API Privacy Policy

Effective Date:  June 4, 2025



Thank you for choosing our services. We respect your privacy and are committed to protecting your Personal Data (as defined below).



This MapleStory Universe Open API Developer Privacy Policy (this "API Privacy Policy") applies to the processing of Personal Data (as defined below) by Nexpace and all of its subsidiaries and affiliates (collectively, the "Company", "we", "our" or "us") in connection with your visits or use of the platform operated by us, which comprises our websites, mobile applications, forums, marketplaces, blogs, hubs, tools, protocols, games, interactive software products and services, and any supporting servers used to deliver our services (collectively, "Platform").Third-party services may have their own privacy policies, and we encourage you to review them. This API Privacy Policy is to be read and interpreted together with our MapleStory Universe Open API Terms of Service ("API Terms"), available athttps://msu.io/policy/api-terms, and additional terms, conditions, rules, or guidelines on permissible use provided by the Company, which collectively (together with this API Privacy Policy) govern the Personal Data (as defined below) processing activities relating to your access to and use of the Platform and our services. By using the Platform, you agree to be bound by our API Terms and this API Privacy Policy. This API Privacy Policy does not intend to override any clauses present in our API Terms. Any terms not defined in this API Privacy Policy shall be deemed to have meanings given to them in the API Terms, as the case may be.



  1. Purpose

    1. This API Privacy Policy is designed to provide you with information regarding the specific types of your Personal Data we collect, the purposes and legal bases for processing your Personal Data and the methods by which we collect and process your Personal Data.

    2. The term "Personal Data" means any information which, by itself or in conjunction with other information, may be used to identify you. Please note that this API Privacy Policy informs you of your rights and how the data protection principles are set out in the ADGM Data Protection Regulations, 2021 of Abu Dhabi Global Market ("ADGM"). Section 5 of this API Privacy Policy contains details of the collection and processing of the Personal Data. Please commence using the Platform to receive our services only after consenting to share your Personal Data with us in the prescribed specific format.

    3. Failure to respond to our consent request will not constitute a valid consent. If we become aware that you have accessed or used the Platform without providing proper consent per our request, we reserve the right to limit, prohibit, or restrict, your access or use of the Platform.



  1. Amendments

From time to time, we may amend this API Privacy Policy to reflect necessary changes in (i) relevant laws and/or regulations, (ii) our Personal Data collection and usage practices, (iii) the Platform or (iv) certain advances in technology. If any material amendments are made to this API Privacy Policy, such amendments would be posted on the Platform at which time they will become effective. You are responsible for familiarizing yourself with the contents of this API Privacy Policy, particularly each time you access the Platform.



  1. Scope of Personal Data Collected and Processed

    1. The Platform collects and processes the Personal Data of the following individuals:

      1. Visitors: Individuals who visit, but do not create an account on, the Platform.

      2. Users: Individuals who have signed up on the Platform to create an account or contacted us via email at contact_builder@nexpace.io to receive MSU API Services(as defined in the API Terms) or other services available on the Platform. (Visitors and Users collectively, the "Data Subject" or "you")



  1. Data Processing Principles Followed and Automated Processing

Your Personal Data is collected and processed in accordance with the global best data processing principles, including lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability; in each case pursuant to relevant laws and regulations.



  1. Types of Data, Purposes of Processing and Legal Basis for Processing



Personal Data processed

Purpose/activity

Legal Basis

Mode of Collection

Personal Identifiers

  •  Full name

  • Team/Project/Corporate name

  • Email address

  • Country of residence

  • Applicant type

  • Corporate registration status

  • Providing our services.

  • Identifying developer and issuing API key.

  • Delivering API key, providing technical support and maintenance.

  • Complying with applicable laws.

  • Determining eligibility and performing due diligence.

  • Contracting to You.



  • Your consent.

  • Performance of a contract with you.

  • Necessary to comply with a legal obligation.

  • Collected directly from you via registration forms or by our third-party service provider.

  • Our email correspondence with you.

Social Contact Information

  • Telegram account

  • Providing our services.

  • Ensuring communication for technical support and maintenance.

  • Your consent.

  • Our legitimate interests in supporting our services and ensuring service stability.

  • Collected directly from you via registration forms or by our third-party service provider.

  • Our email correspondence with you.



