Hero Forge® Privacy Policy

Effective Date: This Privacy Policy is effective and was last updated as of September 1, 2021.


Sky Castle Studios, LLC and HeroForge.com (“us,” “we,” or “Company”) is committed to respecting the privacy rights of its customers, visitors, and other users of the Company Website (“the Site”). We created this Website Privacy Policy (“Privacy Policy”) to give you confidence as you visit and use the Site, and to demonstrate our commitment to fair information practices and the protection of privacy. This Privacy Policy is only applicable to the Site, and not to any other websites that you may be able to access from the Site, each of which may have data collection, storage, and use practices and policies that differ materially from this Privacy Policy.

This Privacy Policy describes how we collect such information, how we use it and to whom and under what circumstances we may disclose it. Personal Information includes, but is not limited to, your name, postal address, zip or postal code, email address, telephone number, date of birth, payment information, demographic information, details on items purchased, and other information you choose to provide us, and for purposes of the California Consumer Privacy Act (CCPA) any information data that directly or indirectly identifies, describes, relates to, is capable of being associated with, or can reasonably link to a particular consumer or household such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, and for purposes of the EU’s General Data Protection Regulation (“GDPR”), any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Information”). The Personal Information we collect is stored and/or controlled by the Company in Santa Monica and/or the relevant local corporate affiliate(s).

We may share and use your Personal Information with our parent, subsidiary and affiliated entities for use in connection with their websites and their services. We may share your Personal Information with third parties for their direct marketing purposes as further described in our Information Disclosure and Your Choices/Your Privacy Rights sections below.

If the Company becomes involved in a merger, acquisition, asset sale, or similar transaction, such as a sale of a particular product line or division of our business, we may share or transfer your Personal Information in connection with the transaction and your Personal Information may become subject to the privacy policy of another entity.

Note: This Privacy Policy applies solely to information collected at or through the Site. However, we may link to other online destinations, so we advise you carefully review their respective privacy policies. Please be aware that the Company is not responsible for the contents and the privacy practices of such other sites.

California Privacy Rights

Section 1798.83 of the California Civil Code provides that residents of California can obtain certain information about their personal information (as defined under Section 1798.83(e)(6) of the California Civil Code) that companies have shared with third parties for direct marketing purposes during the preceding calendar year, as well as the identity of those third parties. Personal information, as defined under the California Civil Code, includes, but is not limited to, data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller. To request a copy of your personal information maintained by us, please contact us at: [email protected].

Under the CCPA, California residents are entitled to access, delete, and/or opt out of the sale of their Personal Information. More specifically, the CCPA’s right of access includes a right of portability, which allows you to obtain your Personal Information in a readily usable format.

Sharing Personal Information

In the last twelve (12) months we may have collected and/or disclosed, and may in the future collect and/or disclose, the following categories of Personal Information from you:

Identifiers (such as contact information, government IDs, cookies, etc.), Information protected against security breaches (such as your name and financial account, user name and password, Commercial information, Internet/electronic activity, geolocation, audio/video data, professional or employment related information. If you wish to opt-out of the sale of your Personal Information in the future, please submit your request to [email protected].

Information You Provide To Us

In order to provide you with the best experience via our Site, the Company collects Personal Information through the Site at several points. For example, to subscribe to or register through the Site, we require your e-mail address, shipping, and billing information. However, the Company does not collect any Personal Information that you do not expressly provide and will not sell, rent, or share your Personal Information to any third party for marketing purposes without your consent.

We (or our service providers) collect information from you when you: (1) purchase products or services from us on our Site; (2) create an account with us (the “Account”), or otherwise sign up for a service or feature; (3) complete a survey; (4) participate in a sweepstakes, contest or other promotion; (5) communicate with us via third-party social media sites; (6) apply for a job or to be a consultant with us; or (7) contact us, or otherwise communicate with us or provide information to us.

When you visit our Site, we also collect anonymous information such as your IP address or domain name to analyze Site traffic, but this information is not personally identifiable. We will use this information to help diagnose problems with our server, to administer our Site, or to display the content according to your preferences. Traffic and transaction information may also be shared with business partners and advertisers on an aggregate and anonymous basis.

In some cases, you may provide information to us about another person, such as when you share Site content or send a message to a friend through our Site or provide attendee information to us or otherwise. In such cases, you represent that you have the authorization of such person to provide us with such information.

