Last updated: February 2026
Gamdato ("we", "us", or "our") operates the gamdato.com website and provides backend-as-a-service (BaaS) for game developers, including online leaderboards, cloud saving, achievements, and player management. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services. By accessing or using Gamdato, you consent to the practices described in this policy.
We collect various types of information depending on how you interact with our platform. This includes information you provide directly, information collected automatically, and information from third-party services.
When you create an account through our authentication provider (Clerk), we collect your email address, first and last name, profile picture (if provided), and phone number (if provided). We also store your user ID, account creation date, and role within the platform.
When you use our API services, we collect and store game configuration data (game names, descriptions, API keys), leaderboard data (player nicknames, scores, custom fields, rankings), cloud save data (player progress, game states), achievement data (unlock status, timestamps), and player identification data (player IDs, session tokens, nicknames).
We automatically collect technical information when you visit our website, including your IP address, browser type and version (user agent), device type (desktop, mobile, or tablet), pages visited and navigation paths, session duration and activity timestamps, referring URLs, and language preferences stored in cookies.
When you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID, subscription ID, billing period, payment status, transaction amounts, and the email associated with the payment. We do not store your full credit card number, CVV, or other sensitive payment card details on our servers; this information is processed and stored exclusively by Stripe in compliance with PCI DSS standards.
We collect aggregated analytics data to improve our services, including session counts and duration, page visit frequency and popular pages, bounce rates, device and browser distribution, and interaction data with marketing popups (views, clicks, dismissals).
We use the information we collect to: provide, operate, and maintain our backend services for game developers; manage your account, subscriptions, and billing; process leaderboard submissions, cloud saves, and achievements for your games; send transactional emails related to your account (confirmations, security alerts, billing notifications); monitor and analyze usage patterns to improve our platform and user experience; enforce our terms of service, detect abuse, and prevent fraud; respond to your support requests and communications; and comply with legal obligations.
We process your personal data based on the following legal grounds: (a) Contract Performance - processing necessary to provide you with the services you requested when you created your account; (b) Legitimate Interests - processing for our legitimate business interests such as fraud prevention, platform security, and service improvement, where those interests are not overridden by your rights; (c) Consent - where you have given specific consent for certain processing activities such as marketing communications; (d) Legal Obligation - processing necessary to comply with applicable laws and regulations.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances: with service providers who assist us in operating our platform, with law enforcement or regulatory authorities when required by law or to protect our rights, in connection with a merger, acquisition, or sale of assets (you will be notified), and when you have given explicit consent.
We use the following third-party services that may process your data: Clerk (authentication and user management - processes your login credentials, profile data, and session information); Stripe (payment processing - processes your payment method, billing address, and transaction data); Supabase (database hosting - stores your account data, game data, and analytics on PostgreSQL infrastructure); and Resend (transactional email - processes your email address to deliver account-related notifications). Each provider operates under their own privacy policy and is contractually obligated to protect your data.
By design, leaderboard data is publicly accessible as part of the core service functionality. When players submit scores to your game's leaderboards, the following data becomes publicly visible: player nicknames, scores and rankings, any custom fields you have configured for the leaderboard, and submission timestamps. As a game developer, you are responsible for informing your players that leaderboard data will be publicly displayed. We recommend including appropriate notices in your game's privacy policy.
We use cookies and similar technologies for: essential cookies required for authentication and session management (these cannot be disabled as they are necessary for the platform to function); preference cookies to store your language selection and display preferences; and analytics cookies to understand how visitors interact with our website, including page views, session duration, and navigation patterns. You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the platform.
We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically: account data is retained until you delete your account or request deletion; game and leaderboard data is retained for the lifetime of the game unless you delete it; payment records are retained for 7 years to comply with tax and accounting obligations; session and analytics data is retained for 12 months in identifiable form, after which it is aggregated or anonymized; and server logs containing IP addresses are retained for 90 days for security purposes. Upon account deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law.
We implement industry-standard security measures to protect your data, including: encryption of all data in transit using TLS/SSL (256-bit encryption); encrypted API communication between games and our servers; secure storage on Supabase infrastructure with Row Level Security (RLS) enabled on all tables; rate limiting to prevent abuse and unauthorized access; webhook signature verification for all incoming data from Clerk and Stripe; input validation and sanitization to prevent injection attacks (XSS, SQL injection); role-based access control with granular permissions; and regular security audits of our infrastructure. While we strive to protect your information, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
Your data may be processed and stored in servers located outside your country of residence, including in the United States and other jurisdictions where our service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, reliance on service providers certified under applicable data protection frameworks, and contractual obligations requiring our providers to protect your data to standards equivalent to those in your jurisdiction.
Our services are designed for game developers and are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a game developer whose games are played by children, you are responsible for ensuring compliance with applicable children's privacy laws (such as COPPA in the United States and equivalent regulations in other jurisdictions) in your use of our API services. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at contact@gamdato.com.
Depending on your location, you may have specific rights regarding your personal data. You can exercise any of these rights by contacting us at contact@gamdato.com. We will respond to your request within 30 days.
If you are located in the EEA, you have the right to: access your personal data and receive a copy; rectify inaccurate or incomplete data; erase your personal data ("right to be forgotten"); restrict processing of your data in certain circumstances; data portability (receive your data in a structured, machine-readable format); object to processing based on legitimate interests; withdraw consent at any time where processing is based on consent; and lodge a complaint with your local data protection authority.
If you are a California resident, you have the right to: know what personal information we collect, use, and disclose; request deletion of your personal information; opt out of the sale or sharing of personal information (note: we do not sell personal information); non-discrimination for exercising your privacy rights; and correct inaccurate personal information. To exercise these rights, contact us at contact@gamdato.com or through our contact page.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a new "Last updated" date and, where appropriate, by sending a notification to the email address associated with your account. We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: contact@gamdato.com. We aim to respond to all inquiries within 30 business days.