Technical Information

  • IP address

  • Browser or client information

  • Device and environment details

  • Monitoring the performance and availability of our services.

  • Providing technical support and responding to your questions or comments.

  • Keeping our platform, our other IT systems, and facilities safe and secure for cybersecurity purposes.

  • Our legitimate interests in supporting our services and ensuring service stability.

  • Automatically via API logs.

  • Collected directly from you during support interactions.

Support and Feedback

  • Email address

  • Customer support consultation history

  • Opinions

  • Feedback

  • Providing customer support

  • Answering queries and complaints you may have.

  • Troubleshooting and resolving technical issues.

  • Investigate account-related issues or complaints.

  • Evaluating service quality

  • Improving and developing   services.

  • Your consent.

  • Performance of a contract with you.

  • Through CS tickets or third party support tools.

  • Our direct interactions with you, including our email correspondence with you.

  • Our enquiry or contact forms, and our correspondence with you.



  1. Refusal, Failure, Inability to Provide Necessary Personal Data

If you fail, neglect, refuse, or are unable to provide us with any Personal Data which is necessary to provide our services or comply with relevant laws and regulations, we may not be able to provide the services to you. In such case, we have the right to discontinue your use of the Platform and/or may disapprove your service requests, in which case we will promptly notify you.



  1. Age Limit

The Platform is not intended for, and we do not collection any information from, individuals under nineteen (19) years of age. If we unintentionally collect the Personal Data from such individuals, we will exercise our best effort to delete such information.



  1. Processing and Use of Aggregated, Anonymized and De-Identified Information

We may create, process, collect, use and share aggregated, anonymized or de-identified data such as statistical or demographic data for any purpose as permitted under applicable laws. We may analyze such aggregated and anonymized information in a manner to further enhance the level of services that we offer on the Platform for business or research purposes, including improving and customizing the Platform for ease of use and the services offered by us. Such information also includes the average number of users of the Platform, the average clicks of the services, the features used, the response rate and other such statistics regarding groups or individuals. In doing so, we will not disclose any Personal Data and ensure that our creation, processing, collection, use or sharing of aggregated, anonymized or de-identified data may be used to identify you. We may archive the aggregated, anonymized or de-identified data for providing future updates and/or surveys and also to comply with relevant laws and regulations. 



  1. Links to Third-Party Websites

The Platform or communications through the Platform may contain links to other third-party websites which are not owned or operated by us and are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third-party’s site. We strongly advise you to carefully review the policy of every such third-party site you visit. We are not responsible for the privacy policies of these third-party websites, regardless of whether they were accessed using the links from our Platform. We have no control over and assume no liability for the content, privacy policies or practices of any third-party sites or services.



  1. Sharing of Personal Data with Third Parties

    1. We may share your Personal Data with a selected group of thirdparties for reasons elaborated in this section.  

    2. We will only disclose your Personal Data to third-party service providers under the strict terms of confidentiality. We do not allow third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions. 

    3. Below sets forth a list of circumstances in which we may share your Personal Data with third parties and details of such third parties:

      1. To provide services to you: We may share your Personal Data with our affiliates and select third-party vendors as listed below in Section 10.3.5 of this API Privacy Policy.

      2. Applicable laws and regulations, requests from governmental authorities, or any other relevant authority inquiry: Where we are legally required to do so, we may disclose your Personal Data (i) to comply with applicable laws and regulations, (ii) in response to a request from any governmental authority or legal process, such as a court order or a subpoena (including those related to national security or law enforcement), (iii) where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities or (iv) in connection with a judicial proceeding including as evidence in any litigation in which we are involved.

      3. Merger, acquisition: We may disclose your Personal Data in connection with, or during negotiations of, any merger involving the Company, sale of all or a portion of our asset or business to another party, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or asset. In the event of an insolvency, bankruptcy, or receivership involving the Company, your Personal Data may also be transferred as a business asset forming part of our goodwill. If another party acquires us, our business or assets, such party will possess the Personal Data collected by us and will assume the rights and obligations held by us regarding your Personal Data, as described in this API Privacy Policy.

      4. Advertisements: We may disclose your Personal Data to third-party advertising companies. These companies may use information about your visits to our Platform and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.

