Data Stewardship & Transparency
At Gamelyra, we build tools for creators. This means we handle creative assets, user data, and technical configurations. Our privacy policy isn't a legal shield—it's a blueprint for how we respect your work and your players' trust.
Scope & Coverage
This policy applies to all visitors, registered developers, and published titles hosted on gamelyra.space. It does not govern data handling within games published by third parties using our tools.
The Data Ledger
We categorize data by its necessity for the core service. Not all data is stored; some is processed transiently.
Account Identity
Email, password (hashed), preferred language, and dashboard preferences. Used solely for authentication and personalization.
Retention: Active + 24 months after closure
Creator Assets
Game code, 3D models, sound files, and documentation uploaded to the platform. You own the IP; we host it for access.
Retention: Until deletion request
Performance Telemetry
Aggregated, anonymized data: frame rates, input latency, crash reports (without personal identifiers). Used to optimize our engine.
Retention: 6 months (aggregate)
Why We Process Data: The Legal Foundations
Under GDPR, every data processing activity must have a lawful basis. We do not rely on "legitimate interest" for core services; our processing is either necessary for contract performance or based on explicit consent.
Contract Performance (Art. 6.1.b)
Processing your email to grant you access to the dashboard is necessary to fulfill our service contract. You cannot opt out of this without closing your account.
Consent (Art. 6.1.a)
Marketing emails, newsletter subscriptions, and public community profiles are strictly opt-in. You can withdraw consent at any time via your account settings.
Legal Obligation (Art. 6.1.c)
We retain financial transaction records for 10 years to comply with Italian tax law (D.P.R. 633/1972). This data is archived separately and accessible only to authorized accounting staff.
Scenario: The Curious Developer
"I'm an indie dev in Torino evaluating Gamelyra for my next mobile RPG. I need to know: if I upload my game assets, do you use them to train AI models or share them with partners?"
Our Answer: No. Your assets are stored solely for your use. We do not train models on user data, nor do we share assets with third parties for any purpose. Our data processing agreement with AWS (our cloud provider) includes strict sub-processor controls.
International Data Transfers
How your data moves across borders, and the safeguards in place.
Italy (Rome)
Primary processing hub. User authentication, project management, and dashboard access.
Germany (Frankfurt)
Disaster recovery site. Encrypted backups stored with AWS EU (Frankfurt) region. GDPR-compliant cloud services.
United States
Partial email routing via SendGrid. Standard Contractual Clauses (SCCs) are in place. No game asset data is processed in the US.
Safeguards
- • All external transfers are documented in our Data Processing Impact Assessment (DPIA).
- • You can request a copy of the SCCs via email to privacy@gamelyra.space.
- • For EU-based users, data never leaves the EEA except for encrypted backups in Germany.
Your Data Rights: A Practical Guide
Right of Access
Request a copy of all personal data we hold about you. We'll provide it within 30 days in a machine-readable format (JSON).
Right to Rectification
Correct inaccurate personal data (e.g., email address, name) directly in your account settings.
Right to Erasure
Request deletion of your account and associated data. Exceptions apply for legal obligations (e.g., tax records).
Right to Restrict Processing
Pause processing of your data in specific circumstances (e.g., contesting accuracy). We will keep it stored but not used.
Right to Data Portability
Receive your data in a structured, commonly used format to transfer it to another service (e.g., your game assets).
Right to Object
Object to processing based on legitimate interest. We will assess your request and may discontinue processing.
To exercise these rights, contact our DPO at privacy@gamelyra.space.
Request Your DataKey Terms & Definitions
The entity that determines the purposes and means of processing personal data. Gamelyra S.r.l. is the sole data controller for the platform.
Any operation performed on personal data, including collection, storage, modification, retrieval, and deletion. Our infrastructure is built to minimize unnecessary processing.
An entity that processes data on behalf of the controller. AWS (Amazon Web Services) is our primary processor for hosting and storage.
Non-personal, anonymized statistics (e.g., "10% of our games run at 60 FPS on Android 13"). This data is used for platform improvement and cannot be linked back to individuals.
The duration for which personal data is stored. Ranges from 6 months (telemetry) to 10 years (tax records) based on the legal basis for processing.
A GDPR legal basis we use sparingly, primarily for security monitoring (fraud prevention). We conduct balancing tests to ensure your rights override our interests.
Have Questions About Your Data?
We're committed to transparency. For specific concerns or to submit a formal data subject request, contact our designated Data Protection Officer.
Policy Updates
We may update this policy to reflect changes in our services or legal requirements. Substantial changes will be communicated via email and in-app notifications.