purposes of applicable data protection legislation, the data controller responsible for your personal information is Gremlin Automation. All inquiries regarding this Privacy Policy or the Company's data processing practices should be directed to [email protected].

3. Information We Collect

3.1 Information You Provide Directly

When you create an account, place an order, or otherwise interact with the Services, we may collect the following categories of information:

  • Email Address: Collected when you register for an account (via email/password registration or third-party authentication) or place an order. Your email address serves as your primary account identifier and is used for transactional communications.
  • Account Password: If you register via email and password, your password is hashed using a secure one-way hashing algorithm (bcrypt). We never store your account password in plain text.
  • Game Credentials: When you enrol a West Game account for automation or manual recruitment, you provide your in-game email address and password. These credentials are encrypted at rest using AES-256-GCM encryption with a server-side secret key. No human operator, administrator, or Company personnel can view your raw game credentials at any time.
  • Order Information: When you place an order, we collect the details necessary to fulfil that order, including your selected service type, alliance type preference, account quantity, service duration, and total price.
  • Reviews: If you choose to leave a review, you may optionally provide a display name and review text. If no display name is provided, the review is attributed to "Anonymous."

3.2 Information Collected via Third-Party Authentication

We offer account registration and sign-in through the following third-party OAuth providers. When you choose to sign in through a third-party provider, we receive only the minimum information necessary to create and identify your account:

  • Google: We request access to your email address via Google's OpenID Connect protocol. We store only your email address and a unique Google identifier for authentication purposes.
  • Discord: We request the identify and email scopes. We store only your email address and a unique Discord identifier for authentication purposes.
  • Facebook: When available, we request the email scope. We store only your email address and a unique Facebook identifier for authentication purposes.

Important: Although certain OAuth providers may transmit additional profile information (such as your name, avatar, or profile picture) during the authentication handshake, we do not store, retain, process, or use any such information. The only data extracted from third-party authentication responses is your email address and a provider-specific unique identifier.

3.3 Information Collected Automatically

When you visit the Site, the following information may be collected automatically:

  • Session Data: We use a server-side PHP session to maintain your authenticated state while you navigate the Site. The session stores only your internal user identifier and email address. A session cookie is placed in your browser to associate your browser with your server-side session.

3.4 Information We Do Not Collect

We are committed to data minimisation. The following categories of personal data are never collected, stored, or processed by the Company:

  • Full legal names or real names
  • Profile pictures or avatars
  • Physical or mailing addresses
  • Phone numbers
  • Date of birth or age
  • Government-issued identifiers (e.g. Social Security numbers, driver's licence numbers)
  • Browsing history, analytics, or behavioural tracking data

4. Third-Party Payment Processors

We use third-party payment processors to handle all financial transactions. We do not collect, store, or have access to your full credit card numbers, bank account details, or other financial payment instruments. All payment information is submitted directly to and processed by the following providers:

Stripe

Stripe, Inc. processes card payments on our behalf. When you pay via credit or debit card, your payment information is collected directly by Stripe through their secure checkout interface. Stripe's processing of your data is governed by the Stripe Privacy Policy.

PayPal

PayPal Holdings, Inc. processes PayPal payments on our behalf. When you pay via PayPal, your payment information is collected and processed directly by PayPal. PayPal's processing of your data is governed by the PayPal Privacy Policy.

We receive from these payment processors only the information necessary to confirm the status of a transaction, such as a transaction identifier, payment status, and the email address associated with the payment. We do not receive or store any payment method details — only a record of which third-party payment processor was used.

5. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To create and manage your account, process and fulfil your orders, and perform the automation or manual recruitment services you have purchased.
  • Authentication: To verify your identity when you sign in to the Site, whether via email/password or a third-party OAuth provider.
  • Transactional Communications: To send you order confirmations, account status notifications, setup instructions, review invitation emails, and other communications directly related to your use of the Services.
  • Game Account Access: To decrypt your game credentials solely for the purpose of performing the automated or manual recruitment services you have authorised. Decryption occurs only during active service operation and credentials are never displayed, logged, or made visible in plain text.
  • Customer Support: To respond to your inquiries and provide technical assistance.
  • Service Improvement: To maintain, improve, and ensure the security and proper functioning of the Site and Services.

6. Data Security

We implement robust technical and organisational measures to protect your personal information from unauthorised access, use, alteration, or disclosure:

  • Encryption at Rest: All game account credentials are encrypted using the AES-256-GCM (Advanced Encryption Standard, 256-bit key, Galois/Counter Mode) encryption algorithm. This is a military-grade, authenticated encryption standard that provides both confidentiality and integrity verification of the encrypted data.
  • Server-Side Key Management: Encryption keys are stored securely on the server and are not exposed to any client-side code, administrative interfaces, or operator-facing tools. No human operator can view, copy, or extract your raw game credentials.
  • Key Rotation: The Company maintains the capability to rotate encryption keys. In the event of a key rotation, all stored credentials are automatically re-encrypted under the new key to ensure continuous protection.
  • Password Hashing: Site account passwords (for email/password registration) are hashed using bcrypt, a computationally expensive one-way hashing algorithm designed to resist brute-force attacks. We cannot recover or view your Site account password.
  • Secure Transport: All data transmitted between your browser and the Site is encrypted in transit using TLS (Transport Layer Security) / HTTPS.

