Skip to content
Gamivate
Legal

Data Processing Addendum

Last updated: July 2026

This addendum applies where Gamivate processes personal data on behalf of a brand (the controller) and forms part of your agreement with us.

Roles

The brand is the controller of its players’ data; Gamivate is the processor, processing only on documented instructions.

Security

  • Tenant data is isolated at the database layer (row-level security).
  • Encryption in transit and at rest; hashed IPs; least-privilege access.
  • Audit logging of sensitive actions.

Sub-processors

We engage sub-processors (hosting, storage, email, analytics) under equivalent obligations and maintain a current list available on request.

Data subject requests

We provide tooling for access, export, and deletion so controllers can fulfil data-subject requests within statutory timeframes.

International transfers

Where data is transferred across borders, we rely on appropriate safeguards and document the transfer basis. Default hosting region is the EU (Frankfurt).

Return & deletion

On termination, data is returned or deleted per the controller’s instructions.