GDPR & CCPA Compliance

Gamesight is a committed partner offering transparency and control to all of our customers so they may comply with GDPR & CCPA. Our platform is designed from the ground up with privacy-first principles.

Achieving Compliance With Gamesight

The Tools You Need

Our platform provides both dashboard and API level access to GDPR compliance tools. Handle right to access, right to be forgotten, and opt outs with ease.

Compliant Data Handling

All data passed over the Gamesight network is secured and encrypted. Data is hashed, anonymized, and encrypted, so rest assured even in a disaster situation – your player data is secure.

Sophisticated Team

Our entire team has received regular GDPR compliance & security training, and our organization has been SOC-II certified for secure data handling operations.

Our Policies

Isolated Processing

Our multi-tenant infrastructure has strict data isolation to enforce that your data stays separate and never leaves our production environment. We provide enterprise deployment options to meet even the most stringent compliance needs.

Full Control

Detailed data retention, truncation (including EU specific controls), and removal features so you are always in full control of your data.

Pseudonymization

Gamesight applies data hashing and pseudonymization on our edge servers before sending it to persistent storage so we only keep information necessary to provide our service.

Secure Data Handling Procedures

Our regularly audited processes guarantee that your data is handled with modern best practices and the principle of least privilege in mind. Comprehensive encryption, access management, and logging keep your data safe.

Incident Response & Disaster Recovery

Gamesight has robust incident response and business continuity plans. We take continuous backups to protect data against loss and policies to ensure that you will be quickly alerted should there be any data exposure or loss.

Physical Access Control

Our data centers are secure inside the most trusted cloud partner in the world, AWS. Physical security measures include 24/7 Security Operations Center, redundant alerting, and much more.

Personal Data Under GDPR

GDPR defines personal data to include:

  • Online identifiers

  • IP addresses

  • A user’s location data

  • Behavioral and demographic profiling data

If your users consent to be tracked, you must protect this data. It is your responsibility as a game developer (the data owner) to offer appropriate opt-ins, opt-outs, and the right to forget. Gamesight is a trusted partner in ensuring you can comply with these requests.

Right to forget & Do not track

One of the primary principals established under both GDPR & CCPA is the player's right to have their personal information deleted from data controllers at any time. We support this right by offering two opt-out mechanics where our customers can forward along requests made by their players:

  • A user privacy dashboard where our customers can directly opt their users out.

  • A user privacy API where the right to access & opt-out requests can be integrated into our customer's internal processes.

  • Our service is built to comply with our customer's DPAs, which we execute as part of our service agreements.

  • Looking for more detail? Reach out, and we can provide our most recent audit reports.

We are not offering legal advice. This page was built to help game developers better understand how to manage their player's rights while working with Gamesight. You should consult with your own legal counsel before making determinations on how your company can comply with the ever-shifting landscape of consumer privacy.

Please contact us at security@gamesight.io with security concerns or questions.