Data Protection & Privacy Policy

Last updated: 14/08/2025

GameDataCore.AI **[**Company number 16376407]

Last Updated: August 2025 Effective Date: August 2025

Automated Processing & AI Analysis

How We Use Automated Systems

Our platform uses advanced artificial intelligence and machine learning to analyse gaming data: Advanced Content Analysis: Our sophisticated AI system analyses gaming content to understand player experiences and market trends:

  • Emotional Intelligence: Advanced analysis that goes beyond basic sentiment to understand complex player emotions and experiences
  • Gaming-Specific Understanding: AI trained specifically on gaming culture, communication patterns, and industry context
  • Pattern Recognition: Identification of behavioural patterns, engagement trends, and market dynamics
  • Semantic Processing: Advanced natural language understanding rather than simple keyword matching Local AI Infrastructure: All AI analysis is performed entirely on our own controlled systems. No gaming data or personal information is ever processed by external AI services, ensuring complete data security and privacy protection. Player Behaviour Analysis: We analyse public Steam profiles to understand gaming preferences and behaviours:
  • Profile Analysis: Steam levels, game libraries, achievement patterns, and gaming activity
  • Behavioural Classification: Players categorised into gaming preference types and engagement patterns
  • Market Insights: Aggregated analysis of player segments and gaming trends Steam Data Processing: We extract insights from public Steam data to:
  • Link patterns between player profiles and feedback content
  • Understand the context of reviews and community sentiment
  • Generate insights about different player segment preferences and behaviours
  • Create market intelligence for gaming industry analysis

Your Rights Regarding Automated Processing

These automated processes serve as decision-support tools rather than making decisions that significantly affect individuals. However, you have the right to:

  • Request human review of automated analysis results
  • Express your viewpoint on automated processing outcomes
  • Contest conclusions derived from our AI systems
  • Understand the general approach of our algorithmic analyses
  • Request information about any profiling related to your data (if you're a Steam user)
  • Object to the processing of your public data for analysis purposes Important: All final business decisions regarding game development or strategy are made by human users of our platform, not by our automated systems.

Data Breach Response

If a Security Incident Occurs

While we implement robust security measures, we have comprehensive procedures in case of any data breaches: Immediate Response (0-72 hours):

  1. Detection & Investigation: Prompt investigation to determine nature and scope
  2. Containment: Immediate steps to contain the breach and prevent further access
  3. Risk Assessment: Evaluation of potential impact on affected individuals
  4. Authority Notification: Report to relevant authorities (ICO and other regulators) within 72 hours if required Individual Notification: If a breach is likely to result in high risk to your rights and freedoms, we will notify affected users:
  • Timing: Without undue delay, typically within 72 hours of discovery
  • Content: Clear explanation of what happened, what data was involved, and what we're doing about it
  • Guidance: Recommended steps you can take to protect yourself
  • Contact: Direct access to our Data Protection Officer for questions Ongoing Communication: We provide regular updates throughout the incident response process and maintain a breach register for regulatory compliance.

Children's Privacy

Our platform and services are designed for business use and are not directed at individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at privacy@gamedatacore.ai and we will take prompt action to delete such information.

Your Privacy Matters

At GameDataCore.AI, we're committed to protecting your privacy and being transparent about how we collect, use, and protect your data. This policy explains our data practices in plain English and outlines your rights under the General Data Protection Regulation (GDPR).

Who We Are

GameDataCore.AI Ltd is a B2B analytics platform that provides gaming industry insights through our CoreScore Reports and real-time feedback analysis. We help game developers, publishers, and industry professionals make data-driven decisions using publicly available gaming data. Company Details:

  • Registered Name: GameDataCore.AI Ltd
  • Company Registration: 16376407 (United Kingdom)
  • Registered Address: 95A Gloucester Road, Brighton, BN1 4AP, UK
  • Data Protection Officer: Simon Sparks Contact Us:
  • Email: privacy@gamedatacore.ai
  • Website: gamedatacore.ai
  • Postal Address: 95A Gloucester Road, Brighton, BN1 4AP, UK

What Data We Process

For Our Business Customers

When you use our platform as a business customer, we process: Account Information:

