Legal

Privacy Policy

Last updated: 10 April 2026  ·  Effective date: 10 April 2026

1. Who We Are

Iron Drift is a Roblox game experience. For the purposes of POPIA, Iron Drift acts as the Responsible Party — the entity that determines the purpose of and means for processing your personal information.

This website is operated in connection with the Iron Drift Roblox game. It is informational only: we do not operate a competition or registration form on this site. Playing on Roblox is subject to Roblox's Privacy and Cookie Policy and related notices.

2. Information Officer

We have designated an Information Officer as required by POPIA. All data-related queries, requests, and complaints should be directed to:

3. What Personal Information We Collect

This website does not use account registration, competition forms, or marketing sign-up forms. We may process personal information only in the following situations:

Information	When / How	Purpose
Email address, name (if you provide it), and message content	You email us (e.g. privacy@irondrift.net or info@irondrift.net)	To respond to your enquiry and keep a record of the conversation
Technical data (e.g. IP address, browser type, date/time of request)	Automatically in standard web server or hosting logs, if enabled by our hosting provider	Security, troubleshooting, and basic operational statistics

We do not intentionally collect South African ID numbers, payment card details, biometric data, health information, or other special personal information as defined in POPIA Section 26 through this website.

Roblox: When you play Iron Drift on Roblox, Roblox and (where applicable) experience creators may process data under Roblox's policies. That processing is separate from this website.

4. Why We Collect It (Lawful Basis)

Under POPIA, we may only process personal information if at least one lawful ground applies. Depending on the situation, we rely on:

• Consent (s11(1)(a)) — Where you voluntarily email us or otherwise clearly consent to a specific use.
• Legitimate interest (s11(1)(f)) — Operating and securing the website, responding to enquiries, and defending legal claims where appropriate.
• Compliance with a legal obligation (s11(1)(c)) — Where the law requires us to retain or disclose information.

5. Children's Personal Information

We define a "child" as any person under the age of 18, consistent with POPIA.

Website and email

• This site does not knowingly solicit personal information from children through forms. If a child emails us, we may need a parent or guardian to be involved before we continue the conversation, in line with POPIA Section 34.
• Parents or guardians may contact privacy@irondrift.net to ask questions or request deletion of information we hold from a minor's email.

If we discover unauthorised data

If we become aware that we have received personal information from a child in a way that does not comply with POPIA, we will take reasonable steps to delete or restrict that information.

6. How We Use Your Information

We use personal information only for purposes that match why it was collected, including:

• Reading and responding to emails you send us
• Keeping internal records of correspondence where needed for follow-up or legal compliance
• Protecting the security and integrity of our website and systems (including reviewing logs where applicable)
• Complying with applicable law or regulatory requests

We do not use this website to run direct marketing lists or to sell personal information. We will not use your information for profiling or automated decision-making in relation to this site.

7. Sharing of Personal Information

We do not sell, rent, or trade your personal information. We may share it only in the following limited circumstances:

• Service providers (Operators) — Hosting, email, or IT providers that process data on our behalf under instructions and appropriate safeguards (including POPIA-compliant arrangements where required).
• Legal obligation — If required by law, a court order, or a regulator.
• Protection of rights — Where reasonably necessary to protect the safety, rights, or property of Iron Drift, our users, or the public.

Any third-party operator we engage is expected to process your information only as needed for the service provided and to implement appropriate security safeguards.

8. Storage and Security

Your personal information is stored on secure servers. We implement reasonable technical and organisational measures to protect it against loss, unauthorised access, disclosure, or destruction, including:

• Encrypted data transmission (HTTPS) for this website where configured
• Access controls limiting who can access business email and systems
• Regular review of our data handling practices

No system is completely secure. In the event of a data breach that may adversely affect you, we will notify you and the Information Regulator as required by POPIA Section 22.

9. Retention Periods

Data Category	Retention Period	Reason
Emails and related correspondence	Typically up to 24 months after the last message, unless a longer period is needed for legal or operational reasons	Resolving enquiries and maintaining records
Server / access logs (if collected by hosting)	As determined by our hosting provider's configuration (often a rolling period such as 30–90 days unless extended for security incidents)	Security and diagnostics

After the applicable retention period, data is securely deleted or anonymised.

10. Your Rights Under POPIA

POPIA grants you the following rights. To exercise any of them, contact our Information Officer at privacy@irondrift.net:

• Right of access (s23) — Request a description of the personal information we hold about you.
• Right to correction or deletion (s24) — Request that we correct or delete inaccurate, irrelevant, or unlawfully obtained information.
• Right to object (s11(3)) — Object to the processing of your personal information on reasonable grounds.
• Right to withdraw consent — Where processing is based on consent, you may withdraw it by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right not to be subject to automated decisions — We do not make solely automated decisions about you.

We will respond to all verified requests within 30 days.

11. Complaints

If you believe we have processed your personal information unlawfully, please contact our Information Officer first so we can attempt to resolve the matter.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Regulator (South Africa):

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes may be highlighted by a notice on this website.

Continued use of this website after the effective date of any changes constitutes notice of the updated policy; where we rely on consent, we will obtain consent again if required by law.

13. Contact Us

For any privacy-related queries, requests, or concerns: