Data Protection & Privacy Policy

GameDataCore.AI Ltd (Company number 16376407)
Last Updated: February 2026
Effective Date: February 2026

Your Privacy Matters

At GameDataCore.AI, we are committed to protecting your privacy and being transparent about how we collect, use, and protect your data. This policy explains our data practices in plain language and outlines your rights under the General Data Protection Regulation (GDPR) and the UK GDPR.

Who We Are

GameDataCore.AI Ltd is a decision-intelligence company for the games industry. We provide:

The GameDataCore Platform — a SaaS platform with analytical modules ("Cores") such as CoreFeedback, CoreArchetype, CoreCommunity, CoreVision, CorePlanning, and CoreDeal, accessed via seat-based subscription.
Commissioned Decision Reports — custom evidence assessments delivered as PDF documents (Directional Brief and, optionally, Defensibility Pack).
Pilot Programs — cohort-based programs (e.g. the CoreFeedback Pilot) offered from time to time, typically free and by application.

We help game developers, publishers, and industry professionals make evidence-backed decisions using publicly available gaming data, player behaviour analysis, and psychologically grounded models.

Company Details:

Registered Name: GameDataCore.AI Ltd
Company Registration: 16376407 (United Kingdom)
Registered Address: 95A Gloucester Road, Brighton, BN1 4AP, UK
Data Protection Officer: Simon Sparks

Email: privacy@gamedatacore.ai
Website: gamedatacore.ai
Postal Address: 95A Gloucester Road, Brighton, BN1 4AP, UK

What Data We Process

For Our Business Customers (Platform Subscribers and Report Clients)

When you use our Platform, commission a Decision Report, or participate in a Pilot Program, we process:

Account Information:

Business contact details (name, email, company)
Account credentials and preferences
Support communications and service usage

Payment and Billing Information:

Payment processing is handled by Stripe. Stripe collects and processes your payment card details, billing address, and transaction data in accordance with their privacy policy and PCI-DSS standards.
We do not store your full payment card numbers or payment credentials on our systems.
We receive and retain transaction confirmation data necessary for service delivery (e.g. transaction ID, amount, date, customer email, subscription status).
As the seller, GameDataCore.AI Ltd is the data controller for your billing and transaction records. Stripe acts as our data processor for payment processing.

Why We Need This: To provide our Platform and Services, manage your account, process payments, and deliver the reports or outputs you have engaged us for.

Legal Basis: We process this data to fulfil our contract with you (GDPR Art. 6(1)(b)) and for our legitimate interests in operating our business (GDPR Art. 6(1)(f)).

Platform Usage Data

When you use the Platform, we collect:

Feature usage and interaction data (e.g. which Cores you use, analyses you run, Credits consumed)
Technical data (browser type, device, IP address)
Error and performance logs

Why We Need This: To operate, maintain, and improve the Platform, provide support, and ensure security.

Legal Basis: Legitimate interest in maintaining and improving our services (GDPR Art. 6(1)(f)).

Steam and Gaming Data (Public Information)

We analyse publicly available data from Steam and other gaming platforms to create industry insights and power our analytical Cores:

Data Sources & Collection Methods:

Official APIs: Steam Web API, IGDB API (via commercial agreement with Twitch)
Web scraping: Automated collection from publicly accessible sources where permitted
Platform sources: Steam, Discord, Reddit, and other gaming communities

What We Analyse:

Public Steam reviews and ratings
Game metadata (titles, release dates, developers, publishers)
Community discussions and sentiment across multiple platforms
Public metrics (player counts, review scores, release data)
Market trends and player feedback patterns
Public Steam profile information (gaming activity, game libraries, achievement patterns)

What We Create:

Decision Reports with industry benchmarks and advanced analytics
Platform Outputs: cluster analyses, archetype splits, signal tracking, evidence quality scores, emotional journey maps, and decision records
Player segment insights and market analysis
Anonymous, aggregated industry statistics and patterns

Fair Use Principles: We collect public data under fair use principles, transforming raw data into structured analytical outputs that benefit the gaming industry. We respect platform terms of service, robots.txt files, and implement rate limiting to minimise impact on source platforms.

