Store Page
Mandragora: Whispers of the Witch Tree
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Mandragora: Whispers of the Witch Tree

Store Page
View Stats:
Global Achievements
This topic has been locked
kp_johan  [developer] Apr 18 @ 7:21am
19
2
2
Concerns Regarding EULA & Privacy Policy
Hi Inquisitors,

We’ve heard your feedback about the EULA and privacy policy loud and clear, and we understand your concerns. Thank you to everyone who took the time to raise the issue.

What’s changed:

After a thorough review, we found that some legal documents shown at launch weren’t actually related to Mandragora: Whispers of the Witch Tree. These have now been removed to better reflect the game’s actual scope and functionality. You can view the updated EULA here:
https://store.steampowered.com/eula/1721060_eula_0?eulaLang=english

Everything now listed is directly related to Mandragora.

About the EULA

The EULA itself hasn’t changed. It’s a standard agreement, similar to what you’ll find for most games on Steam and other platforms.

About the Privacy Policy

The privacy policy is in place to allow the collection of limited technical and gameplay data, things like crash reports, system specifications, performance stats, etc. This data helps the team quickly identify bugs and issues, so we can deliver fixes faster and improve overall stability.

That said, submitting this data is entirely optional. You can decline the Privacy Policy at first launch and still enjoy the full single-player experience without restrictions.

If you’ve already accepted the policy but wish to opt out, simply delete your existing save files and re-launch the game, you’ll be prompted again to accept or deny it.

We’ve also removed any unrelated documentation that might have been confusing or unnecessary for a single-player title like Mandragora.

If you have more questions or run into issues, we’re always here to help, on the Steam forums, Discord, or via our support page.

Thanks again for your vigilance, patience, and support.

Knights Peak Interactive - Publisher of Mandragora: Whispers of the Witch Tree
Last edited by kp_johan; Apr 18 @ 7:21am
A developer of this app has marked a post as the answer to the topic above.
Click here to jump to that post.
Originally posted by kp_johan:
First we must emphasize that we highly respect your privacy and comply with applicable laws, including, without limitation, the European Union General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), the UK GDPR, the Lei Geral de Proteção de Dados (“LGPD”), consumer privacy laws of Virginia, California, Colorado, Connecticut, Utah and other states and jurisdictions.

To avoid confusion, the concerns raised by community members in regards to potential information collecting from players are a part of our Privacy Policy and not the EULA, which is a separate agreement.

The Privacy Policy can be declined and if you do, no personal identifiable data will be collected at all.

To do this, once you start the game for the first time you will be presented in-game with the Privacy Policy and you will have a choice whether to Accept or Decline, if you Decline the Privacy Policy - the game will load and you can continue to play as normal.

If you have existing save games, you are currently unable to opt-out as may have already accepted the Privacy Policy. However, we are working to add an option to opt out in-game and will include this in an upcoming update.

In the short term if you would like to have your data removed, please contact us via https://support.my.games and quote the Mandragora Privacy Policy in your subject line so we can deal with your inquiry efficiently.

We also want to remind you that you have the right to request access to your data and the right to ask us to erase your data. For a full list of your rights, please refer to Section 8. in the Privacy Policy at the link below.

https://documentation.my.games/terms/mygames_privacy

If you have any questions about your personal identifiable data processing, the enforceability of this privacy policy, or any other privacy concern, contact our DPO at dpo@my.games.

If you at all have any doubts about agreeing to the current Privacy Policy, we encourage you to Decline it on your end and continue enjoying the game.
< >
Showing 31-45 of 63 comments
Kafka Apr 19 @ 3:33pm 
Originally posted by Snakehips:
Originally posted by Kafka:
I think the publisher made a bad job and keeps on making it worse, about last poster: your 1) clearly states it's for the website my.games, if you create an account which is probably not mandatory (?) i don't have the game.

And i assume 2) for bug reports or crashes (are they automatically sent?).

This is too much confusion and it should be explained better to the end user.
This document is too broad and scary and i'm sure it's less bad than it is in reality.

