Confidentiality Guidelines - Riftlab Studios

Version 1.0 │ Effective Date: March 2026 │ riftlabstudios.com

This document can be also found in a file form here: Google Docs
- If a new document will be taking place the upcoming version will be available in the Google Docs version first, and the online version will be updated as soon as possible after the new version is finalised and reached its effective date.
- In case of a discrepancy between the Google Docs version and the online version, the Google Docs version will be considered the most up-to-date and authoritative version until the online version is updated.

These confidentiality levels define how information is handled by staff, testers, and approved collaborators. This document is incorporated by reference into the Riftlab Studios Terms of Service and applies to all individuals who have been granted access to RLS information in any capacity.

SECTION 1 — PURPOSE AND SCOPE

Riftlab Studios operates across a range of development stages, community programmes, and internal processes. Information produced or shared within these contexts carries varying degrees of sensitivity. These Confidentiality Guidelines establish a clear, consistent framework for how different categories of information must be handled, stored, shared, and disclosed.

These Guidelines apply to:

All current and former RLS staff members and contributors.
Playtesters, beta participants, and invited pre-release testers.
Community moderators, administrators, and approved volunteers.
Press contacts, content partners, and collaborators operating under a formal or informal agreement with RLS.
Any individual who has been granted access to non-public RLS information through any channel.

These Guidelines take effect from the moment an individual accesses any non-public RLS information and continue to apply indefinitely unless explicitly lifted in writing by designated RLS leadership.

SECTION 2 — GENERAL NOTICE

The following principles apply across all confidentiality levels and must be understood before any individual engages with RLS information:

Every studio member, tester, and approved collaborator is expected to understand and follow these confidentiality levels without exception.
Confidentiality levels may be updated, elevated, or reduced at any time as project scope, development phase, or risk assessment changes. It is each individual’s responsibility to remain aware of current level designations.
The absence of an explicit confidentiality label on a document, message, file, or piece of information does not mean that information is freely shareable. Unlisted or unlabelled materials may still be subject to restriction. When in doubt, treat information as Confidential until clarified by designated leadership.
The level list itself (the classification system described in this document) is public unless a separate restriction notice is posted by RLS leadership.
Individuals who become aware of a possible breach of these Guidelines — whether their own or another party’s — are expected to report it to designated RLS leadership promptly.
Violations of these Guidelines may result in removal from testing programmes, revocation of community roles, termination of collaboration agreements, and where applicable, legal action consistent with the terms of the RLS Terms of Service.

SECTION 3 — LEVELS OF CONFIDENTIALITY

Information is classified across eight levels, ranging from freely shareable Public material to Redacted content requiring direct leadership authorisation.

Confidentiality Levels

Information produced, shared, or accessible within the RLS ecosystem is classified under one of the following eight levels. Each level is listed in ascending order of sensitivity and restriction.

Tier Hierarchy

Here are all the confidentiality tiers organised from least to most (Top to Bottom) confidential.

Level	Accessibility	Distribution
Public	Most Accessible	Most Distributed
Not Public	Easily Accessible	Second Most Distributed
Confidential	Regulated	Normally Not Distributed
Restricted	Heavily Regulated	Not Distributed
Redacted	Direct Access Only	Never Distributed
Exceptional	Depends / Variable	Depends / Variable

Main Tiers

Base tiers for any kind of content.

PUBLIC

Open material that can be shared freely and without restriction.
Includes: public usernames, public-facing announcements, released game content, published patch notes, official social media posts, and any material explicitly marked as public by RLS.
Individuals may share, discuss, quote, or reproduce Public information without restriction.
No special handling is required for Public materials.
If you are unsure whether something qualifies as Public, escalate to a higher level until confirmed.

NOT PUBLIC

Internal updates and controlled previews not intended for open release.
Includes: internal announcements, pre-publication update drafts, controlled community previews, and materials shared with select groups prior to official release.
Not Public information may only be shared externally when RLS explicitly authorises publication through official channels.
Recipients of Not Public information must not forward, screenshot, summarise, or otherwise distribute it beyond the intended audience without explicit approval.
Examples of authorised sharing: RLS-approved press previews, authorised community announcements made by designated representatives.

CONFIDENTIAL

Active development context, internal communications, and restricted community spaces.
Includes: active development discussions, internal staff channels, paid supporter or patron-tier content, moderation logs, internal feedback threads, and ongoing design decisions.
Distribution is limited to approved groups as explicitly designated by RLS leadership.
Confidential information must not be shared with individuals outside the approved group, regardless of their relationship to RLS.
Confidential materials must not be screenshotted, quoted, transcribed, or summarised for external audiences.
Individuals with access to Confidential information must take reasonable steps to prevent unauthorised access (e.g., not leaving sessions open on shared devices).