  • Business contact details (name, email, company)
  • Account credentials and preferences
  • Support communications and service usage Payment and Billing Information (Processed by Paddle):
  • Payment processing, billing, and transaction history are handled exclusively by Paddle as our Merchant of Record
  • We do not store or process payment card information, billing addresses, or payment credentials
  • Paddle collects and processes this information according to their privacy policy
  • We receive only transaction confirmation data necessary for service delivery (order ID, purchase confirmation, customer email for account creation) Why We Need This: To provide our analytics services, manage your account, and deliver the reports you've subscribed to. Legal Basis: We process this data to fulfil our service contract with you. Paddle processes payment data based on their role as Merchant of Record and their contractual relationship with customers.

Steam Gaming Data (Public Information)

We analyse publicly available Steam data and other gaming platforms to create industry insights: Data Sources & Collection Methods:

  • Official APIs: Steam Web API, IGDB API (via commercial agreement with Twitch)
  • Web Scraping: Automated collection from publicly accessible sources where permitted
  • Platform Sources: Steam, Discord, Reddit, and other gaming communities What We Analyse:
  • Public Steam reviews and ratings
  • Game metadata (titles, release dates, developers, publishers)
  • Community discussions and sentiment across multiple platforms
  • Public metrics (player counts, review scores, release data)
  • Market trends and player feedback patterns
  • Cross-platform gaming discussions (where publicly available) Advanced Analysis Capabilities: We perform sophisticated analysis of gaming data to understand player experiences and market dynamics:
  • Content Understanding: Advanced analysis of player feedback and gaming discussions
  • Behavioural Pattern Recognition: Identification of gaming preferences, engagement patterns, and player behaviours
  • Market Intelligence: Analysis of trends, sentiment patterns, and industry dynamics
  • Player Segmentation: Understanding different types of players and their preferences based on public gaming activity Steam Player Profile Analysis: We analyse publicly available Steam profile information to understand gaming behaviours:
  • Gaming Activity: Analysis of public gaming patterns, preferences, and engagement levels
  • Player Classification: Categorisation of players based on their public gaming behaviours and preferences
  • Market Insights: Aggregated analysis of player segments and gaming trends What We Create:
  • CoreScore Reports with industry benchmarks and advanced analytics
  • Player segment insights and market analysis
  • Real-time feedback analysis with sophisticated content understanding
  • Market trend insights and competitive analysis
  • Anonymous, aggregated industry statistics and patterns
  • Gaming behaviour analysis for market research
  • Advanced analytics reports for game development teams
  • Player preference and engagement insights

Fair Use Principles: We collect public data under fair use principles as we transform raw data into valuable analytics and insights that benefit the gaming industry. We respect platform terms of service, robots.txt files, and implement rate limiting to minimise impact on source platforms. Why We Do This: To provide valuable market research and analytics services to the gaming industry, including understanding player segments and gaming behaviour patterns. Legal Basis: We process this public data based on our legitimate interest in providing industry analytics and historical benchmarking services. Historical data is essential for accurate trend analysis and industry insights. This legitimate interest is balanced against individual privacy rights, considering the public nature of Steam data and the significant value our analysis provides to the gaming industry.

How We Use Your Data

Our Core Services

CoreScore Reports: We analyse public Steam reviews to create comprehensive game performance reports, sentiment analysis, and market insights for our business customers. Real-Time Analytics: We monitor public feedback to provide live updates on game reception, community sentiment, and market trends. Industry Benchmarking: We create anonymous, aggregated statistics to help game developers understand industry standards and performance metrics.

Data Processing Principles

We follow these key principles:

  • Purpose Limitation: We only use data for the specific purposes outlined above
  • Data Minimisation: We collect and process only what's necessary for our services
  • Accuracy: We maintain accurate and up-to-date information
  • Security: We protect all data with appropriate technical and organisational measures
  • Transparency: We're open about our data practices and your rights

Your Rights Under GDPR

Whether you're a Steam user whose public reviews we analyse or a business customer using our platform, you have important rights:

Right to Know (Access)

You can request information about:

  • What data we have about you
  • How we use it and why
  • Who we share it with
  • How long we keep it

Right to Correct (Rectification)

You can ask us to correct any inaccurate personal data we hold about you.

