Privacy Policy

Last updated: 16 April 2026

1. Introduction

GameForge ("we", "us", "our") is operated by HyberHost.

• Data Controller: Steven Smith trading as HyberHost
• Address: HyberHost, Bartle House, Oxford Court, Manchester, M2 3WQ, United Kingdom
• Contact: [email protected]
• Data protection contact: [email protected]

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU General Data Protection Regulation (EU GDPR).

2. Information We Collect

We may collect and process the following categories of personal data:

• Identity data: Name, email address
• Billing data: Payment details, billing address, transaction history
• Account data: Login information, IP addresses, account activity
• Service data: Server configuration, usage data, logs
• Support data: Communications with our support team
• Technical data: Browser type, device information, system logs

We may also receive personal data from third-party providers, including payment processors and authentication providers, where you interact with those services.

3. How We Use Your Data and Legal Basis

We process personal data under the following lawful bases:

Contract Performance

• Providing and maintaining our services
• Managing your account
• Delivering customer support

Legal Obligation

• Complying with tax, accounting, and regulatory requirements
• Responding to lawful requests from authorities

Legitimate Interests

• Monitoring and improving our services
• Preventing fraud, abuse, and security incidents
• Ensuring platform stability and performance

Where we rely on legitimate interests, we ensure that such processing is necessary and does not override your rights and freedoms.

Consent

• Sending marketing communications (where you have opted in)

You may withdraw your consent at any time.

4. Data Sharing

We do not sell your personal data.

We may share your data with:

• Payment processors (e.g. Stripe, PayPal)
• Infrastructure and hosting providers
• Security and content delivery providers
• Support and communication platforms
• Legal, regulatory, or law enforcement authorities where required

All third parties are required to process personal data securely and in accordance with applicable laws.

5. International Data Transfers

Your personal data may be processed in:

• United Kingdom
• Canada

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as adequacy regulations or equivalent protections.

6. Data Retention

When you request deletion of your data, we remove it from active systems where technically possible.

However, copies of data may continue to exist in secure backups and system snapshots.

We maintain two types of backups:

• Short-term system snapshots: retained for up to 30 days and used for disaster recovery and rapid system restoration
• Long-term backups: retained for up to 6 months for business continuity, disaster recovery, and system integrity

Backups are not part of normal service operations and are only accessed in the event of system failure, data corruption, or disaster recovery scenarios.

Where systems are restored from backups, previously deleted data may temporarily reappear in restored environments. In such cases, deletion states are re-applied as part of normal system reconciliation processes.

Backup data is not used for active processing and is not modified on a per-user basis.

Once backup retention periods expire, data is permanently deleted or overwritten.

7. Your Rights

Under applicable data protection laws, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure of your data (right to be forgotten)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent at any time

The right to erasure is not absolute. We may retain personal data where necessary for:

• Compliance with legal obligations
• Establishment, exercise, or defence of legal claims
• Fraud prevention and security purposes
• Cooperation with law enforcement or regulatory authorities

Where we are required or permitted to retain data, we will restrict processing to the minimum necessary purpose.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been handled unlawfully.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption of data in transit
• Access controls and authentication
• Monitoring and logging
• Security procedures and staff training

9. Data Breaches

In the event of a personal data breach, we will notify affected individuals and relevant authorities where required by law.

10. Automated Decision-Making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updated versions will be published on this page with a revised date.

Continued use of our services constitutes acceptance of the updated policy.

12. Legal Disclosures

We may disclose personal data to law enforcement authorities, regulators, courts, or other public authorities where we are under a legal obligation to do so, or where disclosure is necessary for the establishment, exercise, or defence of legal claims.

We will only disclose data where a valid legal basis exists and requests are properly verified.

Where permitted by law, we may inform you of such disclosures. However, we may be legally prohibited from doing so in certain circumstances, including where notification would prejudice an investigation or where we are subject to a legal restriction on disclosure.

13. Contact

• General: [email protected]
• Data protection: [email protected]