      5. Sharing with third-party vendors: In connection with the performance of our services, we may share your Personal Data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. A non-exhaustive list of services provided by such third parties, which may change from time to time, include customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services, marketing efforts, and regulatory, compliance and screening services such as know your customer (KYC) verification.

      6. Other Users: Your profile, including your username and the picture that you may provide through the Platform, and information about your activities on the Platform may be visible to other users of the Platform or third party sites and services. For example, your game results, scores, and profile information may be viewed by other users of the Platform and, if you choose to link to social media sites like Discord, X (Twitter), viewed by users of such sites.

    4. Some of these third parties may be located outside of ADGM, in which case we will take all necessary steps to ensure that your Personal Data is treated securely and that such transfers are permitted under the applicable data protection laws. Please see Section 14 for further information.

    5. We may also use any or all of the Personal Data we collect from you and process to administer and manage our business in general, to detect and prevent misuse of our services (including fraud), and to enforce our API Terms or any other contract to which we may be a party.  



  1. Rights over Personal Data

    1. You broadly have these rights under the applicable data protection laws:

      1. Right to access: This means that you may ask us to provide information on several aspects (depending on the applicable law/regulations) pertaining to the processing activities undertaken by us, including, what Personal Data concerning you is being processed by us, the purposes of such processing, and who else the Personal Data may be passed/transferred to or shared with.

      2. Right to withdraw consent: Where we rely on your consent to process your Personal Data, if you wish for us to stop processing your Personal Data, it is your right to withdraw consent, preventing us from further processing the Personal Data, without prejudicing any processing of your Personal Data which will have taken place till the receipt of your consent withdrawal request.

      3. Right to rectification: If you have provided your Personal Data to us, you have the right to request that we correct, or rectify your Personal Data if the same is incorrect or outdated.

      4. Right to seek deletion: Under certain circumstances, you can ask for your Personal Data to be deleted. This would apply if the Personal Data is no longer required for the purposes it was collected for, or your consent for the processing of that Personal Data has been expressly withdrawn, or where Personal Data has been unlawfully processed. Some exceptions may apply to your exercise of this right.

      5. Right to object to processing: You have the right to object to the further processing of your Personal Data which is inconsistent with the primary purpose for which it was collected, which includes processing for profiling, automation and direct marketing.

      6. Right to restrict processing: This is your right to ask for a temporary halt or pause in the processing of Personal Data, such as in the case where a dispute or legal case must be concluded, or the information is being corrected.

      7. Right to data portability: This is your right to ask for the Personal Data which you have provided to us, for which you have provided your consent for us to process, and which we have processed using automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.

      8. Rights in relation to automated decision making and profiling: This is your right not to be subject to a decision based solely on automated processing.

      9. Right not to be discriminated against: This is your right not to be discriminated against by us. This right ensures that your Personal Data will not influence or affect us, and you are not denied any of our services, charged a different rate for the services, or provided with a different quality of service simply because of your Personal Data.

    2. If you wish to exercise any of the rights set out above or any other laws concerning Personal Data (in so far as the same is applicable), please contact us at terms_policy@nexpace.io. We may need to request specific information from you to help us confirm your identity. This security measure is to ensure that your Personal Data is not disclosed to any person who has no right to receive it.

    3. We aim to respond to all legitimate requests without undue delay and within one (1) calendar month of receipt of any request from you. Occasionally it may take us longer than one (1) calendar month if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

    4. A request to withdraw consent, restrict or stop processing your information, or delete your account or information may result in your inability to access the Platform or some of its features.



  1. Updating Your Information

Whenever possible, you can update your Personal Data, subject to verification by us. If you wish for us to update your Personal Data, please contact us at terms_policy@nexpace.io to make the required changes. We will retain your Personal Data for as long as your accounts have not been closed or as may be needed to provide you access to your accounts and/or our services, and in compliance with the law.



  1. Data Retention and Records

    1. We retain Personal Data, including session data linked to your service usage or account, and all access or use of the services for as long as reasonably necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

    2. If you choose to withdraw your membership or discontinue using our service, your Personal Data will be retained for thirty (30) days following your withdrawal or disconnect for fraud prevention purposes, after which it will be permanently deleted.

    3. Certain Personal Data may be retained for a longer period to comply with legal, accounting, reporting, government, regulatory or law enforcement requirements up to a maximum of eight (8) years or as required by applicable laws.

