Table of Contents
- Introduction
- Changes to This Privacy Policy
- Information Collection
- Why We Process Your Information
- How We Disclose Your Personal Information
- Cookies & Similar Technologies
- Data Security
- Children's Privacy
- Your Privacy Rights
- International Data Transfers
- Contact Us
- Region-Specific Privacy Notices
Introduction
PlayerGalaxy ("PlayerGalaxy", "we", "us", or "our") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.
This Privacy Policy describes how we collect, use, and share information about you as well as your rights and choices about such collection, use, and sharing. The PlayerGalaxy gaming platform, website, applications, and related services are collectively referred to as the "Services." This Privacy Policy applies when you:
- Access or use our gaming platform and website
- Create an account or user profile
- Play games, create or view user-generated content
- Interact with other users through comments, chat, or social features
- Contact our support team
- Engage with us on social media
- Otherwise interact with our Services
By accessing or using the Services, whether or not you create an account, you acknowledge that we collect, use, and share information as described in this Privacy Policy.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes, we will:
- Update the "Last Updated" date at the top of this policy
- Post the updated policy on the Services
- Display an in-platform notice for material changes when appropriate
We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.
Information Collection
Information You Provide to Us
We collect personal information that you voluntarily provide when you use our Services:
Account Registration and Profile Information
- Username
- Email address
- Password (hashed)
- Profile picture (optional)
User-Generated Content
- Games and interactive content you create or upload
- Game thumbnails and screenshots
- Game descriptions and metadata
- Comments on games and content
- Chat messages you send during a live chat session
- Feedback you submit to us
Social Interactions
- Follow/follower relationships
- Likes on games, news, comments, and user-generated content
- Collections you create or manage
- Tags you add to user-generated content
Communications with Us
- Support requests and correspondence
- Feedback you submit to us
- Email communications
Information Collected Automatically
When you use our Services, we automatically collect certain information:
Usage and Activity Data
- Games played
- Content viewed and interactions
- Play statistics and achievements
Device and Technical Information
- IP address
- Browser type and version
- Operating system
- Device type (desktop, mobile, tablet)
- Referring URLs
- Access times and dates
Cookies and Similar Technologies
- Session identifiers
- Authentication tokens
- Anonymous view deduplication identifiers
See the Cookies & Similar Technologies section for more details.
Information from Third-Party Sources
We may receive information about you from third-party sources:
Authentication Providers
If you sign in using third-party services (such as Google, Discord, or other OAuth providers):
- Username
- Email address
- Profile picture
- User ID from the third-party service
Other Users
- Tags or mentions in user-generated content
- Reports or feedback about your content or behavior
How Long We Keep Your Data
We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Data Retention Periods
| Type of Data | Retention Period |
|---|---|
| Account Information (username, email, profile data) | Retained while your account is active and for 90 days after account deletion, unless required for legal compliance |
| User-Generated Content (games, comments, chat messages) | Retained while your account is active. After account deletion, content may be anonymized rather than deleted to preserve platform integrity |
| Gameplay and Activity Data (play statistics, views, likes) | Retained while account is active and for up to 1 year after last activity, or until deletion request |
| Technical Usage Data (request logs, session identifiers, browser information) | Retained for up to 2 years, or deleted/anonymized upon request |
| Support and Communication Records | Retained for up to 3 years to provide ongoing support and improve services |
| Security and Fraud Prevention Data | Retained as long as necessary to maintain security and prevent fraud, typically up to 5 years |
| Legal Compliance Data | Retained as long as necessary to comply with applicable laws and regulations |
| Cookies and Session Data | Varies by type; session cookies expire when you close your browser, persistent cookies expire after their set duration (typically 1-2 years) |
After the retention period expires, we will either:
- Delete the information
- Anonymize the information so it can no longer identify you
- Aggregate the information for statistical purposes
You may request deletion of your personal information at any time by contacting us. However, we may retain certain information as required by law or for legitimate business purposes (such as fraud prevention or resolving disputes).
