Privacy Policy
This Privacy Policy explains how Fateless Ltd ("we", "us", "our") collects, uses, stores, and shares information about you when you use the Godforge Creator Hub at creators.godforge.gg (the "Service"). It applies to the creator program and the staff admin panel hosted on that domain.
We are the data controller under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), as relevant. If you have any questions about this policy or how we handle your information, contact us at contact@fateless.gg.
Last updated: 5/6/2026
Who we are
Fateless Ltd is a company registered in England and Wales with its registered office at Amelia House, Crescent Road, Worthing, England, BN11 1QR. Contact email: contact@fateless.gg.
The Service is the Godforge Creator Hub, a platform that lets approved creators participate in the creator program for the Godforge game.
Information we collect
When you sign in
Sign-in uses one of the providers you choose: Google, Apple, Discord, or your Fateless ID. From the provider we receive a profile identifier and the basic profile information you have authorised that provider to share, typically:
your display name
your email address
your avatar URL when one is available
We do not receive your password or any other credential held by the provider. If you sign in with Fateless ID, the underlying authentication is performed against Microsoft Azure PlayFab.
When you apply to the creator program
If you submit an application at /apply, you provide us with:
a display name and email address
the social platforms you create on (for example YouTube, Twitch, TikTok, X, Instagram) and your channel or profile URLs on those platforms
the rough size of your audience on those platforms (a follower-range bracket, not a precise count)
the type of content you focus on
a small number of links to representative samples of your past content
your motivation to join the program and your content plan if approved
Our team reviews this information. Approved applicants become creators and receive a creator account on the Service. Denied applicants receive a notification with the reason for the decision.
When you participate in the program
While you use the Service we record:
your XP, level, and points balances earned through bounties and lessons
a record of each bounty submission you make, including the URL of the content you submit and any notes you add
the review outcomes of each submission (pending, approved, rejected, blocked) and any rejection reason returned by the reviewer
a record of each lesson you complete
a record of each store redemption you make, including the item redeemed, the points spent, and the fulfilment status
your login streak and a "last active" timestamp used for online presence indicators
your opt-in or opt-out for the public leaderboard
your favourite resources and a log of resources you have downloaded
an audit log of administrative actions taken on your account by our staff (for example status changes or impersonation events)
Communications
We use a transactional email service to send you notifications when:
your application is approved or denied
a bounty submission you made is approved
a store redemption is fulfilled
you receive a staff invitation (admin users only)
These notifications are operational. We do not use your email address for marketing without your separate consent.
Cookies and local storage
The Service sets a small number of cookies and one local-storage record. They are described in detail in the Cookie Policy. In summary:
a strictly-necessary session cookie (default name
creator_hub_session) holds your authenticated sessiontwo short-lived cookies (
ch_temp_authandch_temp_invite) hold OAuth state during the apply or invitation flow; both expire after thirty minutesa browser local-storage entry under the key
ch-cookie-consentrecords your cookie-preference choice
The Service does not run analytics, marketing, or advertising trackers.
Server logs
Our hosting provider records standard request metadata (IP address, user agent, request path, response code, timestamp) for operational, security, and abuse-prevention purposes. These logs are retained on a rolling basis according to the provider’s defaults.
How we use your information
We process the data above for the following purposes:
to operate the Service: authenticating you, running the creator program, awarding XP and points, tracking bounty and lesson progress, and fulfilling redemptions
to review applications and decide whether to admit you to the program
to send transactional notifications related to your participation
to keep the Service secure: detecting abuse, throttling traffic, validating uploaded files, and recording audit trails of administrative actions
to improve the Service: aggregated, non-identifying usage data informs decisions about which bounties, lessons, and store items to ship next
to comply with legal obligations and respond to lawful requests from authorities
Legal basis for processing (UK GDPR / EU GDPR)
We rely on the following legal bases:
Performance of a contract for processing necessary to run your participation in the creator program (account, submissions, redemptions, transactional notifications).
Legitimate interest for processing aimed at securing the Service, preventing abuse, and recording audit trails. We have weighed these interests against your privacy and consider them not to override your rights.
Consent for any optional features that go beyond essentials (for example, the public-leaderboard opt-in is a consent action you can revoke at any time). We do not run analytics or advertising trackers, so consent for those is not currently required.
Legal obligation where retention or disclosure is required by law.
Sharing your data
We share data only with the parties needed to operate the Service:
the OAuth provider you choose to sign in with (Google, Apple, Discord, or PlayFab via Fateless ID)
our hosting provider, who runs the Service infrastructure
our database provider, who stores the records described above
our transactional email delivery provider
legal, accounting, or compliance advisors when reasonably required
We do not sell your personal data. We do not share your personal data for advertising. We do not pass your contact details to third parties for marketing.
If we ever change those processors, we will update this policy and, where required, notify you separately.
International transfers
Some of the providers above operate outside the UK and the EEA. Where transfers happen, we rely on the relevant safeguards (for example the UK extension to the EU-US Data Privacy Framework and the European Commission’s Standard Contractual Clauses) so your data continues to enjoy comparable protection.
Retention
We retain your information for as long as you maintain an active account on the Service, plus a short period afterwards for legal, accounting, and dispute-resolution purposes:
account profile (display name, email, avatar, OAuth links): kept while the account is active
application records: kept while the program is open and for a reasonable period after a decision is made
activity records (bounties, lessons, redemptions): kept while the account is active and used to compute lifetime totals
audit logs of administrative actions: kept for a longer period for accountability and security
If you delete your account through the Service (see "Your rights" below), we cascade the deletion across the records that reference your account. Some references in audit and security logs may persist in pseudonymised form for the period needed to operate those logs.
Security
We protect your data with administrative, technical, and organisational measures, including:
HTTPS for all traffic, with HTTP Strict Transport Security (HSTS) in production
a Content Security Policy with per-request nonces to limit the scope of any injected scripts
iron-session encrypted, sealed session cookies bound to the session secret
database-backed re-validation of staff role and active status on every administrative request
magic-byte signature checks on uploaded files to defuse spoofed Content-Type attacks
decompression-bomb protection on image processing
rate limiting and IP-keyed throttling on public mutating endpoints
snapshot-isolation transactions on critical state changes (bounty submission, redemption, balance deduction)
No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you and the relevant authorities as required by law.
Your rights
Under UK GDPR and EU GDPR you have the right to:
access the data we hold about you and obtain a copy
correct inaccurate or incomplete data
delete the data we hold about you
restrict our processing of your data
object to processing carried out on the basis of legitimate interest
portability: receive your data in a structured, machine-readable format
withdraw consent that you have previously given
lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local supervisory authority
Many of these rights are available to you directly inside the Service. From your profile page you can:
export your data via the Export My Data button (returns a structured archive of your account, applications, activity, and balances)
delete your account via the Delete My Account button (cascades the deletion across the records described above)
For any rights that the in-app tools do not cover, contact us at contact@fateless.gg and we will respond within thirty days.
Children
The Service is intended for users who are at least 18 years old, or who are otherwise legally able to enter into the agreements involved in the creator program. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.
Changes to this policy
We may update this policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify active creators by email. Your continued use of the Service after a change indicates your acceptance of the updated policy.
Contact
For privacy questions, data-rights requests, or complaints, contact:
Fateless Ltd
Amelia House, Crescent Road
Worthing, England, BN11 1QR