Privacy Policy Last Updated: 2/28/2025 Nexoss Limited ("Nexoss," "we," "us," or "our") operates the Stellarum website ("the Website"). This Privacy Policy explains how we collect, use, and disclose your personal data when you visit or interact with the Website, as well as your rights under various data protection laws (including GDPR and CCPA). 1. Introduction Business Name: Nexoss Limited Location: Alberta, Canada Scope: This Privacy Policy applies solely to the Website and any services we provide through it. By accessing or using the Website, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use. 2. Data We Collect 2.1 Email Address Purpose: If you sign up for our newsletter, we collect your email to send you updates and marketing communications regarding Stellarum. Opt-In: Subscribing is voluntary, and you can unsubscribe at any time by following the unsubscribe link in our emails or contacting us directly. 2.2 Steam Account Information Purpose: We may allow you to link your Steam account to verify ownership of an older game, thus determining eligibility for free Stellarum packages. Scope: We only collect the information needed for verification (e.g., your Steam username or a unique identifier). 2.3 Usage Data & Analytics Google Analytics: We use Google Analytics to gather information about how users interact with the Website. This includes IP addresses, browser type, pages visited, and time on site. Purpose: This helps us analyze trends, improve user experience, and diagnose technical issues. 2.4 No Other Personal Data We do not currently collect additional personal information (such as full names, addresses, or payment information) since the Website does not process purchases or host community features at this time. 3. How We Use Your Data Newsletter & Updates: To send news, promotional materials, and other information you opt in to receive. Verification: To confirm eligibility for free packages via your Steam account link. Analytics & Improvements: To monitor and analyze Website performance and usage, helping us improve functionality and user experience. Legal Compliance: We may use your data to comply with applicable laws, regulations, or legal processes. 4. Lawful Bases for Processing (GDPR) If you are located in the European Economic Area (EEA), we rely on the following lawful bases: Consent: For sending marketing communications, we rely on your explicit consent. Legitimate Interests: For analytics (Google Analytics) and basic operational functions, we rely on our legitimate interests in operating and improving the Website. Legal Obligations: Where required by law, we may process your data to comply with legal obligations. 5. How We Share Your Data Service Providers We use Google Analytics, which may process your data on our behalf. We do not sell or rent your personal data to third parties. Legal Requirements We may disclose personal data if required to do so by law, subpoena, or other legal process, or if such disclosure is necessary to protect our rights or the rights of others. 6. Cookies and Tracking We primarily use essential/functional cookies for the basic operation of the Website and analytics cookies (through Google Analytics). We do not use third-party advertising or social media cookies. Managing Cookies: You can disable cookies in your browser settings, but doing so may affect the functionality of certain Website features. For more details, refer to our Cookie Policy (if posted separately). 7. Data Retention We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or to comply with legal requirements. Email Addresses: Stored until you unsubscribe or request deletion. Steam Account Information: Stored only for verification and removed when no longer needed. Usage Data: Retained in Google Analytics per their standard data retention policies, typically aggregated and not linked to an individual. 8. Your Data Protection Rights 8.1 GDPR (EU Residents) If you are in the EEA, you may have the right to: Access the personal data we hold about you. Rectify inaccurate or incomplete data. Request Deletion (Right to be Forgotten). Restrict or Object to certain processing. Data Portability for data you provided directly to us. Withdraw Consent at any time where processing is based on consent. 8.2 CCPA (California Residents) Under the California Consumer Privacy Act, you may have the right to: Know what personal data is collected and how it's used or shared. Delete personal data we hold about you (subject to certain exceptions). Opt Out of the sale of personal data (we do not sell data). Non-Discrimination for exercising any CCPA rights. 8.3 Exercising Your Rights To exercise these rights, please contact us using the details below. We may require verification of your identity before proceeding with certain requests. 9. Children's Privacy The Website is intended for users 13 years of age or older. We do not knowingly collect personal data from children under 13. If you become aware that your child has provided us with personal information, please contact us, and we will take steps to remove it promptly. 10. Data Security We implement reasonable measures to protect the security of your personal data, including technical and organizational safeguards. However, no method of online transmission or storage is completely secure, and we cannot guarantee absolute security. 11. International Data Transfers If you access the Website from outside Canada, be aware that your data may be transferred to and stored in servers located in Canada or other jurisdictions. By using the Website, you consent to such transfers subject to applicable data protection laws. 12. Changes to This Privacy Policy We may update this Privacy Policy from time to time. If we make significant changes, we will provide a notice on the Website and update the "Last Updated" date at the top. Your continued use of the Website after any changes indicates your acceptance of the revised Privacy Policy. 13. Contact Us If you have any questions, concerns, or requests related to your personal data or this Privacy Policy, please contact: Data Protection Officer (DPO): dpo@nexoss.com General Inquiries: contact@nexoss.com Nexoss Limited Alberta, Canada Thank you for visiting the Stellarum Website!