Why We Process Your Information
We use your personal information for the following purposes:
Core Platform Services
- Account Management: Creating, maintaining, and securing your account
- Platform Operations: Enabling you to play games, create content, and use platform features
- Content Delivery: Providing access to games and user-generated content
- Social Features: Enabling interactions, follows, comments, and chat
Platform Improvement
- Service Improvement: Analyzing usage to improve features and user experience
- Bug Fixes and Troubleshooting: Identifying and resolving technical issues
- Performance Optimization: Ensuring games and content load efficiently
Communication
- Account Notifications: Sending important updates about your account
- Support Communications: Responding to your inquiries and providing assistance
Safety and Security
- Fraud Prevention: Detecting and preventing fraudulent activity
- Security Monitoring: Protecting against security threats and unauthorized access
- Content Moderation: Reviewing content for compliance with our Community Guidelines
- Abuse Prevention: Identifying and addressing violations of our terms
Legal Compliance
- Age Verification: Ensuring users meet minimum age requirements
- Legal Obligations: Complying with applicable laws and regulations
- Dispute Resolution: Addressing legal claims or disputes
- Regulatory Requirements: Meeting requirements of regulatory authorities
Research and Development
- Trend Analysis: Understanding gaming and content trends
- Product Development: Developing new features and services
- Market Research: Understanding user needs based on platform activity and feedback
Legal Bases for Processing (for EEA/UK/CH users):
- Contract Performance: Processing necessary to provide services you've requested
- Legitimate Interests: Processing for our legitimate business interests (such as improving services, security, and fraud prevention)
- Consent: Processing based on your explicit consent where required
- Legal Obligations: Processing required to comply with legal requirements
How We Disclose Your Personal Information
We may share your personal information with the following categories of third parties:
Service Providers and Partners
| Category | Types of Information Shared | Purpose |
|---|---|---|
| Cloud Hosting Providers (e.g., Supabase, Vercel, Cloudflare) | Account data, user content, usage data, device information | Platform hosting, database management, content delivery |
| Authentication Services (e.g., Supabase Auth, OAuth providers) | Email, username, authentication tokens | Account authentication and security |
| Email Service Providers (Resend) | Email address, username, communication preferences | Sending account-related emails |
| Content Delivery Networks (CDN) | IP address, device information, content requests | Delivering games and media files efficiently |
| Security and Fraud Prevention | IP address, device information, usage patterns | Detecting and preventing fraud and abuse |
Public Information
The following information may be visible to other users and the public:
- Your username
- Your profile picture, if you upload one
- Games and content you publish
- Comments you post
- Your followers and following lists
- Public collections you create
- Play statistics
Legal Requirements and Safety
We may disclose your information when required by law or to protect rights and safety:
- Legal Obligations: In response to court orders, subpoenas, or legal processes
- Safety and Security: To protect the rights, property, and safety of PlayerGalaxy, our users, or others
- Fraud and Abuse: To investigate and prevent fraud, security issues, or abuse
- Terms Enforcement: To enforce our Terms of Service and Community Guidelines
Business Transfers
If PlayerGalaxy is involved in a merger, acquisition, sale of assets, or bankruptcy:
- Your personal information may be transferred to the acquiring entity
- We will notify you before your information is transferred and becomes subject to a different privacy policy
Information We Do NOT Sell
We do not sell your personal information to third parties for monetary consideration.
Cookies & Similar Technologies
We use cookies and similar technologies to operate the Services, keep users signed in, secure accounts, and prevent duplicate view counting.
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. Similar technologies include browser local storage and session storage.
Cookies and Storage We Use
Authentication and Session Cookies
We use authentication cookies to keep users signed in and to make authenticated requests across pages.
- Authentication: Maintaining your signed-in session
- Security: Refreshing and validating authentication tokens
- Session Management: Keeping your account state consistent as you navigate the Services
Cookie name pattern:
sb-*-auth-token- Authentication session cookie
Local Storage
We use browser local storage for a stable anonymous session identifier used to deduplicate content views when a visitor is not signed in.
- Anonymous view deduplication: Distinguishing repeat views from the same browser
Local storage key:
playfly_anon_sid- Anonymous session identifier for view counting
Third-Party Cookies
We do not currently use third-party analytics cookies or a cookie consent banner. Embedded games or third-party services linked from the Services may use their own cookies or storage under their own policies.
Managing Cookies and Local Storage
Most browsers allow users to:
- View and delete cookies and local storage
- Block cookies
- Clear cookies and local storage when the browser closes
Blocking or deleting authentication cookies may sign you out or prevent account features from working. Deleting local storage may reset anonymous view deduplication for that browser.
Do Not Track Signals
Some browsers include a "Do Not Track" (DNT) feature. There is no industry consensus on how to respond to DNT signals, and the Services do not currently respond to DNT signals.
