Your privacy matters. This policy explains what data we collect and how we protect it.
1. Who We Are
VelocityMU is a privately operated MuOnline Season 21 game community. For the purposes of data protection law, VelocityMU acts as the data controller for personal information collected through this Website. We are committed to protecting your personal data in accordance with applicable privacy law, and where applicable, the EU General Data Protection Regulation (GDPR) for users in the European Economic Area.
2. Data We Collect
We collect only the minimum data necessary to operate our services: Account Data (username, email address, hashed password) at registration; Technical Data (IP address, browser type, operating system, session cookies) on every visit; Login History (IP, timestamp, connection state, hardware ID) at each login/logout; Gameplay Data (character names, levels, resets, guild membership, in-game activity); Transaction Data (donation records, WCoin ledger); Support Data (correspondence); and Usage Data (pages visited, features used, shop purchases). We do not collect real names, physical addresses, phone numbers, or government-issued identification unless required by law.
3. How We Use Your Data
We use your data for account management and authentication; service delivery (game server, website features, shop, and Player Market); security and fraud prevention using IP, login history, and HWID data; donation processing; communication and support; legal compliance; and website improvement via aggregated, non-personally identifiable analysis. We do not use your data for targeted advertising or sell it to third parties.
4. Legal Basis for Processing (GDPR)
For users in the EEA, we rely on: Contract performance (Art. 6(1)(b)) to provide our services; Legitimate interests (Art. 6(1)(f)) for security, fraud prevention, and service improvement; Legal obligation (Art. 6(1)(c)) where required by law; and Consent (Art. 6(1)(a)) for optional cookies and non-essential communications, which you may withdraw at any time.
5. Data Retention
We retain active account data for the duration of your account; login and security logs for up to 12 months; donation/transaction records for 7 years per accounting and tax requirements; support correspondence for 3 years; and deleted account data is anonymized or deleted within 90 days of a deletion request, except where retention is legally required. Upon permanent shutdown, all personal data is securely deleted within 180 days, except where legal obligations require longer.
6. Data Security
We implement appropriate technical and organizational measures: HTTPS/TLS encryption for all data in transit; strict access controls limited to authorized administrators; regular security reviews and vulnerability scanning; separate database infrastructure for website vs. game data; and rate limiting and IP-based access controls on sensitive endpoints. Due to game server compatibility requirements, passwords are stored using MD5 hashing, which is less secure than modern algorithms — we strongly recommend using a password unique to VelocityMU. In the event of a data breach that poses a risk to your rights, we will notify affected users and the relevant authorities in accordance with applicable law and GDPR where applicable.
7. Cookies & Tracking Technologies
We use essential cookies (session, login, authentication), preference cookies (language, theme, UI), and security cookies (CSRF tokens). We do not use third-party advertising cookies, cross-site tracking pixels, social media tracking scripts, or behavioral analytics that share data with third parties. You can disable non-essential cookies in your browser; doing so may affect login and certain features. We honor browser "Do Not Track" signals.
8. Third Parties & Data Sharing
We do not sell, trade, or rent your personal information. We may share limited data only with: payment processors (we receive only confirmation of a transaction, never full card numbers); law enforcement when required by a valid legal order; hosting partners strictly for abuse prevention; and in the event of a transfer of operations, with appropriate safeguards. Any providers we engage are contractually required to process data only for the specified purpose and to maintain appropriate security.
9. Donations & Payment Data
All financial transactions are voluntary donations. Payment card details are processed entirely by our third-party payment gateway; we do not store or have access to full card numbers, CVV codes, or bank details. We retain donation records (amount, date, associated account ID) for accounting and fraud prevention as required by law (up to 7 years). Financial data never passes through or is stored on our servers.
10. Children's Privacy
Users under 13 are not permitted to register accounts. We do not knowingly collect personal data from children under 13. Users between 13 and 18 may use the free gameplay features but may not make donations or participate in virtual-currency transactions. If we become aware that we have collected data from a child under 13 without parental consent, we will promptly delete it.
11. Your Rights
Depending on your location, you may have the right to access your data, rectify inaccurate data, request erasure ("right to be forgotten") subject to legal retention, restrict processing, receive your data in a portable format (EEA users), and object to processing based on legitimate interests. To exercise any of these rights, contact us via our Discord server. We will respond within 30 days, or within the timeframe required by applicable law, and may need to verify your identity first. We will not charge a fee for reasonable requests.
12. Applicable Data Protection Law
This Website is subject to applicable data protection and privacy laws in the jurisdiction where VelocityMU operates, as well as the EU GDPR for users in the EEA. If you have unresolved concerns about our data handling, you may lodge a complaint with the data protection supervisory authority in your country of residence.
13. International Data Transfers
Our services are operated internationally. If you access them from the EEA or other regions with specific data protection laws, your data may be transferred to and processed in a jurisdiction outside your own. Where required, we ensure such transfers are carried out with appropriate safeguards, such as standard contractual clauses or transfers to jurisdictions recognized as providing an adequate level of data protection.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date, post a prominent notice on the Website, and where practicable and required by law, notify registered users by email. Your continued use after changes constitutes acceptance.
15. Contact & Data Requests
All privacy-related inquiries — including data access requests, deletion requests, and complaints — are handled via our Discord server. Open a ticket and specify that your request is a Privacy / Data Request. We aim to respond within 30 days; for complex requests we may extend by an additional 30 days with notice.




