Privacy Policy

Last updated: 7 June 2026

This is a translation of our German privacy policy for convenience. The German version is legally binding.

1. Controller

Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data-protection laws of the member states as well as other data-protection provisions is:

Tobias Bauer
Martinusstr. 41
52525 Heinsberg
Germany
Email: mailbinshapercom

Loreshaper is the games sub-brand of the controller listed above (binshaper). Data-processing responsibility, data-processing agreements, and data-subject rights all lie with binshaper. This policy describes only the data processing on loreshaper.com; a parallel, content-equivalent policy applies to binshaper.com.

2. General information about data processing

2.1 Scope of processing of personal data

We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for actual reasons and processing is permitted by law.

2.2 Legal bases for processing

Insofar as we obtain the consent of the data subject for processing, Art. 6 (1) (a) GDPR serves as the legal basis. For processing necessary for the performance of a contract to which the data subject is party, Art. 6 (1) (b) GDPR applies. Insofar as processing is necessary for compliance with a legal obligation, Art. 6 (1) (c) GDPR serves as the legal basis. If processing is necessary for the legitimate interests pursued by us or a third party and the interests, fundamental rights and freedoms of the data subject do not override those interests, Art. 6 (1) (f) GDPR applies.

2.3 Erasure and storage period

Personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject (e.g. retention obligations under commercial or tax law of up to 10 years). Blocking or erasure of the data also takes place when a storage period prescribed by the named regulations expires.

3. Provision of the website and hosting

3.1 Description and scope of data processing

Each time our website is accessed, our hosting provider automatically collects information that the browser of the accessing device automatically transmits. The following data are collected:

• IP address of the requesting device (truncated/anonymised)
• Date and time of access
• File requested and amount of data transferred
• Notification of whether the request was successful
• Referrer (previously visited page)
• Browser, operating system, and language settings used

These data are stored in technical server logs. They are not merged with other data sources or evaluated for marketing purposes.

3.2 Legal basis and purpose

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR. Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's device. For this, the IP address must remain stored for the duration of the session. Our legitimate interest is to provide the website in a stable, secure, and functional way, and to prevent attacks.

3.3 Hosting provider: Cloudflare

This website is hosted via the Cloudflare Pages platform. Provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, and Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany.

Cloudflare operates a globally distributed Content Delivery Network (CDN) and serves content from data centres worldwide, including in the EU. When our website is accessed, connection data (e.g. IP address, date, time, content accessed) are processed by Cloudflare. Cloudflare uses these data for content delivery, availability, protection against cyber-attacks (e.g. DDoS filtering), and performance optimisation.

Personal data may be transferred to the USA. Cloudflare is certified under the EU-US Data Privacy Framework and therefore offers a level of data protection deemed adequate by the EU Commission's adequacy decision of 10 July 2023. A data-processing agreement (Art. 28 GDPR) has been concluded with Cloudflare.

Legal basis is Art. 6 (1) (f) GDPR (legitimate interest in providing the website securely, quickly, and reliably). For more information, see Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/ .

4. Cookies

This website uses no tracking cookies, no analytics cookies, and no third-party cookies. We use only those functions that work without consent-requiring cookies or comparable technologies (under § 25 TDDDG). For this reason we do not use a cookie banner.

5. Newsletter / waitlist signups

5.1 Description and scope of data processing

On our game-detail pages and on the homepage we offer a newsletter form through which you can subscribe to release notifications and occasional updates about our games. The following data are processed:

• Email address
• Game or page from which you subscribed (internal source info)
• Date and time of signup

The signup uses a double opt-in procedure: After submitting the form you receive an email containing a confirmation link. Only after clicking that link are you finally added to our distribution list. If you don't confirm, your data are not stored permanently — the temporary signup token is valid for 7 days and contains your details cryptographically signed (HMAC-SHA-256).

5.2 Legal basis

Legal basis is your express consent in accordance with Art. 6 (1) (a) GDPR as well as § 7 (2) no. 1 UWG for the sending of email notifications. Consent is given by actively checking the box and confirming the link in the verification email. It can be withdrawn at any time for the future without affecting the lawfulness of the processing carried out up to that point.

5.3 Purpose of data processing

The data are used to inform you by email about the release of the relevant games, new games from us, and occasionally about substantial updates. Use for any other advertising purposes, tracking, profiling, or transfer to third parties for such purposes does not take place.

5.4 Recipients / processors (Resend)

Both the confirmation email and the storage of contacts are handled via the email-delivery service Resend (provider: Resend, Inc., 2261 Market Street #4667, San Francisco, CA 94114, USA). Resend offers an "Audiences" feature in which confirmed email addresses are managed in a list, so we can send a newsletter ("broadcast") to all subscribers at release or for updates. A data-processing agreement (Art. 28 GDPR) has been concluded with Resend; Resend is certified under the EU-US Data Privacy Framework and processes data in the EU region (Frankfurt, Germany). Resend's privacy policy: https://resend.com/legal/privacy-policy .

5.5 Storage period and revocation

Your data are stored until you withdraw your consent (unsubscribe). You can unsubscribe at any time without giving a reason — either via the unsubscribe link contained in every email we send, or by sending an informal message to mailbinshapercom . After revocation, your personal data are removed from our distribution list immediately. If you do not confirm the signup link, no data are stored permanently at all.

5.6 Spam protection (Cloudflare Turnstile)

When the signup form is submitted, we use Cloudflare Turnstile to prevent automated signups. Technical data (e.g. IP address, user agent, screen resolution, current-session cookie data) are processed by Cloudflare, but exclusively for bot detection and not for profiling. Legal basis is Art. 6 (1) (f) GDPR (legitimate interest in protecting our forms against misuse). Further information can be found in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/ .

6. External links to app stores

On our game-detail pages we link, after release, to the Apple App Store (Apple Inc.) and the Google Play Store (Google Ireland Limited / Google LLC). Only when you click such a link are you redirected to the respective providers' servers. There is no automatic connection to these providers. We have no influence over how Apple and Google process your data. Please refer to the providers' respective privacy policies:

• Apple Privacy Policy
• Google Privacy Policy

7. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this site uses SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

8. Rights of the data subject

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure ("right to be forgotten") (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw a data-protection consent (Art. 7 (3) GDPR)
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, an informal message to mailbinshapercom is sufficient.

9. Automated decision-making

Automated decision-making including profiling under Art. 22 (1) and (4) GDPR does not take place on this website.

10. Updates and changes to this privacy policy

This privacy policy is currently valid and dated 7 June 2026. As our website evolves or due to changing legal or regulatory requirements, it may become necessary to update this privacy policy. The most recent version is always available on this page and can be retrieved and printed at any time.