Right to Delete (Erasure)

You can request deletion of your personal data in certain circumstances, such as when:

  • The data is no longer necessary for our original purpose
  • You withdraw consent (where applicable)
  • The data has been unlawfully processed Note: For Steam users, since we process publicly available data for legitimate business purposes, deletion requests will be evaluated case-by-case considering legal requirements and public interest.

Right to Restrict Processing

You can ask us to temporarily stop processing your data while we resolve any disputes about accuracy or legitimate use.

Right to Data Portability

For data processed based on consent or contract, you can request a copy in a standard, machine-readable format.

Right to Object

You can object to processing based on legitimate interests. We'll stop processing unless we have compelling reasons that override your interests.

Right to Withdraw Consent

Where we rely on your consent, you can withdraw it at any time without affecting previous processing.

How to Exercise Your Rights

Make a Request:

  • Email: requests@gamedatacore.ai
  • Subject Line: "Data Subject Request - [Your Request Type]"
  • Include: Your name, contact information, and specific request details What Happens Next:
  1. We'll confirm receipt within 5 business days
  2. We may ask for additional information to verify your identity
  3. We'll respond to your request within 30 days (60 days for complex requests)
  4. There's no charge for most requests (excessive or repeated requests may incur a fee) For Payment-Related Data: Payment and billing information is processed by Paddle as our Merchant of Record. For requests related to:
  • Payment history and transaction records
  • Billing addresses and payment methods
  • Tax information and invoices
  • Payment disputes and refunds You should contact Paddle directly through their privacy contact methods, as they are the data controller for this information. We can assist in facilitating contact with Paddle if needed. For Steam Users: If you're a Steam user requesting information about your public data in our systems, please include:
  • Your Steam profile URL or username
  • Your specific request (access, deletion, objection to analysis, etc.)
  • Any particular aspects you'd like us to address We'll help you locate relevant information, including any analysis or profiling we may have performed using your public Steam data.

Data Security & Protection

How We Protect Your Data

Technical Measures:

  • Encryption of data in transit and at rest
  • Secure database systems with access controls
  • Local AI infrastructure - all analysis performed on our own controlled systems
  • Regular security updates and monitoring
  • API authentication and rate limiting
  • No external AI service dependencies for data processing Organisational Measures:
  • Staff training on data protection
  • Access controls based on job requirements
  • Regular security audits and reviews
  • Incident response procedures
  • Internal AI processing protocols ensure that data never leaves our systems

Data Retention

Business Customer Data:

  • Active account data: Retained during subscription
  • Closed accounts: Up to 12 months for reactivation and support
  • Legal compliance: Up to 7 years for tax and accounting records Steam Review Data:
  • Raw review data: Up to 24 months for operational analysis, then aggregated for historical benchmarking
  • Processed analytics and benchmarks: Retained as long as necessary for industry analysis and historical trend comparison
  • Player behaviour analysis: Retained for ongoing market research and industry benchmarking purposes
  • Steam profile analysis: Retained for player segmentation insights and long-term market analysis
  • Steam ID mappings: Hashed and retained for consistency and fraud prevention purposes
  • Game metadata: Retained indefinitely as non-personal historical records Note: Historical data is essential for creating accurate industry benchmarks and trend analysis. We retain aggregated and processed data based on our legitimate interest in providing comprehensive gaming industry analytics. Usage and Communications:
  • Detailed usage logs: 90 days for security and debugging
  • Aggregated statistics: Up to 24 months for product improvement
  • Support communications: 24 months after resolution Payment Information:
  • Billing records: 7 years for legal compliance
  • Payment processing: Handled by Paddle (our Merchant of Record) per their retention policies Marketing Data: Until you unsubscribe or withdraw consent

Sharing Your Data

Who We Share With

We may share data with:

