Privacy Policy

This Privacy Policy explains how Instance Labs LTD ("we", "us", "our"), a company registered in England and Wales, collects, uses, shares, and protects your personal data when you use the Last Command platform ("Service"), accessible at lastcmd.com and associated subdomains.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about this policy or your data, contact us at privacy@lastcmd.com.

1.1 Account Information

When you create an account, we collect:

• Email address
• Password (stored securely as a one-way hash; we never have access to your plaintext password)
• A unique user identifier assigned by our authentication provider

1.2 Profile & Game Information

When you join or create an alliance, you may provide:

• In-game player name
• Game metrics (power level, headquarters level, resistance level)
• Hero roster details (hero names, levels, rarity, vehicle type)
• Preferred squad type and combat role
• Availability schedule (days and times)
• Discord username (optional)
• Absence reasons and dates

1.3 Alliance & Event Data

When you participate in alliance activities, we process:

• Alliance membership and rank
• Desert Storm match assignments, attendance, and performance scores
• Event rankings and scores (Train, Marshal's Guard, Zombie Siege, Alliance Duel, General's Trial, Shield Board)
• Safe time votes
• Power level snapshots over time
• Hive map placements and battle plans
• Guides and announcements you create

1.4 Screenshot Data

If you use our AI-powered screenshot scanning feature, you may upload in-game screenshots for automated data extraction. These images are processed in real time by our AI service and are not stored. The images exist only in temporary server memory during processing (typically under 30 seconds) and are immediately discarded. Only the extracted structured data (player names and scores) is retained.

1.5 Payment Information

If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not receive or store your full card number, expiry date, or CVV. We receive only a subscription identifier, plan type, and billing status from Stripe to manage your account tier.

1.6 Usage & Analytics Data

We use Google Analytics to understand how the Service is used. This may collect:

• Pages visited and features used
• Browser type and device category
• Approximate geographic location (country/region level, derived from IP address)
• Referring website
• Session duration and interaction patterns

Google Analytics uses cookies to collect this data. See our Cookie Policy for details on how to opt out.

1.7 Server Logs

Our cloud infrastructure (AWS) automatically logs technical information such as request timestamps, HTTP status codes, and error messages. These logs are retained for up to 30 days and are used solely for debugging and service reliability. We do not systematically collect or store IP addresses, user agent strings, or device identifiers in our application logs.

We use the information we collect to:

• Provide the Service — create and manage your account, process alliance memberships, coordinate events, display rankings and schedules
• Process payments — manage subscriptions, apply the correct feature tier to your alliance
• Extract data from screenshots — use AI to read player rankings from uploaded game screenshots, returning structured data to your alliance
• Improve the Service — analyse usage patterns to fix bugs, improve performance, and develop new features
• Communicate with you — respond to support requests, send essential service notifications (e.g., billing confirmations, security alerts)
• Ensure security — detect and prevent abuse, enforce our Terms of Service, rate-limit API usage

We do not sell your personal data. We do not use your data for automated decision-making or profiling that produces legal effects.

We share your personal data only in the following circumstances:

4.1 Alliance Members

When you join an alliance, certain information is visible to other alliance members by design: your in-game name, rank, game metrics, event scores, availability, and shield status. Alliance officers (R4 and R5 ranks) may have additional visibility into member data for coordination purposes.

4.2 Service Providers

A full, versioned list of our sub-processors is published at instancelabs.dev/sub-processors. We give at least 30 days' notice of material changes. The core third-party services we use to operate the platform are:

• Amazon Web Services (AWS) — cloud hosting, authentication, database storage, AI processing, and email delivery. Data is primarily processed in the EU West (London) region. See AWS Privacy Policy.
• Stripe — payment processing (US, under Standard Contractual Clauses). Stripe acts as an independent data controller for payment data. See Stripe Privacy Policy.
• Google Analytics — website analytics (US, under Standard Contractual Clauses). Only loaded where analytics consent has been given. See Google Privacy Policy.
• Sentry (Functional Software, Inc., US — under Standard Contractual Clauses) — error tracking and performance monitoring. Receives error context including URL, user agent, and, for authenticated requests, the user's internal identifier. We do not send request bodies or personal data via Sentry's default transports. See Sentry Privacy Policy.

4.3 Legal Requirements

We may disclose your data if required by law, regulation, legal process, or governmental request, or where necessary to protect our rights, property, or safety, or that of our users or the public.

4.4 Business Transfers

If Instance Labs LTD is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Your data is primarily stored and processed in the AWS EU West (London) region. However, some of our third-party providers (Stripe, Google Analytics, Sentry) may transfer data to the United States or other countries. Where such transfers occur, they are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
• The provider's participation in recognised data protection frameworks
• UK adequacy decisions where applicable

When you leave an alliance or delete your account, we will remove or anonymise your personal data within a reasonable timeframe, except where we are required to retain it for legal or regulatory purposes.

Under UK GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restriction — request that we limit how we process your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — where processing is based on consent (e.g., analytics cookies), you can withdraw at any time

To exercise any of these rights, email us at privacy@lastcmd.com. We will respond within one month, as required by law.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

7.1 Rights for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at privacy@lastcmd.com.

The Service is not intended for anyone under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use the Service or provide any personal information.

If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at privacy@lastcmd.com.

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit (TLS/HTTPS) for all data communications
• Encryption at rest for all stored data (AWS-managed encryption)
• Sign-in handled by a managed authentication service with secure password hashing
• Role-based access controls within alliances
• Rate limiting on sensitive operations
• Input validation and sanitisation to prevent injection attacks
• Regular security reviews of our codebase and infrastructure

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We use essential cookies for authentication and analytics cookies via Google Analytics. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

Last Command is an independent tool and is not affiliated with, endorsed by, or associated with Last War: Survival or its developer, FUNFLY PTE. LTD. Any game-related data you provide (player names, scores, power levels) is entered voluntarily by you and your alliance members. We do not access or connect to the game's servers or APIs.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also provide notice via the Service or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: