← Back to GameplayGen

Privacy Policy

Last updated: 2026/03/04

1. Controller

The data controller responsible for this website and service is:

José Freitas, trading as GameplayGen
Kesterstr 3.
86153 Augsburg
Bavaria, Germany
Email: contact@gameplaygen.com

2. Data We Collect

We collect the following personal data when you use GameplayGen:

  • Account data: Email address and password hash (created during registration)
  • API usage logs: Request timestamps, endpoints accessed, response codes, and usage metrics
  • Game data: Data you create, upload, or generate through the API (economies, configurations, game content)
  • IP addresses: Collected automatically with each request for security and abuse prevention
  • Technical information: Browser type, operating system, and device information

3. Legal Basis for Processing

We process your data based on the following legal grounds (Art. 6 GDPR):

  • Contract performance (Art. 6(1)(b)): Account data and game data are necessary to provide the Service
  • Legitimate interest (Art. 6(1)(f)): Usage logs and IP addresses for security, abuse prevention, and service improvement
  • Legal obligation (Art. 6(1)(c)): Where required by German or EU law

4. Cookies

We use only essential cookies required for authentication and session management. No third-party analytics, tracking, or advertising cookies are used. These essential cookies are necessary for the Service to function and do not require consent under Art. 5(3) of the ePrivacy Directive.

5. Data Processors

We use the following third-party services to operate GameplayGen:

  • Convex (Convex, Inc., USA) — Database and backend infrastructure
  • Vercel (Vercel, Inc., USA) — Website hosting and edge functions
  • Resend (Resend, Inc., USA) — Transactional emails

Data processing agreements are in place with each provider in accordance with Art. 28 GDPR.

6. International Data Transfers

Some of our data processors (Convex, Vercel, Resend) are based in the United States. Data transfers to the US are conducted under the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an adequate level of data protection in accordance with Art. 46 GDPR.

7. Data Retention

  • Account data: Retained for the duration of your account. Deleted within 30 days of account deletion.
  • API usage logs: Retained for up to 12 months for analytics and debugging, then automatically deleted.
  • Game data: Retained for the duration of your account. Exported or deleted upon request.
  • IP addresses: Retained for up to 90 days for security purposes.

8. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15): Request a copy of your personal data
  • Rectification (Art. 16): Correct inaccurate personal data
  • Erasure (Art. 17): Request deletion of your personal data
  • Restriction (Art. 18): Restrict processing of your data
  • Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Objection (Art. 21): Object to processing based on legitimate interest

To exercise any of these rights, contact us at contact@gameplaygen.com. We will respond within 30 days.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent authority for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Germany — www.lda.bayern.de.

10. Data Protection Contact

For all data protection inquiries, contact:
José Freitas
contact@gameplaygen.com

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The current version is always available at gameplaygen.dev/privacy.