Why We Do This: To provide decision-intelligence services to the gaming industry, including understanding player segments, gaming behaviour patterns, and market dynamics.

Legal Basis: Legitimate interest in providing industry analytics and decision-intelligence services (GDPR Art. 6(1)(f)). This is balanced against individual privacy rights, considering the public nature of the data and the significant value our analysis provides.

Automated Processing & AI Analysis

How We Use Automated Systems

Our Platform and Services use advanced artificial intelligence and machine learning to analyse gaming data:

Advanced Content Analysis:

Emotional intelligence: analysis that goes beyond basic sentiment to understand complex player experiences
Gaming-specific understanding: models trained on gaming culture, communication patterns, and industry context
Pattern recognition: identification of behavioural patterns, engagement trends, and market dynamics
Semantic processing: advanced natural language understanding, not simple keyword matching

Player Behaviour Analysis:

Profile analysis: Steam levels, game libraries, achievement patterns, and gaming activity
Behavioural classification: players categorised into gaming preference types, motivational archetypes, and engagement patterns
Market insights: aggregated analysis of player segments and gaming trends

Local AI Infrastructure:

All AI analysis is performed entirely on our own controlled systems. No gaming data or personal information is ever processed by external AI services, cloud AI providers, or third-party machine learning platforms. This ensures complete data security and privacy protection.

Your Rights Regarding Automated Processing

Our automated processes serve as decision-support tools rather than making decisions that significantly affect individuals. However, you have the right to:

Request human review of automated analysis results
Express your viewpoint on automated processing outcomes
Contest conclusions derived from our AI systems
Understand the general approach of our algorithmic analyses
Request information about any profiling related to your data (if you are a Steam user)
Object to the processing of your public data for analysis purposes

All final business decisions regarding game development or strategy are made by human users of our Platform, not by our automated systems.

How We Use Your Data

Our Core Services

Platform (Cores): We analyse public reviews, player profiles, community signals, and market data to generate structured, explainable evidence through our analytical Cores (e.g. CoreFeedback for review analysis, CoreArchetype for player profiling). Platform subscribers access these through their account.
Decision Reports: We analyse public data relevant to the commissioned question(s) and deliver evidence as PDF documents (Directional Brief and/or Defensibility Pack).
Industry Benchmarking: We create anonymous, aggregated statistics to help game developers understand industry standards and performance metrics.
Platform Improvement: As more teams use the Platform, aggregated and anonymised data helps calibrate behavioural baselines, refine archetypes, and strengthen causal confidence — improving the system for all users without exposing individual data.

Data Processing Principles

Purpose Limitation: We only use data for the specific purposes outlined in this policy.
Data Minimisation: We collect and process only what is necessary for our Services.
Accuracy: We maintain accurate and up-to-date information.
Security: We protect all data with appropriate technical and organisational measures.
Transparency: We are open about our data practices and your rights.

Your Rights Under GDPR

Whether you are a Steam user whose public reviews we analyse, a Platform subscriber, or a Decision Report client, you have important rights:

Right to Know (Access)

You can request information about what data we have about you, how we use it and why, who we share it with, and how long we keep it.

Right to Correct (Rectification)

You can ask us to correct any inaccurate personal data we hold about you.

Right to Delete (Erasure)

You can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for our original purpose, you withdraw consent (where applicable), or the data has been unlawfully processed.

For Steam users: since we process publicly available data for legitimate business purposes, deletion requests will be evaluated case-by-case considering legal requirements and public interest.

Right to Restrict Processing

You can ask us to temporarily stop processing your data while we resolve any disputes about accuracy or legitimate use.

