TalesNTokens

GDPR Data Rights Policy

Last updated: 17 June 2026

This policy explains how users may exercise rights under UK GDPR, EU GDPR, and related data protection laws. It should be read with the Privacy Policy, UK GDPR Compliance Statement, Data Retention Policy, and Subprocessor Disclosure Page.

Definitions

"Data subject" means the person whose personal data is processed.

"Controller" means the organisation that decides why and how personal data is processed.

"Processor" means a third party that processes data for a controller.

"Personal data" means information relating to an identified or identifiable person.

"Request" means a request to exercise a privacy right.

Scope

This policy applies to personal data processed by TalesNTokens for accounts, rooms, maps, tokens, character sheets, notes, uploaded assets, marketplace transactions, creator uploads, sandbox sessions, analytics, support, reporting, moderation, payments, and security.

Available Rights

Depending on the law that applies, users may have the right to:

  • be informed about processing;
  • access personal data;
  • correct inaccurate data;
  • delete personal data;
  • restrict processing;
  • object to processing;
  • receive portable data;
  • withdraw consent;
  • challenge automated decisions where applicable;
  • complain to a supervisory authority.

How To Submit A Request

Email privacy@talesntokens.com with:

  • account email;
  • requested right;
  • relevant room, content, listing, transaction, or report IDs;
  • country of residence;
  • enough information to verify identity.

TalesNTokens may request additional verification before disclosing, exporting, deleting, or changing data.

Response Times

TalesNTokens aims to respond within one month of verifying a valid request. Complex requests or multiple requests may require an extension of up to two additional months where permitted by law. If an extension is needed, TalesNTokens will explain why.

Access Requests

Users may request a copy of personal data associated with their account, including account data, room membership data, saved content metadata, marketplace records, support records, and available logs. TalesNTokens may withhold information that would adversely affect another person's rights, reveal security secrets, expose trade secrets, or be restricted by law.

Correction Requests

Users may correct account information, nicknames, room preferences, creator profile details, listing metadata, and other inaccurate data. Some data, such as transaction records, may need to be preserved with correction notes rather than overwritten.

Deletion Requests

Deletion is handled under the Account Deletion Policy and Data Retention Policy. Deletion may not remove data that TalesNTokens must retain for legal, tax, accounting, fraud prevention, safety, copyright, chargeback, dispute, or security reasons.

Restriction And Objection

Users may request restriction of processing or object to processing based on legitimate interests. TalesNTokens will assess the request and stop processing unless it has compelling legitimate grounds or must continue for legal claims, safety, security, or compliance.

Portability

Users may request portable copies of account data and user-created maps or other data where technically feasible and legally required. TalesNTokens should provide JSON or another commonly used machine-readable format where possible.

Users may withdraw consent for non-essential cookies, analytics, marketing emails, and optional processing. Withdrawal does not affect processing before consent was withdrawn and does not affect processing needed for contracts, legal obligations, security, or legitimate interests.

Automated Decision-Making

TalesNTokens does not currently rely on solely automated decisions that produce legal or similarly significant effects. If automated moderation, fraud, marketplace ranking, or payout decisions are introduced, this policy must be updated and users must be provided required information and rights.

User Obligations

Users must submit truthful requests, use the correct account email, avoid requesting another person's data without authority, and provide verification where required.

Platform Obligations

TalesNTokens will maintain request workflows, verify identity proportionately, respond within legal timeframes, document decisions, assist users where possible, and ensure processors support rights requests.

Contact Procedures

Data rights requests: privacy@talesntokens.com Appeals or unresolved rights issues: appeals@talesntokens.com

Enforcement Procedures

Abusive, fraudulent, repetitive, or manifestly unfounded requests may be refused or charged where law permits. TalesNTokens will explain the reason and available complaint routes.

Appeals Process

Users may appeal a rights decision within 30 days by emailing appeals@talesntokens.com. Users may also complain to the UK Information Commissioner's Office or their local EU supervisory authority.