From the EULA:
"By downloading, installing, or otherwise using any Game, the User (A) acknowledges that he/she has read, understood, and unconditionally accepted the terms and conditions of this EULA,..."

Yes i agree that's wrong to force people to accept a document that is so scary and not very precise about when things are needed/recorded/sent etc.

I think they mixed up what is mandatory and what is not, and what is needed for the website my.games etc etc

In the end it's just scary.
Last edited by Kafka; Apr 19 @ 3:34pm
#31
khaltazar Apr 19 @ 3:54pm 
I was actually very excited for this game, it looks very interesting, but you need to remove this whole privacy policy thing entirely. You shouldn't be collecting user data for any reason unless someone opts in, you definitely should not be selling it. I'm not reading a legal document to play a game. Remove it ENTIRELY if you want my and other people's money who cares about this.
#32
Bobubanks Apr 19 @ 4:57pm 
Originally posted by Arkamedeez:
Originally posted by The Chosen One:

And after every patch/update it magicly resets itself probably?

Currently every day it is resetting. Every day after noon or so I can't play because Windows Defender detects a trojan in the game files. A few hours later Microsoft updates Defender and the game works. Then the next day the same thing happens.

the whole thing is so sus. I won't touch this game until everyone's antivirus software stops detecting this. The dev can claim "false positive" all day long, I'll believe it when it stops happening.
#33
TexDoozy Apr 19 @ 5:34pm 
This is absolutely trash behavior by the developers. Anyone buying a single player game should not have to scrutinize the EULA to make sure some unscrupulous PoS isn't selling their data to a laundry list of companies on top. This is indicative of the morality of the devs and earns them an instant blacklist from me.
#34
⛧Aƈԋҽɾσɳƚια⛧ Apr 19 @ 9:03pm 
What a shame. I loved the demo and was looking forward to playing the full game.
#35
Prolonged Cutscene Apr 19 @ 9:03pm 
Originally posted by Tiplomacy:
Relax digital privacy is an illusion in this day and age. No sense in getting worked up and anxious over how your readily accessible public information is used. Unless perhaps you have something to hide......

Got it! You should prove just how much of a non-issue this is by posting all of your readily accessible public information in a reply to this response. Show us exactly what they'd be selling that we shouldn't worry about. I mean, unless you have something to hide...
#36
The Chosen One Apr 20 @ 12:21am 
Cause 1 thing is bad... they can just all be bad.... Ehm... how about the other option... they ARE all bad and should ALL not be allowed.

Also this is game in which you pay a decent price for getting it. It's not even a free to play game. In which they still shouldn't do such a thing but it would make slightly more sense.
#37
Snakehips Apr 20 @ 1:53am 
I went over the privacy policy/EULA with a bit of help from deepseek (chatgpt couldn't handle them).

Here's what it found:

Originally posted by Deepseek:

It appears that even if you opt out of data collection and selling under their Privacy Policy, the EULA imposes additional terms that may still allow them to collect, process, and share your data under certain conditions. Here’s why:

Key Points from the EULA That Override Opt-Out Requests

1. Mandatory Acceptance for Service Use
The EULA states that by using MY.GAMES services, you unconditionally accept its terms, including data processing clauses. If you don’t agree, you’re prohibited from using their games/services.

2. Data Collection for Anti-Cheat & Fraud Prevention
Section 5.2 (Anti-Cheat Technologies) allows MY.GAMES to:

-Scan your device RAM while the game is running.

-Collect screenshots of your screen.

-Monitor processes, network activity, and hardware info (e.g., GPU, CPU, drivers).

This is framed as necessary for fraud prevention, meaning they can bypass opt-out requests under "legitimate interest."

3. Third-Party SDKs & Advertising
Section 6.3 (Business & Advertising Partners) explicitly states they share data with:

-Analytics providers (for measuring game performance).

-Ad networks (for targeted ads).

Even if you opt out of personalized ads, non-personalized ads may still track engagement metrics.