We may combine your (and others’) information that we’ve collected from you (or others) with information we may receive from other sources, such as third-party social media platforms (e.g., when you choose to log in to our Site through a third-party social media platform, subject to your actions and settings thereon), address update services and co-promotion partners. By accessing our Site, you signify your consent to the above collection of your Personal Information.

When you are creating an Account for the first time on our Site with an email address that you have previously provided to us in another circumstance (e.g., when signing up for our emails, by entering one of our sweepstakes or other promotions), we may recognize that email address and, once you have completed the account set-up process, you may be able to see your contact information already included in your new online Account. This is happening because we have recognized your email address and, for your convenience, have added your information to your Account.

If you do not want us to collect your Personal Information, please do not provide it to us. You can update your information or change marketing and subscription settings by accessing your Account via the Site. In addition, you can revoke your consent in accordance with the procedures set forth below.

If you receive an email or other correspondence requesting that you provide any sensitive information (including your Site password or credit card information) via email or to a web site that does not seem to be affiliated with the Site, or that otherwise seems suspicious to you, please do not provide such information, and report such request to us at [email protected].

Site Information & Other Information Collected Automatically

As part of the standard operation of the Site, certain information is collected automatically or passively from or about you in connection with your visit to the Site. Our servers may automatically gather some of the Site Usage Information (as defined below), or we (or our service providers) may use cookies and other tracking technologies to collect and track such information.

Site Usage Information includes, but is not limited to:

  1. your browser type, device type, carrier (if applicable), device address, operating system, operating system address, IP address and the domain name from which you accessed a Site
  2. information about your region, continent, country, city, zip code, time zone, and general location
  3. information about your browsing activities on and through a Site (also known as “Click Stream” data), such as:
    1. the date and time you visit our Site
    2. the areas or pages of a Site that you visit
    3. the amount of time you spend viewing a Site or specific areas of a Site
    4. the number of times you return to a Site or a specific area of a Site
    5. the web sites or pages you visited prior to visiting a Site
    6. the websites or pages you visit after you leave a Site
    7. searches you have performed on a Site and on other websites that led you to our Site
    8. social plug-ins with which you have interacted on our Site
    9. other similar Site usage data (collectively, the “Site Usage Information”).

If you provide or connect your third-party account credentials to an account with our Site, some content and/or information in those accounts may be transmitted into your account with us. For example, when you connect with Facebook, we receive and collect your name, email address and profile photo.

We consider this Site Usage Information, on its own, to be non-personal in nature, unless required otherwise by applicable law. However, we may combine Site Usage Information about you with Personal Information about you, and we would consider the combined information to be “personally identifiable” or Personal Information for the purposes of this Privacy Policy.

Cookies and Other Tracking Technologies

We and our service providers may use cookies, pixel tags, web beacons, Adobe Flash Technology and other similar technologies, which allow us to, among other things, optimize our Site and to understand traffic and usage patterns. Additionally, if the settings on your location-aware devise allow us to receive geo-location data or information, we may collect that information automatically.

A Cookie is a small data file that is sent to your web browser and placed on your computer or device when you access a website. Cookies allow parties (including us, our service providers and other) to: (i) track your activities on the Site, (ii) track clicks, purchases and conversion; (iii) recognize your computer or device so that you are able to save your preference and stay logged in to the Site without having to re-enter your Account credentials; (iv) deliver customized content, messages and advertising to you; (v) preserve the contents of your shopping cart; (vi) and otherwise enhance and personalize your experience on the Site. If you do not want information collected through the use of cookies, many devices allow you to decline the use of cookies. We recommend that you leave cookies turned on because if you elect not to allow them, you may not be able to use or to enjoy all of the services and features of the Site.

We may use Flash cookies and other similar technologies, which allow a website to store certain information locally on an individual’s computer or device and then access and use that information to enhance and facilitate certain Site experiences, processes and functionality. Flash cookies are different from other cookies and may not be removed in the same manner. More information about both kinds of cookies is available at www.allaboutcookies.org.

We also use web beacons (also known as “clear GIFs” or “pixel tags”) for similar purposes as cookies. These beacons are typically one-pixel images that are embedded in the Site or in a communication, such as an email message. These technologies help us to verify when a certain page of a Site is viewed, when a message is opened and when links or other content in a message are clicked or viewed.