  • Payment Processor: Paddle acts as our Merchant of Record for all transactions, meaning they are the seller of record and handle all payment processing, tax collection, and billing on our behalf
  • Cloud infrastructure providers (hosting and database services only - no data processing)
  • Legal authorities (when required by law) We never:
  • Sell your personal data
  • Share data for third-party marketing
  • Use your data for purposes beyond our stated services
  • Send data to external AI services - all AI analysis is performed locally on our own systems
  • Process payments directly - all payment processing is handled by Paddle as Merchant of Record Payment Data Handling: As Paddle acts as our Merchant of Record, all payment-related data including:
  • Credit card information and payment credentials
  • Billing addresses and payment history
  • Tax calculations and collection
  • Transaction processing and dispute resolution is handled exclusively by Paddle according to their privacy policy and security standards. AI Processing Security: All artificial intelligence analysis, including our advanced content analysis and player behaviour classification, is performed entirely within our own controlled infrastructure. No gaming data or personal information is ever sent to external AI services, cloud AI providers, or third-party machine learning platforms. Third-Party Integrations: If you connect third-party services (issue tracking, project management tools) to our platform, we may receive data from these services according to your privacy settings and their terms of service. This data integration is separate from our AI analysis pipeline and payment processing systems.

International Transfers

International Transfers

Some of our service providers are located outside the European Economic Area and United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: European Commission adequacy decisions for certain countries
  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Binding Corporate Rules: For transfers within multinational organisations
  • Certification Schemes: Industry-standard data protection certifications We ensure all international transfers comply with UK GDPR, EU GDPR, and other applicable data protection laws.

Cookies & Website Analytics

What Cookies We Use

Essential Cookies: Required for website functionality and security Analytics Cookies: Help us understand how visitors use our website (with your consent) Preference Cookies: Remember your settings and preferences

Your Cookie Choices

You can manage cookie preferences through:

  • Our cookie consent banner
  • Your browser settings
  • Opt-out links in our communications Note: Disabling essential cookies may affect website functionality.

Changes to This Policy

We may update this policy to reflect:

  • Changes in data protection laws
  • New features or services
  • Feedback from customers and users When We Update:
  • We'll post the updated policy on our website
  • We'll notify business customers of significant changes
  • We'll update the "Last Updated" date at the top Staying Informed:
  • Check our website periodically for updates
  • Subscribe to our privacy updates (optional)
  • Contact us if you have questions about changes

Contact & Questions

General Privacy Questions

Email: privacy@gamedatacore.ai Response Time: Within 5 business days

Data Subject Requests

Email: requests@gamedatacore.ai Response Time: Within 30 days

Payment and Billing Data Requests

For payment-related data requests: Contact Paddle directly as they are the data controller for payment information, or contact us and we can facilitate the connection.

Security Concerns

Email: security@gamedatacore.ai Response Time: Within 24 hours for urgent matters

Business Inquiries

Email: contact@gamedatacore.ai Website: gamedatacore.ai

Regulatory Authority

ICO Registration GameDataCore.AI Ltd is registered with the UK Information Commissioner’s Office (ICO) as a data controller. Company number: 16376407 Registration Number: ZB954018 Registration Date: 07 August 2025 You can verify our registration on the ICO public register at: https://ico.org.uk/ESDWebPages/Search If you're not satisfied with how we handle your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. For EU residents: You can find your local authority at edpb.europa.eu For UK residents: Information Commissioner's Office (ICO) at ico.org.uk

Summary of Your Rights

| Right | What It Means | How to Exercise | | ---| ---| --- | | Access | Get information about your data | Email requests@gamedatacore.ai | | Rectification | Correct inaccurate data | Email requests@gamedatacore.ai | | Erasure | Delete your data (in certain circumstances) | Email requests@gamedatacore.ai | | Restrict | Temporarily stop processing | Email requests@gamedatacore.ai | | Portability | Get your data in a standard format | Email requests@gamedatacore.ai | | Object | Stop processing based on legitimate interests | Email requests@gamedatacore.ai | | Withdraw Consent | Remove permission for consent-based processing | Email privacy@gamedatacore.ai |

Our Commitment

GameDataCore.AI is committed to:

  • Transparency: Clear communication about our data practices
  • Respect: Honouring your privacy rights and preferences
  • Security: Protecting your data with industry-standard measures
  • Compliance: Following all applicable data protection laws
  • Improvement: Continuously enhancing our privacy practices

This policy applies to all data processing activities by GameDataCore.AI Limited. For technical documentation and detailed compliance information, business customers can access additional resources through their account portal. Document Version: 1.0 Next Review: February 2026