Privacy Policy
Last updated: July 2026
This policy explains how personal data is handled when you play a game powered by Gamivate. Two parties may act as data controllers, each for their own separate purposes:
- The brandrunning the campaign — controller of the data you submit to enter and play their game, used for that brand's own marketing where you consent.
- Gamivate — controller for (a) your Gamivate account data and (b), where you separately opt in, using your data for Gamivate's own product updates and marketing. For everything else, Gamivate acts only as the brand's processor.
Data we collect
- Details you provide at opt-in — the fields a campaign asks for (e.g. name, email, phone).
- Your consent choices, game scores, and play metadata.
- Technical data: a hashed IP address (never stored raw), coarse location, and device/browser information.
How your data is used
- To run the game, track scores, and issue your reward.
- By the brand:to contact you with the brand's marketing — only if you consent to it.
- By Gamivate: to operate and secure the platform. Gamivate uses your data for its own marketing or product outreach only if you separately opt in to that — it is never required to play or to receive your reward.
Your consent, and what's optional
Consent is asked with clear, separate, untickedcheckboxes — the brand's marketing and Gamivate's marketing are never bundled together, and neither is pre-checked. You can play and claim your reward whether or not you accept Gamivate's marketing consent. You can withdraw any consent at any time (for example, via the unsubscribe link in any message), and we keep an auditable record of what you agreed to and when.
We do not sell or resell your data
Gamivate does not sell your personal data, and does not shareit with unrelated third parties for their own marketing. One brand never gets access to another brand's players.
Legal basis
Marketing use — by the brand or by Gamivate — relies on your explicit, unbundled consent, recorded with a full audit trail. We design to the GDPR and Egypt's Personal Data Protection Law (Law No. 151 of 2020) as our baseline.
Retention
Data is retained per the brand's plan and instructions, after which it is anonymized or deleted. Consent and audit records are kept as required for compliance.
Your rights
You may request access, correction, export, or deletion of your data, and withdraw consent at any time. Contact the brand for data they control, or Gamivate for data we control — we provide the tooling to fulfil these requests either way.
Sub-processors
We use vetted providers for hosting, storage, email, and analytics (e.g. Supabase, Cloudflare, Resend), each under a data-processing agreement.
Contact
Questions about this policy? Reach us via our contact page.