Data Security
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it.
Security Measures
Technical Safeguards
- Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
- Authentication: Passwords are handled by our authentication provider and stored as bcrypt hashes
- Access Controls: Role-based access controls limit who can access your data
- Secure APIs: API endpoints are protected with authentication and rate limiting
Organizational Safeguards
- Employee Training: Staff are trained on data protection and security best practices
- Access Limitations: Only authorized personnel have access to personal information
- Incident Response: We have procedures to respond to security incidents
- Third-Party Vetting: We evaluate the security practices of our service providers
Infrastructure Security
- Firewall Protection: Network firewalls protect our infrastructure
- DDoS Protection: Distributed Denial of Service attack mitigation
- Monitoring: 24/7 monitoring for suspicious activity
- Backup Systems: Regular backups to prevent data loss
Data Breach Notification
In the event of a data breach that affects your personal information:
- We will notify you as required by applicable law (typically within 72 hours)
- We will provide information about what data was affected
- We will inform you of steps we're taking to address the breach
- We will provide guidance on steps you can take to protect yourself
Your Responsibility
You can help protect your account by:
- Using a strong, unique password
- Not sharing your account credentials
- Logging out when using shared devices
- Keeping your contact information up to date
- Reporting suspicious activity immediately
These safeguards reduce security risks but do not eliminate them.
Children's Privacy
Age Requirements
PlayerGalaxy is intended for users who are 13 years of age or older (or the minimum age required in your jurisdiction to consent to the use of online services).
If you are under 13 (or the applicable age in your jurisdiction), you may not create an account or use our Services.
Parental Consent
In some jurisdictions, users between 13 and the age of majority may require parental consent to use our Services. If we become aware that parental consent is required and has not been obtained, we may suspend the account until consent is provided.
Information from Children
We do not knowingly collect personal information from children under 13.
If we discover that we have inadvertently collected information from a child under 13:
- We will delete the information as quickly as possible
- We will terminate the associated account
- We will take steps to prevent future collection
Parental Rights
If you believe your child under 13 has created an account or provided personal information to us:
- Contact us immediately at privacy@playergalaxy.com
- We will delete the information and terminate the account
- You may request information about what data we collected (subject to identity verification)
Content Restrictions
We enforce Community Guidelines to ensure age-appropriate content:
- Content must be suitable for users 13+
- Mature content (18+) must be clearly labeled
Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information.
Universal Rights (Available to All Users)
Right to Access
You can request a copy of the personal information we hold about you.
- How to Exercise: Contact us at privacy@playergalaxy.com or use your account settings
- What You'll Receive: A copy of your personal information in a structured, commonly used format
- Response Time: Within 30 days (may be extended by 30 days for complex requests)
Right to Correction
You can request that we correct inaccurate or incomplete information.
- How to Exercise: Update your profile through account settings or contact us
- Response Time: Corrections typically processed within 7-14 days
Right to Deletion
You can request that we delete your personal information.
- How to Exercise: Use the "Delete Account" feature or contact us at privacy@playergalaxy.com
- Exceptions: We may retain certain information for legal compliance, fraud prevention, or legitimate business purposes
- Response Time: Within 30 days
Right to Data Portability
You can request your data in a portable format to transfer to another service.
- How to Exercise: Contact us at privacy@playergalaxy.com
- What You'll Receive: Your data in JSON or CSV format
- Response Time: Within 30 days
Communication Preferences
Essential account-related communications, such as security alerts and policy updates, may still be sent when needed to operate the Services.
Additional Rights (Region-Specific)
See the Region-Specific Privacy Notices section for rights specific to:
- California residents (CCPA/CPRA)
- European Economic Area, UK, and Switzerland residents (GDPR)
- Canadian residents (PIPEDA)
- Other jurisdictions
International Data Transfers
PlayerGalaxy operates from the United States and serves users globally. Your personal information may be transferred to, stored, and processed in countries other than your own.
Data Transfer Mechanisms
When we transfer personal information internationally, we use appropriate safeguards:
Standard Contractual Clauses (SCCs)
We use European Commission-approved Standard Contractual Clauses to protect data transferred from the EEA/UK/CH to countries without adequacy decisions.
Adequacy Decisions
We may transfer data to countries that have been deemed to provide adequate data protection by:
- The European Commission (for EEA transfers)
- The UK Information Commissioner's Office (for UK transfers)
- The Swiss Federal Data Protection Commissioner (for Swiss transfers)
Privacy Shield Frameworks (Where Applicable)
For transfers to the United States, we may rely on the EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework (where applicable and certified).