7. Cookies and Tracking Technologies

The Site uses a single, essential session cookie to maintain your authenticated session as you navigate the Site. This cookie:

  • Is strictly necessary for the functioning of the Site and cannot be disabled while using authenticated features.
  • Contains only a randomly generated session identifier — no personal data is stored in the cookie itself.
  • Expires when you close your browser or when the server-side session times out.

We do not use any third-party tracking cookies, analytics services, advertising pixels, or behavioural tracking technologies. We do not use Google Analytics, Facebook Pixel, or any similar third-party analytics or advertising platform. Your activity on the Site is not tracked, profiled, or shared with any third party for advertising or analytics purposes.

8. Data Sharing and Disclosure

We do not sell, rent, lease, or trade your personal information to any third party. We may share limited information only in the following circumstances:

  • Payment Processors: Your email address and order details are shared with Stripe and/or PayPal solely for the purpose of processing your payment transaction, as described in Section 4.
  • OAuth Providers: During authentication, authentication tokens are exchanged with Google, Discord, and/or Facebook solely for the purpose of verifying your identity and retrieving your email address. No data flows from us to these providers beyond what is required by the OAuth protocol.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of the Company's assets, limited personal information (such as email addresses and order records) may be transferred to the acquiring entity, provided that the acquiring entity agrees to honour the terms of this Privacy Policy or provides you with notice of any changes. Under no circumstances will encrypted game account credentials be transferred to any acquiring entity. All game credentials will be permanently deleted prior to any such transfer.

9. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements:

  • Account Data: Your account information (email address and authentication identifiers) is retained for as long as your account remains active. You may request deletion of your account at any time by contacting us.
  • Game Credentials: Encrypted game credentials are retained only while the associated service is active. You may remove your game credentials at any time through your account dashboard, which permanently deletes them from our systems.
  • Order Records: Order and transaction records are retained for a reasonable period to support customer service inquiries, refund processing, and compliance with applicable financial record-keeping requirements.
  • Reviews: Publicly posted reviews are retained indefinitely unless you request their removal.

10. Your Rights

Depending on your jurisdiction, you may have certain rights with respect to your personal information, including:

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal information.
  • Right to Erasure: You may request the deletion of your personal information, subject to our legal obligations to retain certain records.
  • Right to Restriction: You may request that we restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: You may request that we provide your personal information in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to the processing of your personal information for certain purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

11. Children's Privacy

The Site and Services are not intended for use by individuals under the age of thirteen (13), or under the minimum age of digital consent in their jurisdiction (whichever is higher). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

12. International Data Transfers

Your information may be stored and processed on servers located in jurisdictions outside of your country of residence. By using the Site and Services, you consent to the transfer of your information to facilities located in other jurisdictions, which may have different data protection laws than those in your jurisdiction. We take reasonable steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

13. Third-Party Links

The Site may contain links to third-party websites, including the websites of our payment processors and OAuth authentication providers. This Privacy Policy applies solely to information collected by the Company through the Site and Services. We are not responsible for the privacy practices of any third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

14. Email Communications

We send transactional emails related to your use of the Services, including but not limited to:

  • Account creation confirmations
  • Order confirmations and payment receipts
  • Account setup instructions
  • Account status change notifications
  • Password change confirmations
  • Review invitation emails upon service completion
  • Setup reminder notifications

These communications are essential to the provision of the Services and are not marketing or promotional in nature. We do not send unsolicited marketing emails, newsletters, or promotional communications. We do not share your email address with any third party for the purpose of sending marketing communications.

15. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised Privacy Policy on the Site with an updated "Last Updated" date. Your continued use of the Site or Services after the posting of any changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically.

16. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), our legal basis for collecting and processing your personal information depends on the specific information concerned and the context in which we collect it:

  • Performance of a Contract: We process your email address, game credentials, and order information because such processing is necessary for the performance of our contract with you (i.e., to deliver the Services you have purchased).
  • Consent: Where you register via a third-party OAuth provider, your authentication and email sharing with that provider is based on your affirmative consent given during the OAuth flow.
  • Legitimate Interests: We may process certain data where it is in our legitimate interests to do so, provided that such interests are not overridden by your data protection rights — for example, to maintain the security and integrity of our systems.
  • Legal Obligation: We may process your information to comply with applicable laws and regulations, including financial record-keeping obligations.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the Company's data processing practices, please contact us at:

Gremlin Automation

Email: [email protected]

Website: west.alfien.ca