Right to Data Portability

For data processed based on consent or contract, you can request a copy in a standard, machine-readable format (e.g. CSV, JSON).

Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we have compelling reasons that override your interests.

Right to Withdraw Consent

Where we rely on your consent, you can withdraw it at any time without affecting previous processing.

How to Exercise Your Rights

Make a Request:

Email: requests@gamedatacore.ai
Subject Line: "Data Subject Request — [Your Request Type]"
Include: Your name, contact information, and specific request details

What Happens Next:

We will confirm receipt within 5 business days.
We may ask for additional information to verify your identity.
We will respond within 30 days (60 days for complex requests).
There is no charge for most requests (excessive or repeated requests may incur a fee).

For Payment-Related Data:

Payment processing is handled by Stripe as our payment processor. GameDataCore.AI Ltd is the data controller for your billing and transaction records. You can exercise your rights by contacting us at requests@gamedatacore.ai and we will handle your request, including coordinating with Stripe where necessary. You may also contact Stripe directly regarding data they hold as a processor.

For Steam Users:

If you are a Steam user requesting information about your public data in our systems, please include:

Your Steam profile URL or username
Your specific request (access, deletion, objection to analysis, etc.)
Any particular aspects you would like us to address

Data Security & Protection

How We Protect Your Data

Technical Measures:

Encryption of data in transit and at rest
Secure database systems with access controls
Local AI infrastructure — all analyses performed on our own controlled systems
Regular security updates and monitoring
API authentication and rate limiting
No external AI service dependencies for data processing

Organisational Measures:

Staff training on data protection
Access controls based on job requirements
Regular security audits and reviews
Incident response procedures
Internal AI processing protocols ensure that data never leaves our systems

Data Breach Response

While we implement robust security measures, we have comprehensive procedures in case of any data breaches:

Immediate Response (0–72 hours):

Detection & Investigation: Prompt investigation to determine nature and scope
Containment: Immediate steps to contain the breach and prevent further access
Risk Assessment: Evaluation of potential impact on affected individuals
Authority Notification: Report to relevant authorities (ICO and other regulators) within 72 hours if required

Individual Notification:

If a breach is likely to result in high risk to your rights and freedoms, we will notify affected users without undue delay, typically within 72 hours of discovery. Notification will include a clear explanation of what happened, what data was involved, what we are doing about it, recommended steps you can take, and direct access to our Data Protection Officer.

We provide regular updates throughout the incident response process and maintain a breach register for regulatory compliance.

Data Retention

Business Customer Data (Platform Subscribers and Report Clients):

Active account data: Retained during your subscription or engagement
Closed accounts: Up to 12 months for reactivation and support
Decision Report Deliverables: We are not obliged to retain copies indefinitely; you are responsible for keeping your own copies
Legal compliance: Up to 7 years for tax, accounting, and billing records

Steam and Gaming Data:

Raw review data: Up to 24 months for operational analysis, then aggregated for historical benchmarking
Processed analytics and benchmarks: Retained as long as necessary for industry analysis and historical trend comparison
Player behaviour analysis: Retained for ongoing market research and industry benchmarking purposes
Steam profile analysis: Retained for player segmentation insights and long-term market analysis
Steam ID mappings: Hashed and retained for consistency and fraud prevention purposes
Game metadata: Retained indefinitely as non-personal historical records

Historical data is essential for creating accurate industry benchmarks and trend analysis. We retain aggregated and processed data based on our legitimate interest in providing comprehensive gaming industry analytics.

Usage and Communications:

Detailed usage logs: 90 days for security and debugging
Aggregated statistics: Up to 24 months for product improvement
Support communications: 24 months after resolution

Payment Information:

Billing and transaction records: 7 years for legal compliance
Payment processing: Handled by Stripe per their retention policies; we do not store full card details

Marketing Data: Until you unsubscribe or withdraw consent.

