Privacy Policy

Last updated: January 20, 2026

1. Introduction

We respect your privacy and take great care to safeguard it. We do not sell your personal data. This Privacy Policy explains how and why we collect, use, store, and protect your personal data when you use Gamesmith Studio.

We process certain personal data that is necessary to operate our service, provide billing, and communicate with you. This policy also explains your rights under the General Data Protection Regulation (GDPR) and how you can exercise them.

If you have any questions about this policy or our data practices, you can contact us using the details provided below.

2. Who We Are (Data Controller)

For the purposes of the GDPR, the data controller is:

Corenode Software Development
Nova Scotia, Canada
GST ID: 709384366NS0001
Service operated: Gamesmith Studio

Contact for privacy matters:
support@gamesmith.studio

We do not currently appoint a Data Protection Officer (DPO), as we are not legally required to do so.

3. Personal Data We Collect

We collect the following categories of personal data:

Account & Communication Data

  • First name
  • Last name
  • Email address

Billing & Payment Data

  • Billing address
  • Company name (if applicable)
  • Tax ID (if applicable)
  • Payment card information (processed by Stripe only)

We do not store billing & payment data on our own systems.

Platform & Project Data

  • Password hash (one-way cryptographic hash)
  • Stripe customer ID
  • Billing status
  • Project data and files you create or upload

4. Legal Bases for Processing

We process your personal data under the following lawful bases (Article 6 GDPR):

Purpose Legal Basis
Account creation & service delivery Performance of a contract
Billing & payments Performance of a contract & legal obligation
Customer communication Legitimate interests
Platform security Legitimate interests
Tax and accounting compliance Legal obligation

Where processing is based on legitimate interests, we ensure that these interests do not override your fundamental rights and freedoms.

5. How We Use Your Data

We use your personal data to:

  • Create and manage your Gamesmith Studio account
  • Facilitate user invitations and collaboration
  • Process payments and manage subscriptions
  • Communicate with you about the service
  • Secure and maintain the platform
  • Comply with legal and tax obligations

6. Data Processors & Third Parties

We use trusted third-party service providers (“data processors”) to operate our service:

  • Stripe – payment processing and billing
  • MongoDB Atlas – database hosting
  • Tigris – file storage

These processors act only on our instructions and are contractually bound to protect your data. We do not sell your data and do not share it with third parties for marketing purposes.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including Canada and the United States.

Where such transfers occur, we rely on appropriate safeguards, such as:

  • Adequacy decisions (where applicable)
  • Standard Contractual Clauses approved by the European Commission

You may request more information about these safeguards by contacting us.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy:

  • Account data: retained while your account is active
  • Billing and tax data: retained as required by applicable law
  • Project data: retained until deleted by you or 365 days after account termination
  • Logs and security data: retained for a limited period for security purposes

When data is no longer required, it is securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit and at rest
  • Network isolation and restricted database access
  • One-time, limited developer access when required
  • Secure credential storage using one-way password hashing

Our infrastructure providers maintain industry-recognized security certifications, including SOC 2 Type II compliance.

10. Your GDPR Rights

If you are located in the EU/EEA, you have the following rights:

  • Right of access – obtain a copy of your data
  • Right to rectification – correct inaccurate data
  • Right to erasure – request deletion of your data
  • Right to restriction – limit processing in certain cases
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time (where applicable)
  • Right to lodge a complaint with a supervisory authority

11. How to Exercise Your Rights

To exercise your rights, please contact us at:

support@gamesmith.studio

We may need to verify your identity before responding. We will respond to all valid requests within 30 days, as required by GDPR.

12. Mandatory Data & Consequences

Providing certain personal data is required to use Gamesmith Studio. If you do not provide required information (such as an email address or billing details), we may be unable to provide the service.

13. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be communicated through the service or by email.