Privacy Policy

The data controller of your personal data is Erysta Limited, a company incorporated in Hong Kong under the number 76111914, and having its registered office at Unit 2A, 17/F, Glenealy Tower, Central, Hong Kong SAR.

If you wish to exercise your rights (such as the right to access, rectify, or delete your personal information), you may contact us through the following channels:

• E-mail: [email protected]
• Telegram: Telegram Support
• Ticket: By creating a ticket on our support page

This privacy notice applies to individuals who access, browse, and use our Website. Its aim is to inform you how we collect and process your personal data through your use of the Website.

We receive and store any information you enter on our Website or provide to us in other ways, such as browsing our Website, registering an account, purchasing products, contacting us, or posting material. By doing so, you consent to our collection and use of this information for the specified purpose.

If we ask for your personal information for a secondary purpose, such as marketing, we will either ask you directly for your explicit consent or provide you with an opt-out option.

Your personal information will not be shared with third parties without your consent and only within the limits permitted by law.

You can always choose not to provide certain information, even though it might be necessary to make a purchase or use all Erysta services.

The information we gather helps us personalize and continually improve your shopping experience. Here are the types of information we collect when you visit our Website:

• Information You Give Us: This includes details provided when creating an account, subscribing to newsletters, or making purchases (name, email, phone number). We handle this based on your explicit consent or as required to fulfill our contract with you.
• Automatic Information: We use "cookies" to collect data when your browser accesses our Website (IP address, browser type, browsing activity). This helps us secure your account, facilitate shopping, and analyze traffic.
• Third-Party Data: If you log in using services like Google or Discord, we may receive profile information. This data is subject to their privacy practices, and we do not sell this information to any third parties.

The table below outlines our purposes for processing data, the legal basis under the GDPR/CCPA, and how long we retain your information.

For any questions regarding your data or to request deletion, you can contact us at [email protected] or manage your privacy settings directly in your user account dashboard.

Under data protection laws (including GDPR and CCPA), you have several important rights regarding your personal data:

• Right of Access: Request access to the personal data we hold about you and obtain a copy.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data when it is no longer necessary or if you withdraw consent.
• Right to Restrict or Object: Object to processing based on legitimate interests or direct marketing.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Withdraw Consent: Withdraw your consent at any time for future processing.

To exercise any of these rights, please contact us at [email protected] or via our support page. We will respond as promptly as possible, in accordance with applicable laws.

• Data Security: We implement industry-standard encryption, strict access controls, and pseudonymization of sensitive records. Our systems undergo regular security audits to identify and mitigate potential vulnerabilities.
• Data Backup: To ensure resilience and disaster recovery, we perform encrypted daily backups. These are stored in geographically distributed, high-security data centers located within the European Union, ensuring compliance with strict data residency and protection standards.
• Data Breach Notification: In accordance with GDPR requirements, should a personal data breach occur, we will notify the relevant supervisory authority within 72 hours of becoming aware of the incident. If the breach poses a high risk to your rights, we will also inform affected users without undue delay.

We may use data obtained from external sources, including social media platforms, to provide personalized content and services. This data is only processed with your explicit consent (for example, when you choose to use an external login method).

This information helps us enable or enhance features such as:

• Log-in Experience: Faster access via Single Sign-On (SSO) through external providers.
• Browsing Preferences: Automatically setting your language or displaying prices in your local currency based on your profile or location data.

If you use an SSO option from services such as Google, Discord, or Steam, the following data may be collected and stored in our system:

• Profile Picture: To personalize your user dashboard.
• Username: Your public name as defined on the external platform.
• External Account ID: A unique identifier to link your social account with Erysta.
• External Account Provider: The name of the service used (e.g., "Discord").

Please note that we do not receive your external account password. Your data remains subject to the privacy settings and policies of the respective third-party provider.

We may engage third-party providers—including payment gateways, communication platforms, and technical service providers—to perform functions on our behalf. These partners collect and process your personal data strictly as necessary to deliver their specific services.

We encourage you to review the privacy policies of any third-party providers you interact with, as their handling of your data will be subject to their own privacy practices once you are redirected or their services are engaged.

We may share your personal data with the following categories of recipients:

• Payment Operators: To process transactions, prevent fraud, and manage refunds (e.g., PayPal, Apple Pay, Google Pay).
• Service Providers: For IT infrastructure, hosting, and technical maintenance to ensure Website stability and security.
• Legal & Professional Advisors: To comply with financial auditing, regulatory obligations, or to protect our legal rights in case of a dispute.
• Social Media Platforms: Only if you choose to use social login features (SSO) or interact with our social sharing tools.
• Game Publishers & Distributors:To fulfill your order. In most cases, we share non-personally identifiable information (e.g., country of origin, IP address). However, for certain products like specific Gift Cards or region-locked licenses, publishers may require additional details which will only be shared with your explicit consent during the checkout process.