We may use third party web analytics services, such as Google Analytics and Adobe services, to help us track and analyze the use of our Site and to measure the effectiveness of our advertising, Site content, and communications. These service providers’ tools, including, for example, cookies, tags and web beacons, help us to gain this understanding.

Do Not Track

We currently do not participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your information. We may engage third parties, such as marketing or analytics partners, who may collect information about your online activities over time and across different websites when you use our website. To learn more about browser tracking signals and “Do Not Track,” please visit http://allaboutdnt.org.

Third Party Advertising

Some of the window dressing appearing on our Site may be delivered to you by our Web advertising partner or partners. Information about your visit to a partner site or sites, such as number of times you have viewed an ad (but not your name, e-mail, or other Personal Information), is used to serve ads to you.

We also work with service providers and partner with advertising companies that use cookies, web beacons and other tools to collect information about your visits to and behavior on the Sites and other websites, and then use that information to deliver targeted advertisements to you across the Internet. The information collected and used in this manner is generally, on its own, anonymous and not personally identifiable.

Information Use

We may use the information we collect from and about you (including both Personal Information and Site Usage Information) for a variety of purposes, including but not limited to the following:

  1. to fulfill your requests for products and services and to keep you informed about your Account
  2. to provide you with targeted offers and advertising on and at the Site
  3. subject to your communications preferences and, where required by applicable law, subject to your consent, to contact you (via postal mail, email and the like) with promotional materials about us, our products, our services and our events, as well as about select partners
  4. to contact you when necessary or appropriate
  5. where appropriate, for market research and to review and improve our merchandise selections, customer service, online and offline operations and overall shopping experience
  6. to protect the security or integrity of the Site and our business
  7. and otherwise, with your permission or as permitted by law

We (and our service providers) also analyze and use Site Usage Information and information collected through cookies, web beacons and other tracking technologies, alone and in combination with Personal Information, to assess the behavior of our users, to measure the interest in and use of the Site and communications, and to customize the Site and our communications with you. We do this both on an individual basis and in the aggregate.

This table shows you a description of all the ways we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity Type of data Lawful basis for processing
Purpose/Activity To register you as a new customer Type of data Identity
Lawful basis for processing Performance of a contract with you
Purpose/Activity To process and deliver your order or subscription including: Manage payments, fees and charges; Collect and recover money owed to us Type of data Identity
Marketing and Communications
Lawful basis for processing Performance of a contract with you
Necessary for our legitimate interests (including to recover debts due to us)
Purpose/Activity To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy; Asking you to leave a review or take a survey Type of data Identity
Marketing and Communications
Lawful basis for processing Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
Purpose/Activity To deliver direct marketing to you Type of data Identity
Marketing and Communications
Lawful basis for processing For most direct marketing communications, we rely on consent based on our privacy policy, however there are situations in which it is in our legitimate interests to use your personal data in this way
Purpose/Activity To enable you to take part in a prize draw, competition or complete a survey Type of data Identity
Marketing and Communications
Lawful basis for processing Performance of a contract with you
Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
Purpose/Activity To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Type of data Identity
Lawful basis for processing Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
Necessary to comply with a legal obligation
Purpose/Activity To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you Type of data Identity
Marketing and Communications
Lawful basis for processing Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
Purpose/Activity To use data analytics to improve our website, products/services, marketing, customer relationships and experiences Type of data Technical
Lawful basis for processing Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Purpose/Activity To make suggestions and recommendations to you about goods or services that may be of interest to you Type of data Identity
Lawful basis for processing Necessary for our legitimate interests (to develop our products/services and grow our business)
Purpose/Activity To prevent and detect unlawful acts Type of data Identity
Lawful basis for processing Necessary for our legitimate interests (to protect our business and our customers by way of undertaking fraud monitoring and suspicious transaction monitoring)
Necessary to comply with a legal or contractual obligation to share personal data for the purposes of law enforcement
Purpose/Activity In order to resolve legal claims or disputes involving you or us Type of data All relevant data categories, depending on the nature of the allegation or claim Lawful basis for processing Necessary to bring or defend a claim
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Payment Card Information

