CatalogHow it worksSolutionsDevelopersPricingBlog
Privacy Policy

How we handle data.

This Policy explains what we collect, why we collect it, who we share it with, and the rights you have. It applies to playgent.com, our services, and any games rendered through our embeds.

Effective · May 10, 2026Last updated · May 24, 2026Version · 2.1

01Overview & roles

Playgent Inc., a Delaware corporation with offices at 108 W. 13th Street, Suite 100, Wilmington, DE 19801 (“Playgent,” “we,” “us,” or “our”), provides an engagement infrastructure platform (the “Service”).

This Policy distinguishes between two relationships:

  • Customer data — data about the people and organizations that hold accounts with us. We act as a data controller for this data.
  • Player data — data about the end users who play games inside a Customer’s product. We act as a data processor for this data, on behalf of the Customer, who is the controller. The Customer is responsible for the lawful basis for processing Player data, including obtaining any required consents and providing privacy notices.

If you played a game embedded in a third-party product, that third party is the controller of your data; please consult their privacy notice. We will route a verified request to them on your behalf where we are able.

02Data we process

We process the following broad categories of personal data. We keep collection to what is necessary to provide and secure the Service.

  • Account & contact data — name, work email, organization name, role, and similar profile details for people who hold or are invited to an account.
  • Authentication data — credentials, multi-factor authentication metadata, and session information used to keep accounts secure. We do not store passwords directly.
  • Billing data — billing address, tax identifiers, plan, and invoice history. Card and bank details are collected directly by our payment provider; we receive only tokenized references.
  • Configuration & content — settings, themes, content created or uploaded by Customers, and the inputs Customers provide to our content-authoring features.
  • Usage & gameplay data — pseudonymous identifiers, gameplay outcome metrics, and limited contextual data emitted when a game is loaded or completed. We do not collect names, email addresses, phone numbers, government identifiers, payment instruments, or precise location through our embeds.
  • Operational telemetry — request metadata such as IP address, user agent, and timestamps used for security, abuse prevention, and service quality.
  • Communications — support tickets, sales inquiries, and any data you voluntarily share with us.

No personal identifiers through embeds. Customers are contractually required not to pass directly identifying information through any identifier field exposed by our embeds. We treat these fields as opaque references and will redact and notify if we become aware of misuse.

03How we use data

  • Provide, operate, secure, and improve the Service.
  • Authenticate users, enforce policies, and detect abuse, fraud, and bot activity.
  • Deliver analytics and reports to Customers about their own usage.
  • Bill Customers, send receipts, and meet related accounting and tax obligations.
  • Send transactional communications (account, security, billing, invitations) and, with separate consent or where permitted by law, optional product updates you can unsubscribe from at any time.
  • Comply with legal obligations, enforce our agreements, and protect the rights and safety of users and the public.
  • Produce de-identified or aggregate statistics about Service performance. We do not re-identify, sell, or rent these statistics, and we do not use them for advertising.

04Legal bases (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following bases:

  • Contract — to provide the Service to a Customer that has accepted our terms.
  • Legitimate interests — to secure and improve the Service, prevent abuse, deliver transactional communications, and operate analytics that do not override your rights and freedoms.
  • Legal obligation — tax, accounting, anti-fraud, lawful requests.
  • Consent — for marketing communications and where local law requires it. You may withdraw consent at any time.

05How we share data

We do not sell personal data. We share it only as follows:

  • With service providers we engage to operate the Service (collectively, “subprocessors”), each bound by written confidentiality and security obligations and prohibited from using personal data for their own purposes.
  • With Customers for Player data, where the Customer is the controller. Customers cannot see another Customer’s data.
  • With professional advisors (lawyers, auditors, insurers) under confidentiality.
  • For corporate transactions — in connection with a merger, acquisition, financing, or sale of assets, with successors required to honor this Policy.
  • To comply with law or respond to valid legal process. Where lawful and appropriate, we will challenge overbroad requests and notify affected Customers before disclosure.
  • To protect rights and safety — to investigate fraud or abuse, enforce our agreements, or protect users or the public.

06Subprocessors

We engage a small number of vetted service providers to host and operate the Service. Each is bound by written terms that require confidentiality, appropriate technical and organizational security measures, and the use of personal data solely for the purposes we direct.

An up-to-date list of our subprocessors is available on request. Email support@playgent.com and we will send it.

07International transfers

Playgent is based in the United States, and personal data may be processed in the United States, the European Union, the United Kingdom, or other jurisdictions where we or our service providers operate. Where we transfer personal data originating in the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (and the UK Addendum or Swiss Annex as relevant), supplemented by technical and organizational measures appropriate to the destination.

08Retention & deletion

We retain personal data only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Account data is retained while the account is active and for a limited period after closure. Player data is retained for the duration agreed with the relevant Customer and is then deleted or aggregated into non-identifying counters. Operational and security logs are retained for short periods commensurate with their purpose. Encrypted backups may persist on a rolling basis and are overwritten in the ordinary course.

You may request deletion at any time by writing to privacy@playgent.com. We will verify your identity before acting on a deletion request and respond within the timeframe required by applicable law.

09Security

We use a combination of technical, administrative, and physical safeguards designed to protect personal data, including encryption in transit and at rest for production data, least-privilege access controls, dependency and code review, and ongoing monitoring. We test our defenses on a regular cadence and engage qualified third parties to assess them. No system is perfectly secure; if we experience a security incident affecting personal data, we will notify affected Customers without undue delay and within the timeframe required by applicable law.

