Legal /

Privacy Policy

Last updated: 23 June 2026

This Privacy Policy explains how Motherlode (“we”, “us”, “our”) collects, uses, and protects your personal data when you use motherlode.gg, our community database for the game The Legend of California. We are committed to handling your data in line with the UK GDPR, the EU GDPR, and the Privacy and Electronic Communications Regulations (PECR).

Who we are

Motherlode is the data controller for personal data processed through this site. For any privacy question or to exercise your rights, contact us at [email protected].

Data we collect

  • Account data: your name, email address, and a securely hashed password when you create an account.
  • Usage and device data: IP address, browser and device type, pages viewed, and similar analytics data (only with your consent).
  • Cookies and similar technologies: see the Cookies section below.
  • Consent records: when you set or change your cookie preferences, we keep a record of your choice together with the date and time, your IP address, and your browser user agent, as proof of consent. We keep this whether you accept or reject.
  • Payment data: if you make a payment, it is processed by Stripe. We do not store your full card details.
  • Communications: emails we send you (for example sign-in or account messages) are delivered via Resend.

How we use your data and our legal bases

  • Providing your account and the service (legal basis: performance of a contract).
  • Keeping the site secure and preventing abuse, including bot protection via Cloudflare Turnstile (legal basis: our legitimate interests).
  • Analytics to understand and improve the site (legal basis: your consent).
  • Marketing and personalisation, where used (legal basis: your consent).
  • Keeping a record of your cookie consent choices so we can demonstrate that consent was given or refused (legal basis: our legitimate interests and compliance with the law).
  • Processing payments (legal basis: performance of a contract).
  • Meeting legal obligations (legal basis: compliance with the law).

Cookies and consent

We use strictly necessary cookies to run the site (for example sign-in and security). With your consent we also use analytics and, in future, other tools. Non-essential cookies and scripts are not set or loaded until you consent, using Google Consent Mode. You can change your choice at any time: . When you make a choice, we store a record of it (including your IP address, browser user agent, and the time) as evidence of your consent.

Service providers

We share data with trusted providers who process it on our behalf under data processing agreements:

  • Cloudflare: DNS, content delivery, and security; Turnstile for bot protection; and R2 for file storage.
  • Google Analytics (Google Ireland Limited): website analytics, used only with your consent.
  • Stripe: payment processing.
  • Resend: sending transactional email.

Your account and site data is held in our own database on secure infrastructure.

International transfers

Some of our providers are based outside the UK and EEA, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, and the EU-US Data Privacy Framework where applicable.

Data retention

We keep account data for as long as your account is active and for a reasonable period afterwards, then delete or anonymise it. Analytics data is retained for the period set with the relevant provider. Consent records are kept for as long as needed to evidence your consent and for a reasonable period afterwards. We keep records required for legal or accounting purposes for as long as the law requires.

Your rights

Under the UK and EU GDPR you have the right to:

  • access a copy of your personal data;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time, without affecting earlier processing.

To exercise any of these, email [email protected]. You also have the right to complain to the UK Information Commissioner’s Office (ICO) or your local EU supervisory authority.

Security

We protect your data with measures including encryption in transit, hashed passwords, and access controls. No system is perfectly secure, but we work hard to keep your data safe.

Children

Motherlode is not directed to children under 16, and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will remove it.

Changes to this policy

We may update this policy from time to time. We will revise the “last updated” date above and, where appropriate, notify you.

Contact

Questions about this policy or your data? Email [email protected].