Countries Where Data May Be Processed
Your data may be processed in:
- United States: Our primary cloud infrastructure providers operate in the US
- European Union: We use servers in the EU for users in that region
- Other Countries: As necessary to provide services through our global infrastructure
Your Rights Regarding International Transfers
If you are in the EEA, UK, or Switzerland:
- You have the right to obtain information about the safeguards we use for international transfers
- You can request a copy of the Standard Contractual Clauses we use
- Contact us at privacy@playergalaxy.com for more information
Contact Us
Questions, concerns, or requests regarding this Privacy Policy or our data practices can be sent through these channels:
Email: privacy@playergalaxy.com
Support: support@playergalaxy.com
Website: https://www.playergalaxy.com
Response Times
We strive to respond to all inquiries within:
- Privacy requests: 30 days (may be extended by 30 days for complex requests)
- General inquiries: 5-7 business days
- Urgent security matters: Within 24-48 hours
Requests should include:
- Your username or email address associated with your account
- A clear description of your request or concern
- Any relevant documentation or reference numbers
Region-Specific Privacy Notices
This section provides additional information for residents of specific jurisdictions.
California Residents (CCPA/CPRA)
This section applies to California residents and describes rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Categories of Personal Information Collected
In the past 12 months, we have collected, or have not collected, the following categories of personal information:
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Email address, username, account ID, IP address, authentication/session identifiers, and anonymous view session ID | Yes |
| Personal Information (Cal. Civ. Code § 1798.80) | Email address, username, account profile information, and avatar image if you upload one | Yes |
| Protected Classifications | Age, date of birth, race, ethnicity, religion, sex, gender identity, sexual orientation, disability, or veteran status | No |
| Commercial Information | Purchase history, payment records, or paid transaction details | No |
| Internet Activity | Interactions with the Services, including content views, likes, comments, follows, uploaded content activity, gameplay statistics, request timestamps, and server logs | Yes |
| Geolocation Data | Precise GPS location or stored location profile | No |
| Sensory Information | Audio, electronic, visual, thermal, olfactory, or similar sensory information | No |
| Professional Information | Employment or professional information | No |
| Education Information | Education records | No |
| Inferences | Profiles reflecting preferences, characteristics, behavior, attitudes, or interests | No |
| Sensitive Personal Information | Account login credentials handled by our authentication provider | Yes |
Business Purposes for Collection
We collect and use personal information for the business purposes described in the Why We Process Your Information section.
Categories of Third Parties
We disclose personal information to the categories of third parties described in the How We Disclose Your Personal Information section.
Sale of Personal Information
We do NOT sell your personal information for monetary consideration.
Your California Privacy Rights
California residents have the following rights:
1. Right to Know
Request information about the personal information we collect, use, and disclose.
2. Right to Delete
Request deletion of your personal information (subject to certain exceptions).
3. Right to Correct
Request correction of inaccurate personal information.
4. Right to Limit Use of Sensitive Personal Information
Request that we limit use of sensitive personal information to providing services.
5. Right to Non-Discrimination
You will not receive discriminatory treatment for exercising your privacy rights.
How to Exercise Your Rights
- Online: Use your account settings when the relevant control is available
- Email: privacy@playergalaxy.com
Verification: We will verify your identity before processing your request. We may ask for additional information such as your email address, username, or recent account activity.
Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.
European Economic Area, United Kingdom, and Switzerland (GDPR)
This section applies to individuals in the EEA, UK, and Switzerland and describes rights under the General Data Protection Regulation (GDPR) and related laws.
Data Controller
PlayerGalaxy is the data controller responsible for your personal information.
