Information we collect
We may collect information about the Services you use and how you use them. This includes the selections you make on our Services. We collect PII, DII, and log information about your interactions, which we have described below.
Personally identifiable information (PII) is information that can be used to identify or contact you online or offline. This includes your name, address, email, phone number, photos, audio data, profile pictures, and payment information. The Service may collect PII when it is shared with us. Namely, when you use our Services, attempt to contact us, submit a resume, submit a job application, connect with us on social media, or connect with one of our partners. For example, you may see a “Log in with…” button from your phone. This means we request PII from a partner to streamline the login process. It is likely that you will encounter a “request for permission” screen by a third party requesting that you share your ID, profile picture, and other listed information with us. We may collect users’ government or similar IDs to verify accounts. We may also subsequently share that information with a vendor to conduct said verifications.
We may also create or collect device-identifiable information (DII) such as gamertags, statistical identifiers, device or advertising identifiers, cookies, usernames, and similar identifiers that are linkable to a browser, device, or account but that do not directly identify a person. From these platforms we may also receive other information. This might include your IP address, user agent, timestamps, precise and imprecise geolocation, sensor data, apps, fonts, battery life information, and screen size.
Our Services also collect information about your interactions including clicks and shares, search queries, navigation paths, crashes, timestamps, purchases, and referral URLs. We may mix this data with PII and DII. Information about your interactions may be transmitted to our servers while you are not using the app. This serves our efficiency purposes. We may also partner with third parties that collect additional information. Please see their privacy policies for more details and refer to the following information that details choices regarding these parties.
How we use information we collect
We use the information we collect from our Services to provide, maintain, protect and improve our Services, to develop new Services and offerings, and to protect us and our users.
PII is primarily used for business purposes. These purposes include sending you occasional newsletters and updates, hiring, responding to inquiries, logins, and providing Services. When you contact us, we may record your communication with us and record other information to aid in solving any issues you might be facing. We may use your email address to inform you about our Services. This includes notifying you about changes or improvements. Please note that comments sections, forums, and other similar areas of our Services are public. Any information posted in these areas is viewable and usable by anyone that has access to them.
We share PII with companies, outside organizations, and individuals for limited reasons as outlined below:
We use DII to control our Services and maneuver user sessions. This includes analyzing usage of our Services, stopping malicious behavior and fraud, advancing content, linking your identity across devices and browsers in order to give you a better experience online, and aiding third parties in their attempts to provide relevant advertising and related metrics. We share DII with third parties primarily for security, analytics and advertising, and external processing purposes.
While we strive to work with reputable companies that practice good privacy, this Policy is not applicable to services offered by other companies or individuals, which include products or sites that may be shown to you via the Services. Furthermore, we do not control the privacy policies and your privacy settings with third-parties. Namely social networks and ad networks. We may use third parties to help provide you with more tailored ads and better Services. We might obtain uses’ analytics on our site in an attempt to help tailor advertising to individual preferences. For further information, please refer to the relevant privacy policies for each third party and industry codes of conduct. We are not liable for the actions of third parties or onward transfers.
Legal Bases for Processing
The data we process may qualify for multiple legal bases for processing under Article 6 of the General Data Protection Regulation (and similar laws that specify legal bases for processing). Below we’ve listed our primary legal bases for each type of data for users covered under such laws:
It is contractually necessary and a legitimate interest to process your username, email, password, cookie data, IP address, account numbers on various platforms (e.g., your XBox or Steam ID), game information (including wins/losses, scores, and screenshots), device models, operating systems versions, and similar information to fulfill our obligations in the terms of service to provide you with and market our high quality products and services.
We gain consent for processing the data that is necessary for optional profile information like your profile picture, your description, gender, birthday, and general location (e.g., state and country). Where users log in with social media accounts, those companies have obtained consent on our behalf to use that data as described above.
We have a contractual necessity and a legitimate interest in collecting our users’ game activities to track users’ game activity and statistics. This information may be used in leaderboards, to determine the winners of wagers, and to aid in marketing our services to current and potential users.
We have a legitimate interest and a contractual necessity to store and process payment information in order to promote transactions between our users and ourselves. It is a legitimate interest that we obtain consent to process your government-issued identifiers (driver’s licenses, for example). We use these identifiers in order to verify our users’ identities and to prevent fraudulent users when dealing with payments.
It is a contractual necessity and a legitimate interest to process your social data such as teams, friends, friend requests, blocked users, chats, and direct messages. As we see necessary, in some instances, we may obtain consent for such data.