    4. We adhere to all applicable legislative provisions and data protection laws of each jurisdiction we operate in. Should any further information be required, please contact us at terms_policy@nexpace.io.

    5. Notwithstanding the above, we may retain your Personal Data for a longer period of time, as determined on a case by case basis. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. When we have no ongoing legitimate business needed to process your Personal Data, we will either delete, anonymize, pseudonymize, encrypt or put beyond further use your Personal Data unless necessary for the establishment or defense of legal claims or retention thereof is necessary for compliance with applicable law or if it is part of a dataset used to lawfully train or refine an artificial intelligence system in a manner that does not present risks to your rights.If this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

    6. To enhance user experience and manage interactions among users, non-personal data, including game and transaction data generated during your use of our services, may be shared with other users via our Platform, Platform APIs or open APIs or other interfaces linked to our services.

    7. Please note that even if you disconnect your wallet from our services, data recorded on the blockchain, such as wallet addresses or transaction history, are permanent and cannot be modified or deleted by us. You acknowledge that this information cannot be deleted and we are not responsible for any consequences arising from its permanence.



  1. Data Storage and Data Transfers

    1. Your Personal Data is stored and transferred in compliance with the applicable legislation of the ADGM.

    2. We store and process your Personal Data in data centers within the UAE, wherever we have our premises, or where our third-party service providers are located.

    3. We may transfer some of your Personal Data outside the ADGM. Some of the international organizations and countries to which your Personal Datamay be transferred will benefit from an appropriate data protection regulatory framework as evidenced by an adequacy decision by the appropriate regulatory authority. However, this may not always be possible. For such international organizations and countries, we shall transfer your Personal Data, only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards, such as adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organizations and countries. If sought by you, we shall notify you of the specific safeguards we adopt to transfer your Personal Data to such an international organization and/or country.

    4. Notwithstanding Section14.3, we may transfer your Personal Data outside of the ADGM in the following circumstances:

      1. The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;

      2. The transfer is necessary for important reasons of public interest;

      3. The transfer is required by law enforcement agencies of the UAE in accordance with applicable law;

      4. The transfer is necessary for the establishment, exercise or defense of legal claims (including judicial, administrative, regulatory and out-of-court procedures); or

      5. The transfer is necessary in order to protect your vital interests or those of another person, where you are physically or legally incapable of giving consent.

    5. Should you want more information on your Personal Data which may have been shared outside the ADGM, and the purposes for doing so, please write to us at terms_policy@nexpace.io.



  1. Use of Cookies and Related Technologies

    1. This section explains what cookies are, what information we collect using cookies and how we use cookies in respect of the Platform.

    2. Our Platform uses cookies. A cookie is a small text file placed on your computer, system or mobile device when you visit a website or use an app. Cookies collect information about your visit to or use of a website or about your use of the application, such as the Platform. Cookies collect information such as your IP address, how you arrive at the Platform (for example, through a search engine or a link from another website or platform) and how you navigate within the Platform.

    3. We use both session/transient cookies (which expire once you close your device web browser) and persistent cookies (which stay on your device until you delete them) to collect Personal Data to provide you with a more personalized and interactive experience in using our Platform. This type of Personal Data is collected to make our services more useful to you and to tailor your experience with us to meet your special interests and needs.

    4. How we use cookies

      1. When you use and access our Platform, we may place a number of cookie files on your device’s web browser. We use cookies to enable certain functions of the Platform i.e., to provide analytics, to prevent fraudulent or illegal activity, to store your preferences, to enable advertisement delivery, including behavioral advertising. We also use cookies to enhance your browsing experience by:

  1. Recognizing when you log in and any preferred settings.

  2. Giving you a browsing experience that is unique to you and to serve you content which we believe improves your browsing experience.

  3. Analysing how you use our sites which helps us to troubleshoot any problems and to monitor our own performance.

    1. In addition to our own cookies, we may also use various third parties’ cookies to report usage statistics of our sites, deliver advertisements on and through our Platform, and so on.

    2. Types of cookies we use

      1. We use the following four types of cookies:

  1. Strictly necessary cookies: These cookies are essential to let you move around the Platform and use its features. These cookies allow our Platform to provide services at your request. We use essential cookies to authenticate users and prevent fraudulent use of user accounts.