If you discover a vulnerability, please report it to security@playgent.com.

10Your rights

Subject to applicable law, you have the following rights with respect to personal data we process about you:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Correct data that is inaccurate or incomplete.
  • Erasure. Request deletion, subject to legal retention obligations.
  • Restriction. Restrict processing while a dispute about accuracy or lawfulness is resolved.
  • Portability. Receive your data in a portable, machine-readable format.
  • Objection. Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent. Where processing is based on consent, withdraw it at any time.
  • Non-discrimination. We will not penalize you for exercising a privacy right.
  • Lodge a complaint. File a complaint with a competent supervisory authority.

To exercise rights as a Customer, use the controls available in your account or write to privacy@playgent.com. To exercise rights as a Player, please contact the Customer that embedded the game in the product you used. If they cannot be reached, write to us and we will forward your request and assist within the limits of our processor role.

11U.S. state privacy rights

If you are a resident of a U.S. state that grants comparable privacy rights (including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana), the rights in §10 apply. In addition:

  • No sale, no share for cross-context behavioral advertising. In the prior 12 months, we have not sold personal data and we have not shared personal data for purposes of cross-context behavioral advertising.
  • Sensitive personal information. We do not use sensitive personal information for purposes that would require an opt-out.
  • Authorized agents. You may designate an authorized agent to submit requests on your behalf. We will verify both your identity and the agent’s authority.
  • Appeals. If we deny a rights request, you may appeal within 60 days by replying to our denial.

12Children’s privacy

The Service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. Customers may not embed our games in products directed to children, or knowingly to children, without first implementing age-gating and obtaining verifiable parental consent under COPPA, the GDPR, and other applicable laws, and notifying us in writing.

If you believe a child has provided us with personal data, contact privacy@playgent.com and we will delete it promptly.

13AI features

Our Service includes optional features that use third-party artificial-intelligence providers to help Customers create content. Where these features are used:

  • Inputs the Customer provides may be transmitted to the provider under contractual terms that prohibit the provider from using submitted content to train its models or for any purpose other than serving our request.
  • We do not use Customer prompts, Customer content, or Player data to train general-purpose AI models.
  • AI-generated output is probabilistic. Customers are solely responsible for reviewing and approving generated content before it is published to end users.

14Sign-in with Google

When you choose to sign in to the Hub using a Google account, Google shares a limited set of profile data with us in line with the scopes you authorize on Google’s consent screen. This section describes how we handle that data and reflects our compliance with the Google API Services User Data Policy, including the Limited Use requirements.

Data we receive. We request only Google’s standard sign-in scopes (openid, email, and profile). The information we receive is limited to your Google account identifier, the email address associated with your Google account, your name, and your profile picture URL. We do not request, access, or store data from Gmail, Google Drive, Google Calendar, Google Contacts, or any other Google API.

How we use it. We use this data solely to create and authenticate your Hub account, recognize you on subsequent sign-ins, display your name and avatar inside the Hub interface, and send transactional account, security, and billing notices to your email. We do not use information received from Google for advertising, profiling, or any purpose unrelated to operating the Hub.

Sharing. We do not sell, rent, or transfer information received from Google to any third party for that party’s own purposes. We do not use information received from Google to develop, improve, train, or fine-tune any general- purpose or generative AI model. The only third parties that handle this data are the infrastructure service providers that host and operate the Hub on our behalf, bound by the obligations described in §05 and §06.

Storage and protection. Information received from Google is stored in our production databases, encrypted in transit and at rest, and access is limited to authorized personnel under the controls described in §09. Human access to this data is restricted to the specific cases permitted by the Google API Services User Data Policy — investigating security, fraud, or abuse; complying with applicable law; or acting with your explicit consent — and to aggregated or de-identified operations where individual records are not exposed.

Retention and deletion. Information received from Google is retained for the lifetime of your Hub account. You can revoke our access at any time from your Google Account permissions page. You can request deletion of your Hub account and the associated Google profile data by writing to privacy@playgent.com; we will delete it from active systems within 30 days, with encrypted backups overwritten in the ordinary course.

Playgent’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

15Cookies & local storage

We use a small set of strictly necessary first-party cookies and local-storage values to keep accounts signed in, remember preferences, and operate gameplay state. We do not place advertising cookies, share device identifiers with ad networks, or run cross-site tracking pixels.

Customers are responsible for any cookie banner or consent flow on their own products, including consents required by ePrivacy and equivalent laws.

16Automated decisions & profiling

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Anti-fraud and abuse-detection systems may flag activity for human review; they do not autonomously terminate accounts.

17Do Not Track

Because there is no industry consensus on how to interpret a browser’s Do Not Track signal, our Service does not respond to it. Where applicable law requires us to honor a recognized opt-out preference signal, we do.

18Changes to this Policy

We may update this Policy as the Service evolves or as required by law. When we make material changes, we will update the “Last updated” date and provide additional notice as required. Continued use of the Service after the effective date of an update constitutes acceptance of the updated Policy.

19Contact us

For privacy questions, requests, or complaints, write to:

Playgent Inc.
Attn: Data Protection
108 W. 13th Street, Suite 100
Wilmington, DE 19801
United States

privacy@playgent.com

EU/UK residents may also contact us by post at the address above. If you are in the EU and we cannot resolve your concern, you have the right to lodge a complaint with your local supervisory authority. UK residents may complain to the Information Commissioner’s Office (ico.org.uk).

For our terms governing use of the Service, see the Terms of Service.