Privacy Policy

Redly Games Oy

Effective date: May 6, 2026

Last updated: May 6, 2026

1. Introduction

This Privacy Policy explains how Redly Games Oy ("Redly Games," "we," "us," or "our") collects, uses, shares, and protects your personal data when you visit our website at www.redlygames.com (the "Site"), subscribe to our mailing list, apply to participate in our playtests, engage with our products or services (collectively, the "Services"), or otherwise interact with us.

We are committed to protecting your personal data and complying with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the Finnish Data Protection Act (1050/2018), and other applicable data protection laws.

Please read this Privacy Policy carefully. If you do not agree with it, please do not use our Services.

2. Who we are (Data Controller)

The data controller responsible for your personal data is:

Redly Games Oy

Business ID: 3403867-2

Kampinkuja 2, 00100 Helsinki, Finland

Email: info@redlygames.com

For any questions about this Privacy Policy or the processing of your personal data, please contact us at privacy@redlygames.com.

3. Information we collect

We collect personal data in several ways, including directly from you, automatically through your use of the Services, and from certain third parties.

3.1 Information you provide directly

Depending on how you interact with us, we may collect:

•       Contact details, including yourname and email address.

•       Information you submit through forms, surveys, applications, questionnaires or similar interactions.

•       Information about your interests, preferences, experience, qualifications, or feedback.

•       Communications you send to us and any information you choose to include in them.

•       Account, platform, or community identifiers where relevant to your participation in our Services.

•       Payment, reward, reimbursement, or fulfilment information where applicable.

3.2 Information collected automatically

When you visit our Site or use our Services, we and our service providers may automatically collect:

•       Device and connection data including IP address, browser type and version, operating system, device type, device identifiers provided by the operating system, language preferences, and referring URL.

•       Usage data including pages visited, time spent on pages, links clicked, features used, session activity, interaction patterns, and navigation paths.

•       Diagnostics and performance information, including crash reports, error logs, and service performance data.

•       Cookies and similar technologies: see Section 9 below.

3.3 Information from third parties

We may receive limited information from third parties, such as:

•       Analytics and performance data from our service providers.

•       Information from platforms or partners where you interact with our pages, content, products or, programs.

•       Information from publicly available sources or social media platforms where relevant to our Services.

4. How we use your information

We process personal data for the following purposes:

•       To respond to your inquiries and provide support.

•       To send you our newsletter and marketing communications, where you have consented.

•       To receive and evaluate applications, registrations, or participation requests.

•       To administer our playtest program, including granting access to builds, collecting feedback, and providing rewards.

•       To operate, maintain, and improve the Site and our Services.

•       To analyse trends, measure engagement, and understand how our Services are used.

•       To detect, prevent, and address fraud, abuse, security issues, and violations of our terms.

•       To process rewards, reimbursements, payments, or other related transactions where applicable.

•       To comply with legal, tax, and regulatory obligations.

•       To establish, exercise, or defend legal claims.

•       To carry out corporate transactions (such as a merger, acquisition, or reorganisation), where applicable.

5. Legal bases for processing (GDPR)

Under the GDPR, we rely on the following legal bases to process your personal data:

Purpose Legal basis (GDPR Article 6)
Sending mailing list and marketing emails Consent (Art. 6(1)(a))
Responding to contact inquiries Legitimate interests (Art. 6(1)(f))
Reviewing applications, registrations, or participation requests Legitimate interests (Art. 6(1)(f))
Administering services, programs, testing activities for selected participants Performance of a contract (Art. 6(1)(b)) where applicable, or legitimate interests (Art. 6(1)(f))
Issuing reward payouts Performance of a contract (Art. 6(1)(b))
Operating, analysing, and improving the Site and our Services Legitimate interests (Art. 6(1)(f))
Fraud prevention, security, and protecting our rights Legitimate interests (Art. 6(1)(f))
Complying with legal and tax obligations Legal obligation (Art. 6(1)(c))

Where we rely on consent, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and freedoms. You can object to this processing at any time (see Section 11).

6. How we share your information

We do not sell your personal data. We share your personal data only as described in this Privacy Policy.

6.1 Service providers (data processors)

We use trusted third-party service providers that process personal data on our behalf in connection with the operation of our Services. These may include providers that support:

•       Website hosting and infrastructure.

•       Analytics, diagnostics, and crash reporting.

•       Communications and email delivery.

•       Forms, surveys, and data collection tools.

•       Community or collaboration platforms.

•       Build distribution, testing, or access management.

•       Payment, reward, reimbursement, or fulfilment services.

Customer support, administration, security, and other operational functions.

These providers process personal data on our behalf under written agreements that include GDPR-compliant data protection obligations.

6.2 Independent controllers

Some third parties act as independent data controllers for data you provide directly to them — meaning they decide how and why to process that data, under their own privacy policies. For example, if you use a third-party platform, marketplace, community service, app distribution platform, or social platform in connection with our Services, that third party may process your personal data under its own privacy policy and according to its own purposes.

We encourage you to review the privacy policies of such third parties.

6.3 Legal, regulatory, and safety recipients

We may disclose personal data when we reasonably believe it is necessary to:

•       comply with a legal obligation, court order, or lawful request by public authorities;

•       enforce our Terms of Service or other agreements;

•       investigate or prevent fraud, security incidents, or other illegal activity;

•       protect the rights, property, or safety of Redly Games, our users, or others.

