SECTION 1
Scope and data controller
Last updated: 27 March 2026
This notice applies to studio.graylarklabs.com and to games, apps, demos, mailing-list
signups, support requests, playtests, and other services published by Graylark Studio unless a product
includes a more specific privacy notice.
For GDPR and UK GDPR purposes, the data controller is:
Graylark Studio
Operated via studio.graylarklabs.com
Privacy enquiries: [email protected]
Legal enquiries: [email protected]
If you need a postal correspondence address for a legal request, contact us by email first and we will
provide the appropriate contact details for your request.
SECTION 2
Personal data we collect
Depending on how you interact with Graylark Studio, we may collect:
- Information you provide directly, such as your name, email address, support messages, playtest responses, survey answers, bug reports, and any other information you choose to send us.
- Technical and usage data, such as IP address, browser type, device type, operating system, referring pages, app version, crash diagnostics, session timestamps, and basic usage events.
- Store and transaction data, such as country, platform, entitlement or purchase status, and pseudonymous platform identifiers supplied by app stores or game platforms. We do not receive your full payment card details.
- Gameplay and account data, where relevant to a specific app or game, such as save-state information, progress, leaderboard identifiers, preferences, and anti-abuse logs.
- Marketing preference data, when you opt in to receive product updates, announcements, or testing invitations.
We do not intentionally collect special category data unless you choose to include it in a support or
feedback message. Please avoid sending sensitive personal information unless it is strictly necessary.
SECTION 3
How we use data and our lawful bases
| Purpose |
Typical data used |
Lawful basis |
| Provide website features, game functionality, updates, and requested services |
Account, gameplay, device, and transactional data |
Performance of a contract or steps taken at your request before entering a contract |
| Respond to support requests, bug reports, and playtest applications |
Name, email, support content, diagnostics |
Legitimate interests in operating and improving our products, and where relevant, contractual necessity |
| Maintain security, prevent fraud, moderate abuse, and keep services stable |
IP address, device details, log events, crash data |
Legitimate interests and, where required, legal obligations |
| Measure performance and improve products through analytics |
Usage, device, and engagement data |
Consent where required for non-essential cookies or SDKs, otherwise legitimate interests |
| Send newsletters or promotional updates |
Name, email, consent record, engagement data |
Consent |
| Meet tax, accounting, regulatory, and legal requirements |
Transactional records, correspondence, compliance records |
Legal obligation |
We do not use your personal data for solely automated decision-making that produces legal or similarly
significant effects on you.
SECTION 4
Cookies and similar technologies
This website may use cookies, local storage, SDKs, or similar technologies to keep the site secure,
remember basic preferences, understand site usage, and improve performance.
- Strictly necessary technologies may be used without consent where they are required for security, hosting, or core functionality.
- Analytics, advertising, or other non-essential technologies should only be activated after the user has given consent where GDPR, UK GDPR, or ePrivacy rules require it.
- You can manage cookies through your browser or device settings, though disabling some technologies may affect how the website or apps function.
If you later introduce analytics, advertising, or social media tags, make sure the live implementation
matches this policy and any consent banner configuration.
SECTION 5
Who we share data with
We may share personal data with:
- Hosting and infrastructure providers that deliver the website, content, files, and security services.
- App stores and platform operators such as Apple, Google, Steam, itch.io, or console/platform providers when distribution or purchases occur through them.
- Analytics, crash reporting, customer support, email, and productivity providers that process personal data on our behalf under appropriate contracts.
- Professional advisers, regulators, law enforcement, or courts where disclosure is required to comply with law or to protect rights, safety, and property.
- Potential buyers or restructuring partners if the business or assets are sold, transferred, or reorganised, subject to confidentiality and lawful processing requirements.
We do not sell personal data. If data is transferred outside the UK or EEA, we will rely on an adequacy
decision, standard contractual clauses, or another lawful transfer mechanism.
SECTION 6
How long we keep data
We retain personal data only for as long as necessary for the purposes described above, including:
- Support and contact records: typically up to 24 months after the issue is closed, unless longer retention is needed for follow-up or disputes.
- Analytics and diagnostic data: for the shortest period that supports product improvement, commonly up to 14 months unless aggregated or anonymised sooner.
- Marketing consent records: until you unsubscribe or consent otherwise expires.
- Transactional and compliance records: for the period required by tax, accounting, and legal obligations.
Where possible, we delete or anonymise data sooner. We may retain limited information for longer if
necessary to establish, exercise, or defend legal claims.
SECTION 7
Your privacy rights
Under GDPR and UK GDPR, you may have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your data in certain circumstances.
- Request restriction of processing.
- Object to processing based on legitimate interests.
- Receive a portable copy of data you provided to us where the right applies.
- Withdraw consent at any time where processing is based on consent.
- Lodge a complaint with your local data protection authority or, where applicable, the UK Information Commissioner's Office.
To exercise your rights, contact us using the privacy contact details listed in this policy. We may ask
for reasonable proof of identity before completing a request.
SECTION 8
Security
We use technical and organisational measures designed to protect personal data against accidental or
unlawful loss, misuse, unauthorised access, disclosure, alteration, or destruction. No internet
transmission or storage system is completely secure, so we cannot guarantee absolute security.
SECTION 9
Children's privacy
Some Graylark Studio products may appeal to younger players. We do not knowingly collect personal data
from children in a way that requires parental consent unless the relevant service includes an appropriate
parental permission flow or other lawful basis.
If you believe a child has provided personal data to us inappropriately, contact us so we can review and
delete the information where required.
SECTION 10
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our services, vendors, legal
requirements, or data practices. When we make material changes, we will update the date above and, where
appropriate, provide additional notice inside the relevant product or on this website.