International Transfers:Please note that some of these third-party providers may be located in jurisdictions outside of your country or the European Union. In such cases, we ensure that appropriate safeguards are in place to protect your data according to applicable privacy laws.

Cookies are small text files stored on your device when you visit a website. They contain information about your preferences, settings, and interactions with the site, helping enhance and personalize your browsing experience. Our Website uses two main types of cookies:

• Persistent Cookies: These remain on your device for a defined duration or until you delete them manually. They help us remember your settings, such as language and currency preferences, for your future visits.
• Session Cookies: These are temporary cookies that are automatically deleted when you log out, leave the Website, or close your browser. They are essential for maintaining your session continuity, such as keeping items in your shopping cart.

You can manage or disable cookies through your browser settings at any time. However, please note that disabling certain cookies may limit the functionality and performance of our Website and may prevent you from accessing certain features.

Cookies play an essential role in ensuring the proper functioning and enhanced usability of our Website. We use the following categories:

• Essential Cookies: These are strictly necessary for the operation of our Website. They enable core functionalities such as secure user authentication, shopping cart persistence, and your preferred language or currency selection. These cookies cannot be disabled as the Website cannot function correctly without them.
• Analytics Cookies: We use tools like Google Analytics to understand how visitors interact with our Website, allowing us to improve performance. The data collected is anonymized and is not used to create individual advertising profiles. Even where integrated with Google services, we prioritize your privacy by limiting data collection to technical performance metrics.
• Embedded Content Cookies: Some pages may include embedded media from third-party platforms such as YouTube. These providers may set cookies beyond our direct control. We strive to use "privacy-enhanced" modes where possible to limit tracking from these external sources.
• Payment Gateway Cookies: During checkout, providers like Apple Pay, Google Pay, or other card processors may set cookies to secure the transaction and prevent fraud. These are managed entirely by the respective payment platforms and are vital for a secure purchase process.

By continuing to use our Website, you acknowledge the use of these cookies. You can find instructions on how to manage or delete cookies in your browser's "Help" or "Settings" menu.

Erysta is headquartered in Hong Kong. However, to ensure the highest level of privacy and performance, the majority of our infrastructure, systems, and databases are hosted within the European Union (EU).

In certain cases, your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). This occurs primarily when using third-party providers for authentication, payments, or cloud services.

When you use "Single Sign-On" (Google, Discord, Steam) or global payment methods (Apple Pay, Cryptomus), your data is handled by these providers in their respective jurisdictions. The main providers we use include:

The main third-party services we use and their registered addresses include:

• Google: Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, US.
• X: X Corp. - 1355 Market Street, Suite 900, San Francisco, CA 94103, US.
• Discord: Discord Inc. - 444 De Haro St, San Francisco, CA 94107, US.
• Twitch: Twitch Interactive Inc. - 350 Bush Street, 2nd Floor, San Francisco, CA 94104, US.
• Meta: Meta Platforms Inc. - 1 Meta Way, Menlo Park, California, 94025, US.
• Apple Pay: Apple Inc. - One Apple Park Way, Cupertino, California 95014, US.
• Google Pay:Google LLC - 1600 Amphitheatre Parkway, Mountain View, CA 94043, US.
• Brevo: Brevo SAS – 106 boulevard Haussmann, 75008 Paris, France
• Hotjar: Hotjar Ltd – Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta
• Bunny CDN: BunnyWay d.o.o. – Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia

All such transfers are conducted using adequate safeguards, such as Standard Contractual Clauses (SCCs)approved by the European Commission, to ensure your data receives a level of protection equivalent to that within the EU.

Our Platform and services are intended exclusively for individuals aged 18 or older, or those who meet the minimum legal age required in their country to enter into binding contracts and assume full legal responsibility.

We do not knowingly collect or process personal data from individuals under the age of 18. If we become aware that we have unintentionally collected such data without verifiable parental or guardian consent, we will promptly delete it from our systems.

If you believe that a minor has provided us with personal data, please contact us at [email protected]. We will investigate and take appropriate action without delay.

Our Website may include links to third-party websites, plug-ins, or applications. Clicking those links or enabling those features may allow third parties to collect or share data about you.

Erysta does not control these third-party platforms and is not responsible for their privacy practices, terms, or content. We strongly encourage you to review the Privacy Policy and Terms & Conditions of every website you visit after leaving our platform.

This Privacy Policy was last updated on March 1, 2026, and is effective as of that date.

We may modify this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for operational reasons. Any updates will be posted on this page, and we recommend reviewing it regularly to stay informed about how we protect your data.

Your continued use of our Website after any modifications are posted will constitute your acknowledgment and acceptance of the revised Privacy Policy.