Who We Are

This website, ztools.co.uk, is a community fan project for the mobile game Last Z: Survival Shooter. It is operated by BD Digital Creations.

This site is an independent community fan project and is not affiliated with, endorsed by, sponsored by, or otherwise connected to Omnilojo Pte. Ltd., Florere Game, or Rivergame.

Data Controller

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:

BD Digital Creations
Email: hello@bddc.co.uk

What Data We Collect

Stored on your device (localStorage)

We save a handful of preferences to your browser's localStorage so the site works the way you set it. None of these leave your device.

  • Language preference — for the 19-language translation engine.
  • Timezone preference — so event times display in your timezone.
  • Cookie consent choice — whether you accepted or declined analytics cookies, saved in your browser's localStorage (not on our servers).
  • Sidebar / accessibility / PWA-prompt states — layout and dismissal flags.
  • Tool progress — the per-tool data you enter into trackers (Tank Modifications, Research Trees, S3 Tile Upgrades, Lucky Discounter pity counter, etc.).

Sent to third parties as you browse

The third-party scripts loaded on each page (see Third-party services we use below) receive standard browser information automatically — IP address, user-agent, the URL of the page you're on, and basic interaction events. We never see your IP directly; we see only the aggregated dashboards each service shows us.

Sent to us only if you actively submit it

  • Contact form responses — the form on the Contact page is an embedded Google Form. Whatever you write there (your message, and any name or email you choose to include) is delivered to Google's servers and then to us. See the Google Forms entry under Third-party services.
  • Donations — Ko-fi and PayPal handle the payment; we see only what they show us in the merchant dashboard (typically your display name and amount, never your card details). See the entries below.

Web server logs

Our hosting provider (Hostinger) keeps the standard short-term web-server access log — IP address, timestamp, URL requested, user-agent and HTTP response code. This is required for security and abuse prevention and is automatically rotated/discarded under Hostinger's retention rules.

We do not run accounts, sign-ups, profiles, or any kind of user database. There is no central record of you on our side beyond the items above.

Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing any personal data. As we only store preference data locally on your device via localStorage, this falls under:

  • Legitimate Interests (Article 6(1)(f)) — storing your preferences locally is necessary to provide you with a functional and personalised experience. This data never leaves your device and poses no risk to your rights and freedoms.

We do not process personal data on our servers. No accounts, registrations, or personal identifiers are collected.

Cookies & Similar Technologies

This site uses localStorage to save your preferences (timezone, language, accessibility, tool progress) and does not set any tracking cookies of its own. With your consent, third-party analytics services embedded on the site may set their own cookies:

  • Google Analytics 4 — aggregated site usage statistics. Sets the standard _ga family of cookies.
  • Microsoft Clarity — anonymised session replays and heatmaps to help us diagnose UX issues. Sets _clck, _clsk and Microsoft domain cookies (MUID, SM). Clarity masks form inputs by default and respects the browser's Do Not Track signal.
  • Google Fonts — does not set cookies but causes your IP to be briefly logged when font files load.

A full list of cookies (names, purposes, retention periods) and the opt-out links for each service is available on our Cookie Policy.

Advertising

This site does not currently serve third-party advertising and sets no advertising cookies. If that changes in the future, this policy will be updated and any non-essential advertising cookies will be subject to your consent via the cookie notice.

Alliance editors (accounts & content)

Most visitors never sign in and nothing changes for them. Alliance editors who manage an alliance "space" (under /spaces) do sign in, and for them we use Supabase (hosted in the EU) as our database and authentication provider:

  • Account — signing in uses a one-time email "magic link". Supabase stores your email address and authentication session. We do not store passwords.
  • Content you create — the guides, text and images you publish to your alliance space are stored in Supabase and shown publicly on that space's pages.
  • Access is scoped — database row-level security ensures an editor can only read and change their own alliance's content, never another alliance's.

This only applies if you are an invited alliance editor. Supabase policy: supabase.com/privacy.

Third-party services we use

The full list of third parties whose code, content, or destinations are involved when you use this site. Each entry tells you what the service does, what data leaves your browser to reach it, and where to read their own policy.

Site infrastructure

  • Hostinger (web hosting) — serves the static HTML/CSS/JS. Logs requests including IP address, user-agent and timestamp for security and abuse prevention. Policy: hostinger.com/privacy-policy.
  • Supabase (database & auth for alliance editors, EU-hosted) — stores alliance-editor accounts (email) and the content they publish to alliance spaces. Only used if you sign in as an editor. Policy: supabase.com/privacy.

Loaded on every page

  • Google Analytics 4 (usage analytics) — googletagmanager.com. Receives anonymised page-view and event data. Property G-VJL4VPZRFJ. Policy: policies.google.com/privacy.
  • Microsoft Clarity (UX heatmaps and session replay) — clarity.ms. Receives anonymised interaction data; form inputs are masked, Do-Not-Track is respected. Policy: privacy.microsoft.com.
  • Google Fonts (typography) — fonts.googleapis.com + fonts.gstatic.com. No cookies; your IP is briefly logged when font files load. Policy: Google Fonts Privacy FAQ.