4. Data Retention & Legal Compliance
Section 13 (Data Security) allows them to retain anonymized data indefinitely. They can override deletion requests if data is needed for:

-Legal disputes (e.g., fraud investigations).

-Security/anti-cheat enforcement.

5. International Data Transfers
Section 7 (International Transfers) lets them move data outside the EU (e.g., Russia/CIS), where privacy laws are weaker. They claim to use "Standard Contractual Clauses," but enforcement is questionable.

Does This Mean They Can Ignore Your Opt-Out?

Yes, in practice. While the Privacy Policy gives you rights (e.g., opt-out of data sales), the EULA binds you to broader data collection for:

-Game functionality (e.g., anti-cheat).

-Security/fraud prevention (legitimate interest).

-Legal compliance (e.g., authorities' requests).

If you don’t agree, your only option is to stop using their games.

Bottom Line
MY.GAMES’ EULA overrides individual opt-out requests in many cases by framing data collection as essential for service operation, security, or legal compliance. If you’re uncomfortable with this, the only surefire way to stop data collection is to stop using their games entirely.

So even if you opt out, there's still questionable data collection/sharing/selling happening to over 50 companies listed in the EULA.

I hate the fact I need LLMs to make sense of legal documents FOR A GAME that I'm trying to play.

I know Steam doesn't take a stance either way as they're more of a hands-off company (except when it comes to ads in games where they don't make a profit on).

But even Apple had to start including an "App Privacy Details" tab on the app store, showing you what data the company collects and how it uses it (and you can blanket opt out of them all as well), because very few of us have an expert team of lawyers at the ready before we hit play for a game.

I really believe Steam needs something similar to Apple so that people can spot this from a mile away and don't have to dig through EULAs and privacy policy's with LLMs.
Last edited by Snakehips; Apr 20 @ 2:00am
#38
'Araturo Apr 20 @ 2:06am 
zero comments under something so important and controversial? Are they deleting all comments or something?
#39
Snakehips Apr 20 @ 2:22am 
Originally posted by 'Araturo:
zero comments under something so important and controversial? Are they deleting all comments or something?

My guess is drumming up some damage control that won't actually address the issue.

At least we tried.
#40
The Chosen One Apr 20 @ 2:26am 
Originally posted by Snakehips:
I went over the privacy policy/EULA with a bit of help from deepseek (chatgpt couldn't handle them).

Here's what it found:

Originally posted by Deepseek:

It appears that even if you opt out of data collection and selling under their Privacy Policy, the EULA imposes additional terms that may still allow them to collect, process, and share your data under certain conditions. Here’s why:

Key Points from the EULA That Override Opt-Out Requests

1. Mandatory Acceptance for Service Use
The EULA states that by using MY.GAMES services, you unconditionally accept its terms, including data processing clauses. If you don’t agree, you’re prohibited from using their games/services.

2. Data Collection for Anti-Cheat & Fraud Prevention
Section 5.2 (Anti-Cheat Technologies) allows MY.GAMES to:

-Scan your device RAM while the game is running.

-Collect screenshots of your screen.

-Monitor processes, network activity, and hardware info (e.g., GPU, CPU, drivers).

This is framed as necessary for fraud prevention, meaning they can bypass opt-out requests under "legitimate interest."

3. Third-Party SDKs & Advertising
Section 6.3 (Business & Advertising Partners) explicitly states they share data with:

-Analytics providers (for measuring game performance).

-Ad networks (for targeted ads).

Even if you opt out of personalized ads, non-personalized ads may still track engagement metrics.

4. Data Retention & Legal Compliance
Section 13 (Data Security) allows them to retain anonymized data indefinitely. They can override deletion requests if data is needed for:

-Legal disputes (e.g., fraud investigations).

-Security/anti-cheat enforcement.

5. International Data Transfers
Section 7 (International Transfers) lets them move data outside the EU (e.g., Russia/CIS), where privacy laws are weaker. They claim to use "Standard Contractual Clauses," but enforcement is questionable.