To use certain aspects of our services, such as making a purchase or subscribing we may require credit or debit card account information. By submitting your credit or debit card account information through the Services, you expressly consent to the sharing of your information with third party merchants, subscription and billing processors, and payment processors. These third parties may store your credit or debit card account information so you can use our Services in the future. We do not have your complete credit or debit card account information, store your credit or debit card account information, or have direct control over or responsibility for your credit or debit card account information. While we require that such third party merchants, billing processors, and payment processors use reasonable procedures to help protect your credit or debit card information, we cannot guarantee that transmissions of your credit or debit card account information or Personal Information will always be secure or that unauthorized third parties will never be able to defeat the security measures taken by us or our third-party service providers. We assume no liability or responsibility for disclosure of your information due to errors in transmission, unauthorized third-party access, or other causes beyond our control.

Information Disclosure

We may disclose information we collect (including Site Usage Information and Personal Information) in the following ways to third parties, to the extent permitted by law:

Content and information that you submit on or through Facebook, Twitter, Instagram, Tumblr and other third-party platforms may appear on the Site through feeds from and other interfaces with those platforms. We are not responsible for the information, content and/or privacy practices of any such third-party platforms.

Your Choices/Your Privacy Rights/How to Unsubscribe

If you would like to opt out of receiving direct mail from us, please contact us at [email protected]. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your Account, relationship, activities, transactions and communications with us.

If you would like to opt out of receiving promotional emails from us, please follow the unsubscribe instructions located in each such email or contact us at [email protected]. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your Account, relationship, activities, transactions and communications with us.

If you would prefer that we not share your Personal Information with third-party marketers, please contact us at [email protected]. Please understand that if you do request that we stop sharing your Personal Information with third parties for their direct marketing purposes, such request will only apply as of the date of your request, and we will not be responsible for any communications that you may receive from third parties that received your Personal Information prior to that request. In these cases, please opt out from or contact the third party directly.


By consenting to this privacy notice you are giving us permission to process your Personal Information specifically for the purposes identified.

Where we are asking you for sensitive Personal Information we will always tell you why and how the information will be used.

You may withdraw consent at any time by contact us at [email protected]. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Maintenance and Processing of Information in the U.S. and Other Countries

Your personal and other information may be stored, transferred and processed in and to the United States. By providing Personal Information to us, you consent to the collection, maintenance, processing and transfer of such information in and to the United States and other countries and territories, pursuant to the laws of the United States or such other jurisdictions, which may provide lesser privacy protection than the laws of other countries, and you acknowledge that your information may thus be subject to U.S. laws and accessible to the U.S. government, courts, law enforcement and regulatory agencies.

Access to your Personal Information

At any point while we are in possession of or processing your Personal Information, you, the data subject, have the following rights:

All of the above requests will be forwarded on should there be a third party involved in the processing of your Personal Information.

Exercising Access and Deletion Rights

To exercise the access and deletion rights described above, you may submit a verifiable consumer request to us by:

  • Emailing us at [email protected].
  • Requests to access Personal Information can only be made twice within a twelve (12) month period. We will respond within forty five (45) days of receiving a Personal Information request.


    We have implemented measures in an effort to safeguard the Personal Information in our custody and control. Such measures include, for example, limiting access to Personal Information only to employees and authorized service providers who need to know such information for the purposes described in this Privacy Policy, as well as other administrative, technical and physical safeguards. Additionally, our service providers are not authorized to use or disclose your Personal Information for any purpose other than providing the services to us or on our behalf, or as otherwise may be required by applicable law. While we endeavor to always protect our systems, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

    To provide you with increased security, access to certain Personal Information stored in your Account is protected with your username and password. You are responsible for maintaining the confidentiality of your Account credentials, and we strongly recommend that you do not disclose your account username or password to anyone. We will never ask you for your password in any unsolicited communication. Please notify us immediately of any unauthorized use of your Account credentials or any other suspected breach of security.

    Children's Privacy

    The Sites are not directed to children under the age of sixteen (16). If you are under sixteen (16), do not provide your Personal Information on or to the Site. We do not knowingly collect on the Site any Personal Information from children under sixteen (16). Users outside of the United States who are below the age of eighteen (18) (or the age of the majority in the applicable jurisdiction) should not use the Site without authorization from a parent or legal guardian. If a parent or guardian becomes aware of his or her child has provided us with Personal Information without their consent, please contact us at: [email protected].