Loaded only when you interact

  • Google Forms — the embedded form on the Contact page is hosted by Google. Anything you submit goes directly to Google; Google may process it under their privacy policy. We receive only the form responses.
  • Social share buttons (X / Facebook / Reddit / WhatsApp / Telegram / email) — these are plain link-out buttons. Nothing is sent to those services until you click. Once you do, their own privacy policy applies to that visit.

External destinations (no automatic data transfer)

We are not responsible for the privacy practices of any external site reached from these links. Always read the destination's own policy before sharing personal information there.

Affiliate links & sponsors

Disclosure: some outbound links on this site are affiliate links. If you make a qualifying purchase through them, we may earn a small commission at no extra cost to you. This helps offset the cost of running the site. Affiliate links are tagged with rel="sponsored" in line with Google's webmaster guidelines, and the sponsor section on the Donate page is clearly labelled as such.

Current affiliates / sponsors we may link to:

Clicking an affiliate link sends standard HTTP request information (your IP, referrer, user-agent) to the destination, which is then handled under their own privacy policy. We receive only aggregated commission reports, never your personal data.

Analytics

We use Google Analytics 4 and Microsoft Clarity to understand how the site is used so we can improve it. Both are configured in their least-intrusive modes:

  • Google Analytics 4 anonymises IP addresses before storage and does not share data for advertising by default.
  • Microsoft Clarity masks form inputs, respects the browser Do Not Track signal, and does not combine data with any personally identifiable information.

Neither service is used for marketing profiles or cross-site tracking by us. You can opt out of both individually — see the Cookie Policy for links.

Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights in relation to your personal data:

  • Right of Access — you have the right to request a copy of any personal data we hold about you. As we do not collect or store personal data on our servers, there is no data to provide.
  • Right to Rectification — you have the right to request correction of inaccurate personal data.
  • Right to Erasure — you have the right to request deletion of your personal data. You can clear all locally stored preferences at any time by clearing your browser's site data.
  • Right to Restrict Processing — you have the right to request that we limit how we use your data.
  • Right to Data Portability — you have the right to receive your data in a portable format.
  • Right to Object — you have the right to object to the processing of your personal data.

Since we do not collect personal data on our servers, most of these rights are satisfied by default. To exercise any of these rights, please contact us at hello@bddc.co.uk.

Data Retention

We do not retain any data on our servers. Data we save to your browser's localStorage (preferences, tool progress, consent choice) remains until you clear your site data. Data collected by third-party services has its own retention periods — see the Cookie Policy for each service.

International Data Transfers

The third-party services we embed or link to (Google Analytics, Google Fonts, Google Forms, Microsoft Clarity, Supabase, Ko-fi, PayPal, Discord, GitHub, Hostinger, Proton VPN) may transfer limited technical data — typically your IP address and browser user-agent — to servers outside the United Kingdom, most commonly to the United States or the European Union.

Google LLC, Microsoft Corporation, Meta Platforms, Discord Inc., GitHub Inc., PayPal Holdings and other US-headquartered processors participate in the UK Extension to the EU–US Data Privacy Framework (and its EU and Swiss equivalents), which the UK government recognises as providing an adequate level of data protection. EU-based processors (Hostinger, Proton VPN) are covered by the GDPR directly.

For each service's specific transfer mechanism, see their privacy policy linked under Third-party services we use above.

California, US-State and EEA Residents

If you live in California, the United States, the European Economic Area or another jurisdiction with specific privacy rights, you have substantially the same protections as the UK-GDPR rights above:

  • California Consumer Privacy Act (CCPA / CPRA) — you may request to know, delete or opt out of the "sale" or "sharing" of any personal information. We do not sell or share personal information, and we serve no third-party advertising. You can decline non-essential analytics at any time via the Cookie Settings link in the footer.
  • Other US states (Virginia, Colorado, Connecticut, Utah, Texas, Oregon and others with comprehensive privacy laws) — the same opt-out and access rights apply. Contact us at hello@bddc.co.uk to make a verified request.
  • EEA / Switzerland — the GDPR equivalents to the UK-GDPR rights above are honoured identically.

To submit a privacy request from any jurisdiction, email hello@bddc.co.uk with the subject "Privacy request" and tell us which right you wish to exercise. We respond within 30 days.

Children's Privacy

This site does not knowingly collect any personal information from children under 13. As we do not collect personal data from any users, this applies to all visitors regardless of age. If you believe a child has provided us with personal data, please contact us and we will take steps to remove it.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this page periodically.

Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

Contact

If you have any questions about this privacy policy or wish to exercise any of your rights under UK GDPR, you can contact us at:

BD Digital Creations
Email: hello@bddc.co.uk