RESTRICTED

High-sensitivity operational information and privileged access details.
Includes: internal infrastructure details, administrative credentials (in general terms), high-level operational planning, financial arrangements, staff personal information, and sensitive partnership details.
Restricted information is shared only with authorised high-level staff as explicitly designated by RLS leadership.
Restricted materials must never be discussed in any shared channel, community space, or external communication under any circumstances.
Individuals with access to Restricted information are personally responsible for its security and must report any suspected exposure immediately.
Restricted information must be handled with the highest standard of care and must not be stored in unsecured formats or locations.

REDACTED

Critical private information, security-sensitive details, and protected development files.
Includes: security credentials, authentication details, critical infrastructure information, protected source files, legal documents, and any information designated Redacted by leadership.
Any sharing of Redacted information requires direct, explicit, written authorisation from designated RLS leadership. Verbal or implied authorisation is not sufficient.
Redacted materials must be stored securely and accessed only on trusted, private devices.
Loss, exposure, or suspected exposure of Redacted information must be reported to designated leadership immediately.
Unauthorised disclosure of Redacted information may result in immediate termination of all RLS roles and legal action as provided under the RLS Terms of Service.

Special Tiers

Special tiers for more specific guidelines.

EXCEPTIONAL

Special-case designation for projects or individuals requiring custom confidentiality handling.
Exceptional is a bespoke classification applied on a case-by-case basis where standard levels are insufficient or where unique circumstances require tailored controls.
The specific rules, access conditions, sharing permissions, and obligations for each Exceptional case are defined individually by designated RLS leadership at the time of assignment.
Exceptional designations may include additional controls beyond those listed in any other level, including custom NDAs, restricted device policies, or scheduled review dates.
Recipients of an Exceptional designation will be briefed directly by RLS leadership on the applicable rules. In the absence of such a briefing, treat the material as Redacted.
Exceptional status may be reviewed, modified, or rescinded at any time by designated RLS leadership.

SECTION 4 — HANDLING AND STORAGE OBLIGATIONS

Regardless of confidentiality level, the following baseline handling obligations apply to all non-Public information:

Do not store confidential materials in shared, public, or unencrypted locations (e.g., public cloud folders, shared drives with broad access, unencrypted messaging apps).
Do not forward, copy, or reproduce confidential materials beyond what is necessary for your authorised role.
Do not discuss confidential information in public channels, open voice calls, or any space where unauthorised individuals may be present.
When a confidentiality obligation ends (e.g., upon leaving a role or testing programme), any materials held locally should be deleted unless retention is specifically authorised by RLS leadership.
If you receive information that appears to exceed your authorised access level, do not read further and notify designated RLS leadership immediately.

SECTION 5 — BREACHES AND REPORTING

A breach occurs when confidential information is accessed, shared, distributed, or discussed by any individual or in any manner not authorised under these Guidelines.

All breaches, suspected breaches, or near-misses must be reported to designated RLS leadership as soon as possible after discovery.

Reports should include: what information was involved, how the breach occurred or is suspected to have occurred, who may have been exposed to the information, and any steps already taken.

RLS leadership will assess each reported breach and determine the appropriate response, which may include: no action required, remediation steps, removal from programmes or roles, or escalation to legal action where warranted.

Individuals who report breaches in good faith will not be penalised for doing so. Concealment of a known breach is itself a violation of these Guidelines and may result in more severe consequences.

SECTION 6 — AMENDMENTS AND UPDATES

These Guidelines may be updated at any time by designated RLS leadership to reflect changes in project scope, risk, legal requirements, or operational needs.

Material updates will be communicated through official RLS channels. It is each individual’s responsibility to remain aware of the current version of these Guidelines.

Continued participation in any RLS programme, role, or activity following an update to these Guidelines constitutes acceptance of the updated terms.

SECTION 7 — RELATIONSHIP TO OTHER RLS DOCUMENTS

These Guidelines are incorporated by reference into the Riftlab Studios Terms of Service (Section 15) and form part of the overall framework governing your relationship with RLS.

In the event of any conflict between these Guidelines and the Terms of Service, the Terms of Service shall take precedence except where these Guidelines impose stricter obligations, in which case the stricter obligation applies.

These Guidelines do not replace or supersede any separate non-disclosure agreement (NDA) that may be in place between an individual and RLS. Where both apply, both must be followed.

SECTION 8 — CONTACT AND CLARIFICATION

Questions about the application of these Guidelines, requests for level clarification, or reports of suspected breaches should be directed to designated RLS leadership through the official Riftlab Studios Discord support channels or via the contact information available at riftlabstudios.com.

When requesting a clarification on whether specific information falls under a particular level, provide as much context as possible without disclosing the information itself.