6.4 Business transfers

If Redly Games is involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such transfer that materially affects how your personal data is handled.

7. International data transfers

Because several of our service providers are located in the United States and other countries outside the European Economic Area ("EEA"), your personal data may be transferred to, stored in, and processed in countries that may not offer the same level of data protection as your home country.

When we transfer personal data outside the EEA, we rely on one or more of the following safeguards:

•       EU-US Data Privacy Framework ("DPF"): for transfers to US-based service providers that are certified under the DPF.

•       Standard Contractual Clauses ("SCCs"): approved by the European Commission under Article 46 GDPR, for transfers where the DPF does not apply.

•       Other appropriate safeguards permitted under the GDPR.

You can request a copy of the safeguards applied to transfers of your personal data by contacting us at privacy@redlygames.com.

8. How long we retain your data

We retain your personal data only for as long as necessary for the purposes described in this Privacy Policy, or as required by law.

In determining retention periods, we take into account:

•       The nature of the personal data.

•       The purposes for which it was collected and processed.

•       Whether we need the data to provide Services, maintain records, resolve disputes, or enforce agreements.

•       Applicable legal, regulatory, tax, accounting, and reporting obligations.

In general:

•       inquiry and communication records are retained for as long as necessary to respond and for a reasonable period thereafter;

•       subscription and marketing data is retained until you unsubscribe or otherwise withdraw your consent, subject to limited retention where necessary for suppression, compliance, or backup purposes;

•       participation, application, feedback, and program-related records are retained for as long as reasonably necessary to administer the relevant activity and support legitimate business, legal, and operational needs;

•       analytics, technical, and diagnostic data is retained in accordance with the settings and retention controls of the relevant tools and providers, and may be deleted or anonymised earlier where appropriate; and

•       financial, accounting, tax, and related transactional records may be retained for the period required by applicable law.

Where data is anonymised, it may be retained indefinitely for statistical and research purposes.

9. Cookies and similar technologies

Our Site uses cookies and similar technologies (such as pixels and local storage) to:

•       Operate the Site.

•       Remember your preferences.

•       Measure and analyse traffic and usage.

•       Deliver and measure marketing.

Where required by law, we obtain your consent before setting non-essential cookies or similar technologies on your device. You can change your preferences at any time via the cookie settings link on our Site, or by clearing cookies in your browser.

Disabling cookies may affect the functionality of the Site.

10. Marketing communications

If you have subscribed to our mailing list, or otherwise opt in to receive marketing communications, we may send you updates about Redly Games, our games, playtest opportunities, releases, events, promotions and related content.

You can opt out of marketing emails at any time by:

•       clicking the "unsubscribe" link in any marketing email, or

•       emailing us at privacy@redlygames.com.

Opting out of marketing does not affect operational communications necessary to administer a playtest you are participating in, or responses to inquiries you have submitted.

11. Your rights

Depending on where you reside, you may have the following rights in relation to your personal data.

11.1 Rights under the GDPR (EU/EEA/UK)

•       Right of access — obtain a copy of the personal data we hold about you.

•       Right to rectification — correct inaccurate or incomplete data.

•       Right to erasure ("right to be forgotten") — request deletion of your personal data in certain circumstances.

•       Right to restriction — request that we limit how we use your data.

•       Right to data portability — receive your data in a structured, commonly used, machine-readable format.

•       Right to object — object to processing based on legitimate interests or direct marketing.

•       Right to withdraw consent — where processing is based on consent.

•       Right not to be subject to automated decision-making — we do not use automated decision-making that produces legal or similarly significant effects.

•       Right to lodge a complaint — with a supervisory authority.

To exercise any of these rights, please email us at privacy@redlygames.com. We may ask for proof of identity before responding.

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman or, where applicable, your local supervisory authority.

11.2 Rights for California residents

If you are a resident of California, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives you specific rights, including:

•       the right to know what personal information we collect, use, and disclose;

•       the right to delete personal information we hold about you;

•       the right to correct inaccurate personal information;

•       the right to opt out of the sale or sharing of personal information (we do not sell personal information);

•       the right to limit the use of sensitive personal information (we do not use sensitive personal information for purposes requiring this right);

•       the right to non-discrimination for exercising your rights.

You or your authorised agent may submit a request by emailing us at privacy@redlygames.com. We will verify your identity before responding.

11.3 Other US state privacy rights

Residents of certain other US states (including Virginia, Colorado, Connecticut, Utah, and others) may have similar rights under applicable state laws. Please contact us at privacy@redlygames.com to exercise any such rights. We will verify your identity before responding.

12. Children's privacy

Our Services are intended for adults and we do not knowingly collect personal data from children unless expressly stated otherwise. If you believe a child has provided personal data to us in violation of applicable laws or our policies, please contact us at privacy@redlygames.com and we will take appropriate steps to investigate and, where appropriate, delete it.

13. Data security

We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised access, loss, alteration, and disclosure. These measures include access controls, encryption in transit, secure hosting, and vendor due diligence.

No method of transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. If we become aware of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with the GDPR.

14. Third-party links

Our Site and Services may contain links to third-party websites, services, or platforms (for example, social media, Discord, or news articles). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with any personal data.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice on the Site. Your continued use of the Services after changes take effect means you accept the updated Privacy Policy.

16. Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact us:

Redly Games Oy

Kampinkuja 2, 00100 Helsinki, Finland

Business ID: 3403867-2

Email: privacy@redlygames.com