    Third-Party Websites

    The Site may contain links (which may take the form of hyperlinks, widgets, clickable logos, plug-ins, images or banners) to websites and services operated by entities other than us. This Privacy Policy does not apply to such websites or services, so we recommend that you review their posted privacy policies so that you understand the relevant information collection, use and disclosure practices

    Changes to This Privacy Policy

    We may change this Privacy Policy from time to time and the amended policy will be posted to the Site. We reserve the right to update, change, amend or modify this Policy at any time and from time to time without prior notice. When we post changes to this Privacy Policy, we will revise the “Last Updated” date at the top of the Privacy Policy. Your continued use of the Sites after any changes or revisions to this Privacy Policy become effective shall indicate your agreement with the terms of such revised and then-current Privacy Policy.

    How We Use the Personal Information Collected About You

    We will process (collect, store and use) the information you provide in a manner compatible with the GDPR. We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. The Company is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of Personal Information should be kept may also be governed by specific business-sector requirements and agreed practices.

    How to Find Out Personal Information Held by the Company

    The Company at your request, can confirm what information we hold about you and how it is processed. If the Company does hold Personal Information about you, you can request the following information:

    The Company accepts the following forms of ID when information on your personal data is requested: Passport, Driver’s License, or other valid photo ID.


    In the event that you wish to make a complaint about how your Personal Information is being processed by the Company or third parties, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and the Company’s data protection representatives.

    To contact our data protection representative:

    VeraSafe United Kingdom Ltd.
    37 Albert Embankment
    London SE1 7TL
    United Kingdom
    +44 (20) 4532 2003

    Governing Law and Disputes

    With respect to any dispute regarding the Site or this Privacy Policy, all rights and obligations and all actions concerning this Privacy Policy, shall be governed by the laws of California, as if this Privacy Policy was a contract wholly entered into and wholly performed within California. By using the website, you agree that any dispute in any manner arising out of or relating in any way to the Privacy Policy shall be submitted to binding arbitration with Judicial Arbitration and Mediation Services, Inc. (“JAMS”) pursuant to JAMS’ arbitration rules, held before a single neutral arbitrator in the Los Angeles, California area. The parties to arbitration may use legal counsel at their own expense, and the prevailing party shall be entitled to its reasonable attorney’s fees. All costs of arbitration (including arbitrator fees) shall be paid by Sky Castle Studios, except only if the arbitrator determines the claims are frivolous, or that if you bring the arbitration, you may be charged an initial filing fee that shall not exceed the filing fees that you would incur for bringing an action in court. This provision will not affect any claimant’s rights to seek relief from small claims court. Claims brought on behalf of or allegedly representing or including other persons or entities, including but not limited to any class, consolidated, representative, collective or private attorney general action, shall be a “Class Action.” Notwithstanding anything else in the Privacy Policy or the JAMS rules but subject to the exception for injunctive or equitable relief and public injunctive relief below, any parties subject to this arbitration provision shall be barred from bringing or participating in any Class Action related to a dispute covered by this arbitration provision. You also acknowledge and understand that, with respect to any dispute with us, our officers, directors, managers, employees, attorneys, agents or affiliates, arising out of or relating to your use of the website or this Privacy Policy: YOU ARE GIVING UP YOUR RIGHT TO SERVE AS A REPRESENTATIVE, AS A PRIVATE ATTORNEY GENERAL, OR IN ANY OTHER REPRESENTATIVE CAPACITY, OR TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS, IN ANY LAWSUIT INVOLVING ANY SUCH DISPUTE. However, if these Class Action restrictions are ever deemed illegal or unenforceable, they shall be severed from this arbitration provision. In that event, any Class Action shall by exempt from this arbitration provision and brought in court. This arbitration provision is subject to the Federal Arbitration Act, and may be enforced in any court of competent jurisdiction. Judgment on any arbitration award may be entered in any court having valid jurisdiction thereof. This clause shall not preclude the parties from seeking provisional remedies in aid of arbitration from a court of with appropriate jurisdiction, including equitable relief or other provisional relief as appropriate and as allowed under this Privacy Policy or as permitted by law, in which case the parties submit to the sole and exclusive jurisdiction and venue of the state and federal courts of Los Angeles, California, Central District.

    Contact Us

    If you have any questions about this Privacy Policy, please contact us via email at [email protected].