We have a legitimate interest in processing users’ purchase history in order to provide users with the help they need to fix purchase and payment issues.
We have a legitimate interest to conduct analytics, measure usage and conversions, detect fraudulent users, implement data security measures, and analyze game telemetrics. These efforts will improve our services. We and our processors have measures in place to protect your privacy.
We have a legitimate interest to enable third-party ads and data collection on our sites and apps to offer a more customized advertisement experience for our users and site visitors. We may also use advertisement mediation services to help us organize our vendors. These vendors may also receive and transfer data from advertisement partners. Our reputable partners offer measures to protect your privacy. Pseudonymization and opt-outs are two such measures. As is appropriate in some situations, we or our partners will obtain consent.
We have a legitimate interest in sending periodic emails and direct marketing to keep our registered users up to date on updates and offers. We make clear disclosures when users sign up and offer opt outs to anyone that is not interested.
For HR and internal operations, we rely on contractual necessity and legitimate interests to process the data of applicants and staff. We process date for project management, resumes, applications, payroll, internal chat and communications.
We have a legitimate interest in processing users’ personal data to extend support to customers, to debug problems, and to answer sales questions. These questions come in the form of emails, names, and other details. Similarly, we have a legitimate interest in processing personal data (e.g., names, social media profile data, and chat data/metadata) in order to respond to questions and messages on our social media accounts, usually through automated bots.
Like many other companies, we do not honor DNT flags. Instead, we offer other choices with respect to third parties. Many third parties partake in self-regulation to offer you a choice regarding receiving targeted ads. Please note that you may still see generic ads after opting out, but these ads won’t be based on your activities online. On the web you can opt out of participating companies by visiting the following sites:
If you wish to similarly opt out of cross-app advertising on mobile devices, you can enable the Limit Ad Tracking flag on the device. Enabling Limit Ad Tracking sends a flag to third parties that you wish to opt out of targeted advertising on that device. Major mobile platforms require companies to honor this flag. Screenshots that detail how to find these options on various devices are available at this website: http://www.networkadvertising.org/mobile-choices. For options on other platforms or devices, please see their respective privacy policies to learn about the choices they offer.
Users covered under the EU General Data Protection Regulation (or similar laws) have the right to access their data, rectify mistakes, erase their data, restrict certain processing (i.e., opt-out), export their data, withdraw consent, and lodge a complaint with a supervisory authority. Before redeeming these rights, we may ask you to verify your identity. This ensures that only you can use these rights on your own account.
Accessing and updating your information
We aim to provide you with a reasonable opportunity to access, update, and delete to your PII. In some cases we may have to keep that information for legitimate legal or business purposes. When you update your information, we may ask you to verify your identity before we process your request.
We work hard to protect our users from unauthorized alteration, disclosure, or destruction of information we have and undertake reasonable security measures with appropriate confidentiality, integrity, and availability protections. However, because there is no existing software or storage system that is 100% secure, we cannot guarantee the security of your information associated with the Services or any other service. You can help protect your account information by using unique and hard-to-guess passwords. We generally store data for as long as we have a valid business purpose or if we are legally required to do so.
Our Services are designed for adults (18+). We do not knowingly collect information for any child under the legal age to provide consent for data processing (13 in the US and up to 16 in the EU). If you are the parent of a child under the age required to provide consent and if you have a concern regarding your child’s information on our Services and/or wish to delete their data, please contact us at the email listed at the bottom of this policy.
If we transfer personal information from the European Union to the United States, we will comply with the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program and to view our certification please visit https://www.privacyshield.gov/.
For any questions or complaints regarding our compliance with either the EU-U.S. Privacy Shield Framework and the Swiss - U.S. Privacy Shield Framework, please contact us at the email listed below. If we do not resolve your complaint, then you may submit your complaint free of charge to the dispute resolution panel set forth by the data protection authorities who is our designated independent dispute resolution provider (a panel established by the EU data protection authorities). Swiss users should refer complaints to the Swiss Federal Data Protection and Information Commissioner (FDPIC). Under certain conditions specified by the principles of the EU-U.S. and the Swiss - U.S. Privacy Shield Frameworks, respectively, you may also be able to invoke binding arbitration to resolve your complaint. We are also subject to the investigatory and enforcement powers of the US Federal Trade Commission. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. We may be legally obligated to disclose personal information to authorities to meet national security, law enforcement, or other legal requirements.