Does This Mean They Can Ignore Your Opt-Out?

Yes, in practice. While the Privacy Policy gives you rights (e.g., opt-out of data sales), the EULA binds you to broader data collection for:

-Game functionality (e.g., anti-cheat).

-Security/fraud prevention (legitimate interest).

-Legal compliance (e.g., authorities' requests).

If you don’t agree, your only option is to stop using their games.

Bottom Line
MY.GAMES’ EULA overrides individual opt-out requests in many cases by framing data collection as essential for service operation, security, or legal compliance. If you’re uncomfortable with this, the only surefire way to stop data collection is to stop using their games entirely.

So even if you opt out, there's still questionable data collection/sharing/selling happening to over 50 companies listed in the EULA.

I hate the fact I need LLMs to make sense of legal documents FOR A GAME that I'm trying to play.

I know Steam doesn't take a stance either way as they're more of a hands-off company (except when it comes to ads in games where they don't make a profit on).

But even Apple had to start including an "App Privacy Details" tab on the app store, showing you what data the company collects and how it uses it (and you can blanket opt out of them all as well), because very few of us have an expert team of lawyers at the ready before we hit play for a game.

I really believe Steam needs something similar to Apple so that people can spot this from a mile away and don't have to dig through EULAs and privacy policy's with LLMs.


I used the report function on the store page to 1. say what they are doing is... fishy but perhaps not illegal but also 2. made a clear point of suggestion that Steam should be more on top of this and warn users like Apple like you suggested here.
It'll prob result in nothing but gotta start somewhere.
Last edited by The Chosen One; Apr 20 @ 2:26am
#41
Oilslick77 Apr 20 @ 2:46am 
Originally posted by Abu Hajaar:
Originally posted by Drsmiley72:
people complaining about the privacy policy etc "their data" when i bet 99% of them have facebook, messenger, tiktok, instagram, youtube, or a google or microsoft account. and THOSE have just as much if not more data than what you think your giving these guys to sell. if your gonna cry about this, and yhou have any of hose, you better go delete ALL of those as well as they all take your data and sell it - and most of them wont tell you about it even if you opt out. they dont care.

its a game. enjoy it, have fun. who cares at this point. the worlds screwed and we got worse things going on than worrying about stupid stuff like this.

i legit cannot fathom why people are this assblasted over some ''privacy'' thing, when they have already sold all their data by owning a google/facebook/instragram account lmao... crazy

Maybe there are also people who don't have accounts for all those platforms you mentioned. And maybe with those platforms, it's actually justified since you don't have to pay to use hotmail. gmail, etc. And even then, limiting further exploitation is still a valid argument.

Your arguments, however, aren't. Like saying it's ok for someone to steal from you since you accidentally left your wallet at the restaurant. Nice 'Tu quoque' fallacy guys. Try better next time.
#42
Stormquake Apr 20 @ 3:59am 
I am still enjoying the game despite this whole controversy.

My main confusion is... what is even this MY.GAMES thing? Neither the devs or the publisher are called that.
#43
Blowfeld Apr 20 @ 4:01am 
Originally posted by Stormquake:
I am still enjoying the game despite this whole controversy.

My main confusion is... what is even this MY.GAMES thing? Neither the devs or the publisher are called that.

The publisher is basically a sub- division / contractor of mygames. Just google them. Not a great company ...
#44
DestroyeR616 Apr 20 @ 5:56am 
Originally posted by Tiplomacy:
Relax digital privacy is an illusion in this day and age. No sense in getting worked up and anxious over how your readily accessible public information is used. Unless perhaps you have something to hide......
when you get a virus or trojan on your computer and Steam tells you “damn it, turn it off” - let us know so we know you're wrong
#45
< >
Showing 31-45 of 63 comments
Per page: 1530 50

Mandragora: Whispers of the Witch Tree > General Discussions > Topic Details
Date Posted: Apr 18 @ 7:21am
Posts: 63

Discussions Rules and Guidelines