Contact Details:
PlayerGalaxy
Email: privacy@playergalaxy.com
Legal Bases for Processing
We process personal information based on the following legal grounds:
- Contract Performance: To provide services you've requested and fulfill our contract with you
- Legitimate Interests: For purposes that are in our or third parties' legitimate interests (such as security, fraud prevention, and service improvement), provided your rights don't override these interests
- Consent: Where you have given explicit consent for specific purposes
- Legal Obligations: To comply with legal requirements
Your GDPR Rights
You have the following rights:
Right to Access
Request access to your personal data and information about how we process it.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data in certain circumstances:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent (where processing is based on consent)
- You object to processing based on legitimate interests, and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Deletion is required to comply with a legal obligation
Right to Restriction of Processing
Request that we restrict processing of your personal data in certain circumstances:
- You contest the accuracy of the data
- Processing is unlawful, but you don't want the data erased
- We no longer need the data, but you need it for legal claims
- You have objected to processing pending verification of legitimate grounds
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Object
Object to processing based on legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
Lodge a complaint with your national data protection authority:
- EEA: List of Data Protection Authorities
- UK: Information Commissioner's Office (ICO)
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
International Data Transfers
We transfer personal data outside the EEA/UK/CH using appropriate safeguards:
- Standard Contractual Clauses (SCCs): European Commission-approved clauses
- Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
- Other Lawful Mechanisms: As permitted by applicable law
To request a copy of the safeguards we use, contact us at privacy@playergalaxy.com.
Data Retention
We retain personal data for the periods described in the How Long We Keep Your Data section.
How to Exercise Your Rights
Contact us at:
- Email: privacy@playergalaxy.com
We will respond to your request within one month (may be extended by two months for complex requests).
Canada (PIPEDA)
This section applies to individuals in Canada and describes rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws.
Accountability
PlayerGalaxy is responsible for personal information under our control. We have designated a privacy officer to oversee compliance.
Privacy Officer:
Privacy Officer
Email: privacy@playergalaxy.com
Your Canadian Privacy Rights
Right to Access
You have the right to be informed of the existence, use, and disclosure of your personal information and to access that information.
Right to Correct
You have the right to challenge the accuracy and completeness of your personal information and have it corrected as appropriate.
Right to Withdraw Consent
You may withdraw consent to the collection, use, and disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.
Right to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with the Office of the Privacy Commissioner of Canada:
- Website: https://www.priv.gc.ca
- Phone: 1-800-282-1376
International Data Transfers
Your personal information may be processed in the United States and other countries. When transferred outside Canada, it is subject to the laws of those jurisdictions, including lawful access by government authorities.
We use contractual safeguards to protect personal information transferred internationally.
How to Exercise Your Rights
Contact us at:
- Email: privacy@playergalaxy.com
We will respond to your request within 30 days.
Australia (Privacy Act)
This section applies to individuals in Australia and describes rights under the Privacy Act 1988.
Australian Privacy Principles (APPs)
We comply with the Australian Privacy Principles, which govern how we collect, use, disclose, and store personal information.
Your Rights
- Access: Request access to your personal information
- Correction: Request correction of inaccurate or outdated information
- Complaints: Lodge a complaint about our handling of your personal information
Complaints Process
If you have a complaint:
- Contact us at privacy@playergalaxy.com
- We will investigate and respond within 30 days
- If not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC):
- Website: https://www.oaic.gov.au
- Phone: 1300 363 992
Other Jurisdictions
If you are located in a jurisdiction not specifically addressed above, the core provisions of this Privacy Policy apply to you. You may have additional rights under local law. Contact us at privacy@playergalaxy.com for information about your specific rights.
Updates and Changes
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
How We Notify You of Changes
- Policy Updates: We update the "Last Updated" date at the top of this policy
- Platform Notice: We may display a prominent notice on our website or in the app for material changes
- Version History: Previous versions of this policy are available upon request
Your Acceptance
Continuing to use the Services after changes become effective means the updated Privacy Policy applies to that use. Account deletion requests can be sent to privacy@playergalaxy.com.
Definitions
- Personal Information / Personal Data: Information that identifies, relates to, describes, or could reasonably be linked with you
- Services: The PlayerGalaxy gaming platform, website, applications, and related services
- User-Generated Content (UGC): Games, content, comments, and other materials created or uploaded by users
- Processing: Any operation performed on personal data, including collection, storage, use, disclosure, and deletion
- Third Party: An entity that is not PlayerGalaxy or you
Acknowledgments
This Privacy Policy is designed to comply with:
- General Data Protection Regulation (GDPR) - EU, UK, Switzerland
- California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
- Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
- Children's Online Privacy Protection Act (COPPA) - USA
- Other applicable privacy and data protection laws
Last Updated: October 13, 2025
Version: 1.0
Questions or concerns about this Privacy Policy can be sent to privacy@playergalaxy.com.
This Privacy Policy works alongside our Terms of Service and Community Guidelines. Violations of these documents may result in account action.