Sharing Your Data

Who We Share With

We may share data with:

Stripe (payment processor): Processes payments on our behalf; does not use your data for their own purposes beyond payment processing
Cloud infrastructure providers: Hosting and database services only — no data processing beyond storage and delivery
Legal authorities: When required by law

We never:

Sell your personal data
Share data for third-party marketing
Use your data for purposes beyond our stated Services
Send data to external AI services — all AI analysis is performed locally on our own systems

Third-Party Integrations:

If you connect third-party services (e.g. issue tracking, project management tools) to our Platform, we may receive data from those services according to your settings and their terms of service. This data integration is separate from our AI analysis pipeline.

International Transfers

Some of our service providers may be located outside the European Economic Area and United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place:

Adequacy Decisions: European Commission adequacy decisions for certain countries
Standard Contractual Clauses: EU-approved data transfer agreements
Binding Corporate Rules: For transfers within multinational organisations
Certification Schemes: Industry-standard data protection certifications

We ensure all international transfers comply with UK GDPR, EU GDPR, and other applicable data protection laws.

Cookies & Website Analytics

What Cookies We Use

Essential Cookies: Required for website functionality and security
Analytics Cookies: Help us understand how visitors use our website (with your consent)
Preference Cookies: Remember your settings and preferences

Your Cookie Choices

You can manage cookie preferences through our cookie consent banner, your browser settings, or opt-out links in our communications. Disabling essential cookies may affect website functionality.

Children's Privacy

Our Platform and Services are designed for business use and are not directed at individuals under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe we have collected information from your child, please contact us immediately at privacy@gamedatacore.ai and we will take prompt action to delete such information.

Changes to This Policy

We may update this policy to reflect changes in data protection laws, new features or Services, or feedback from customers and users.

When we update:

We will post the updated policy on our website.
We will notify Platform subscribers and active clients of significant changes (e.g. by email or via the Platform).
We will update the "Last Updated" date at the top.

Contact & Questions

General Privacy Questions:
Email: privacy@gamedatacore.ai
Response Time: Within 5 business days

Data Subject Requests:
Email: requests@gamedatacore.ai
Response Time: Within 30 days

Payment and Billing Data Requests:
Contact us at requests@gamedatacore.ai. As the data controller for billing records, we will handle your request and coordinate with Stripe where necessary.

Security Concerns:
Email: security@gamedatacore.ai
Response Time: Within 24 hours for urgent matters

Business Inquiries:
Email: contact@gamedatacore.ai
Website: gamedatacore.ai

Regulatory Authority

ICO Registration

GameDataCore.AI Ltd is registered with the UK Information Commissioner's Office (ICO) as a data controller.

Company number: 16376407
ICO Registration Number: ZB954018
Registration Date: 07 August 2025

You can verify our registration on the ICO public register at ico.org.uk.

If you are not satisfied with how we handle your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

For UK residents: Information Commissioner's Office (ICO) at ico.org.uk
For EU residents: Find your local authority at edpb.europa.eu

Summary of Your Rights

Right	What It Means	How to Exercise
Access	Get information about your data	Email requests@gamedatacore.ai
Rectification	Correct inaccurate data	Email requests@gamedatacore.ai
Erasure	Delete your data (in certain circumstances)	Email requests@gamedatacore.ai
Restrict	Temporarily stop processing	Email requests@gamedatacore.ai
Portability	Get your data in a standard format	Email requests@gamedatacore.ai
Object	Stop processing based on legitimate interests	Email requests@gamedatacore.ai
Withdraw Consent	Remove permission for consent-based processing	Email privacy@gamedatacore.ai

Our Commitment

GameDataCore.AI is committed to:

Transparency: Clear communication about our data practices
Respect: Honouring your privacy rights and preferences
Security: Protecting your data with industry-standard measures
Compliance: Following all applicable data protection laws
Improvement: Continuously enhancing our privacy practices

Document Version: 2.0
Next Review: August 2026