  2. Performance cookies: These cookies may be used to collect information about how you use the Platform e.g., which pages you visit most often, and if you experience any error messages. They also allow us to update our Platform to improve performance and tailor it to your preferences. These cookies do not collect any information that could identify you – all the information collected is anonymous.

  3. Functional cookies: These cookies are used to remember the choices you make, e.g., your username, login details and language preferences. They also remember any customizations you make to give you enhanced, more personal features of your digital experience.

  4. Targeting cookies: These cookies are used to collect information about your visit to our sites, the content you viewed, browsing habits to deliver adverts which are more relevant to your interest, links you followed and information about your browser, device, and your IP address. They also measure the effectiveness of advertising campaigns.

    1. Why we use cookies

We use cookies and similar technologies for the following functions and purposes:

Function

Purpose

Analytics and Research

We use analytics and research cookies to collect information about how visitors use the Platform, including the total number of people that use the Platform and the types of devices they use. We may use the information to compile reports of aggregated and de-identified information and to help make improvements to the Platform.

Authentication

These cookies help us to identify you so that when you are signed in, you can enjoy the Platform and its features fully. These cookies are essential and cannot be blocked if you wish to use the Platform.

Service Features and Performance

We use feature-tracking cookies to collect information about how the Platform is performing. We may use the information to compile reports and to help make improvements to the Platform.

Security and Service Integrity

We use security-based cookies to help ensure the security of the Platform. We may use information obtained from security and service integrity cookies to, among other things, identify possible fraudulent or abusive activities, enforce its API Terms, and protect your safety. These cookies are essential and cannot be blocked if you wish to use the Platform.

Advertising

We use advertising cookies to customize the advertising that is shown to you on the Platform and on third party websites and services.

  1. Cookies preferences

Please note, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer on our Platform. You may not be able to store your preferences, and some of our pages might not display properly. We are not responsible and will not be held liable for any loss resulting from your decision or inability to use cookies.



  1. Legal Recourse to Relevant Authorities and Right to Lodge Complaints

    1. You have the right to make a complaint at any time to the Commissioners appointed under the ADGM Data Protection Regulations, 2021. However, we would appreciate the opportunity to address your concerns before you approach any such authority. Please contact us in the first instance via email at terms_policy@nexpace.io so that we may try to resolve your complaint swiftly and satisfactorily.



  1. Security Precautions and Measures for Protection of Your Personal Data

    1. We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure,  we have put in place suitable electronic and managerial procedures to safeguard and secure the information we collect online. We use industry-standard technical mechanisms and ensure that our affiliates or vendor entities use data encryption technology while implementing restrictions related to the storage of and the ability to access your Personal Data.

    2. Our facilities are scanned on a regular basis for security holes and known vulnerabilities, to best ensure its security.

    3. Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

    4. Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely one hundred percent (100%) secure, however, our best endeavors will be made to secure data and the ability to access your Personal Data.

    5. Without prejudice to our efforts to protect your Personal Data, nothing contained in this API Privacy Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk.

    6. Please note that we do not guarantee that your Personal Data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

    7. Please always check that any website on which you are asked for financial or payment information in relation to our services is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Platform.

    8. If you do receive any suspicious communication of any kind or request, do not provide your information and report it to us by contacting our offices immediately at terms_policy@nexpace.io.

    9. Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of Personal Data, please note that you play a vital role in protecting the Personal Data relating to yourself., including the adoption of sufficient safety measures and your efforts to not reveal this password to any third parties.

    10. Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us or sent and received from us by Internet or wireless connection, including email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your Personal Datais no longer secure, please contact us.

    11. Please note that should your Personal Data be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the details of said breach to the ADGM’s Commissioner of Data Protection Controller without undue delay, but in any event within seventy two (72) hours after having become aware of it.

    12. We shall also communicate to you the nature of the breach which has taken place, and the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at terms_policy@nexpace.io for further information and for further advice on how to mitigate the potential adverse effects of such a breach.

    13. We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of Data Subject information.



  1. General

    1. In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally.

    2. We will not distribute Personal Data to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services in accordance with this API Privacy Policy.



  1. Contact Us

The privacy and security of your data is a top priority. If you have any questions or concerns about this Privacy API Privacy Policy or our data practices, please contact us via email at terms_policy@nexpace.io

*     *     *