SWORD
Privacy policy — swordsgame.com and the Sword game services
Last updated: 2026-07-04. Plain language, written in good faith by a small indie team — this page describes what our systems actually do.
Who we are
Sword is made by Sword Team, the indie team behind the game and this site. For anything privacy-related, contact support@swordsgame.com.
What data we process, and why
- Steam sign-in. Signing in uses Steam OpenID. We receive your public SteamID64 (and, when Steam provides them, your public persona name and avatar) — never your Steam password. The sign-in creates a single session cookie: HMAC-signed, httpOnly, essential-only, expiring after 30 days. That is the only cookie this site sets — there are no analytics or tracking cookies, which is why you see no cookie banner.
- Discord linking (optional). If you choose to connect your Discord account, we store your Discord user ID next to your SteamID so the community bot can grant you roles for the skins you own. Nothing is stored unless you connect, and you can unlink at any time from the storefront.
- Purchases and entitlements. We record which items (SKUs) a SteamID owns so they appear in-game. Payment card data never touches our servers. There are currently no live payments at all; when checkout activates, it will be operated by a merchant of record — an external payment company that is the legal seller — with their own privacy policy linked at checkout.
- Feedback. Feedback submitted in our Discord (the
/feedbackcommand or the feedback channel) is stored as the message content plus the Discord author ID, and is used only to improve the game. Once a week it is compiled into an aggregated digest (summarized automatically using Anthropic's AI API). Public replies and mentions on our X and Bluesky accounts may also be read into that digest. - Server logs. Like practically every website, our server keeps standard web-server logs that include IP addresses, used for security and keeping the service running.
Where your data lives
Everything is hosted on our server in Helsinki, Finland (EU), run by Hetzner. DNS is provided by Cloudflare. The services that process data on our behalf or alongside us: Valve (Steam sign-in), Discord (account linking and feedback), Anthropic (automated feedback summarization), Hetzner (hosting) and Cloudflare (DNS).
Legal bases
- Contract performance — Steam sign-in and keeping your entitlements attached to your account.
- Legitimate interest — processing feedback to improve the game, server logs, and keeping the service secure.
- Consent — optional Discord linking (you actively connect it, and can withdraw by unlinking).
How long we keep things
- Session cookies expire on their own (30 days at most).
- Purchase and entitlement records are kept for as long as the service operates — they are what makes your items yours.
- Feedback is kept until it has been processed into a digest, plus a reasonable period after.
- Anything is erased earlier on request (see your rights below).
Your rights (GDPR)
You can ask us for access to the data we hold about you, ask us to correct or erase it, ask for a portable copy, or object to processing. To exercise any of these, email support@swordsgame.com — we will handle it as fast as a small team can. You also have the right to lodge a complaint with a supervisory authority; in Finland that is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi).
Changes to this policy
This policy may be updated as the service evolves — for example when payments launch. Changes are posted on this page with a new "Last updated" date.