Golden Tides Privacy Policy

Psychedelic Games respects your right to control your privacy. We have put in place security measures for your personal data, and manage your personal data in accordance with applicable data protection and data privacy regulations. This Privacy Policy explains how we handle and treat your data when you (i) register or visit our site https://www.goldentides.gg or associated sites or pages (the "Website"), (ii) use our services, or (iii) engage or communicate with us. It also provides information about your rights relating to your Personal Data.

Throughout this Privacy Policy the following terms have the following meanings:

"Data Privacy Laws" means applicable data protection and data privacy laws and regulations, including but not limited to the EU General Data Protection Regulation (2016/679) (the "GDPR") and the California Consumer Privacy Act (CCPA).

"Processing" and "Process" means all activities involving your Personal Data, including collecting, handling, storing, sharing, accessing, using, transferring, and disposing of information.

"Services" means our applications, games, and other products, the website, email communications, social media accounts, and any related services or properties we control.

"Personal Data" means Personal Data that relates to you as an identified or identifiable individual.

While operating our Services, Personal Data will be shared with partners that we work with. Some of these partners are Controllers independent of us and, therefore, they independently determine how and for what purpose they process your data. For more information on these partners and the ways in which they may process your data, please refer to section 4 of this Privacy Policy. Under certain circumstances we will transfer your Personal Data to countries outside the European Economic Area. Such transfers will be done in accordance with section 5 of this Privacy Policy.

Our Services are not directed toward children and we do not knowingly collect Personal Data from children under 13 years of age.

Controller

The Controller responsible for your Personal Data for the purposes of the GDPR is:

hereinafter referred to as "the Company", "we", "us", or "our".

The principles set out in this Privacy Policy apply to all instances in which the Company processes your personal data as a Controller for the purposes described in this Privacy Policy.

Data Protection Officer

The data protection officer of the Controller for the purposes of the GDPR is:

2.1 Information You Provide Voluntarily

Source: Information you provide voluntarily when using our Services.

The information collected includes:

• Your email address or other contact information communicated to us
• Any Personal Data provided in any communication channel available in our Services (Discord, support tickets)
• Any other information you choose to submit to us through our Services, direct communication channels, or otherwise
• If you participate in our surveys or other research, any comments, feedback, responses, or other information you provide to us when doing so
• Payment information through our payment processors (Xsolla), including transaction details but not full payment card information

2.2 Information Collected Automatically

Source: Directly from you and/or your device by automatic means.

The Company collects Personal Data directly from you and/or your device (such as your phone or computer) by automatic means when you use our Services, including through cookies and similar technologies, or software development kits (SDKs).

Your use of our Web Services: we track and collect usage data including but not limited to:

• Information about the browser type and version used
• The operating system of the accessing device
• The IP address of the accessing device
• The date and time of access and websites from which the system of the accessing device reaches our website
• Hashed login and session information

Your use of our Game Services: we track and collect usage data including but not limited to:

• The date and time you access our services
• Access status and duration of use of our services
• Times of log-in and IP address
• Information about actions in the game and user progress
• User messages/chat protocols within the game
• Information on the operating system used
• Technical information about the device and hardware used to play the game
• Information about running processes, drivers and other executable code, as well as game-related and operating system-related files and memory (for anti-cheat purposes)

Crash logs including but not limited to snapshots and screen captures at the time of the crash, or other information related to bugs, errors, or other issues with our Services.

Inferences we make based on your activity in our Services.

2.3 Information from Third Parties

Epic Games Store: Account information when you authenticate through Epic Games
Steam: Account information when you use Steam platform services
Discord: Server activity when you participate in our community channels

We do not expect or intend to collect or otherwise process any special categories of data relating to you. By special categories of data, we mean genetic, biometric or health information, information revealing racial or ethnic origin, sex life or sexual orientation, political opinions, religious or philosophical beliefs, trade union membership, or information about your criminal offenses or convictions. Please do not provide this kind of information to us, or use the Services to make it available to others.

We use your Personal Data for different purposes based on the following lawful bases:

3.1 Contract Performance (Art. 6 para. 1 lit. b GDPR)

Processing is necessary to perform our contract with you as regards our Services.

Purpose of the processing:

• The data provided is used to identify the user by creating an account. The account enables the user to use our services and products
• Data provided by you is used in the handling of requests, in particular support requests for technical problems with the game and the handling of other questions
• The data provided by you, as well as automatically collected data, is used for the technical implementation, operation, and provision of the game
• The data provided by you is used to manage payment transactions and to verify their legality
• Automatically collected data is used to provide solutions against cheating and fraud in our services

3.2 Consent (Art. 6 para. 1 lit. a GDPR)

With your explicit consent, we use your data for:

• The data provided by you through your device is used to increase the convenience of using our website
• The data provided by you, as well as automatically collected data, is used to optimize our communication with our existing users as well as sending you interest-based advertisements along with marketing of our services
• Both the data provided by you and automatically collected data are used to analyze the browsing behavior of our visitors and users
• Data provided by you in surveys is used for the purposes of improving the game and the customer experience
• Delivery of newsletters, update information and game information, including information about patches, updates, community events, special promotions, personalized updates
• Data collected through marketing, social media and performance cookies is used to increase the convenience of using our website

3.3 Legal Obligation (Art. 6 para. 1 lit. c GDPR)

Processing is necessary for compliance with a legal obligation:

• Data automatically collected, or provided by you, may be stored if necessary to comply with tax, commercial, or legal obligations
• In the unlikely event of a dispute or a criminal investigation, we may be legally obligated to transmit personal data to authorities or other relevant entities

3.4 Legitimate Interest (Art. 6 para. 1 lit. f GDPR)

Based on our legitimate interest to operate and improve our Services:

• Automatically collected data is used to enable the website to be delivered to the user's device
• We use cookies for the operation, maintenance, and enhancement of our web services
• The data provided by you, as well as automatically collected data, is used to analyze our services and measure the success of our marketing
• We use logs and inferences based on your use of our services for the purposes of preventing violations of our terms and conditions

Your Personal Data will be transferred or disclosed to third parties for the purposes described in this Privacy Policy:

4.1 Service Providers

Hosting and Infrastructure:

• OVH Cloud - Server hosting and infrastructure services for game operation
• Docker & Kubernetes - Server deployments and orchestration (open source)
• Agones - Game server session management (open source)

Platform Partners:

• Epic Games - Authentication, game distribution, and platform services
• Steam - Game distribution and community features
• Discord - Community management and communication
• Xsolla - Payment processing for web transactions

Development Tools:

• GitHub - Backend and version control services
• Perforce - Code management and version control for Unreal Engine

4.2 Legal and Regulatory Disclosure

• Competent courts of law or other government authorities where we believe disclosure is necessary as a matter of applicable law or regulation
• Any person or entity where we believe disclosure is necessary to exercise, establish or defend our legal rights or to protect your or another person's vital interests

4.3 Business Transfers

If Psychedelic Games is acquired or merged, your information may be transferred as part of that transaction.

When Personal Data is shared with our business partners or other trusted entities stated above, we always require them to only use information in accordance with our instructions and applicable data protection laws.

In connection with some processing activities described in this Privacy Policy we share information outside of the European Union ("EU") and the European Economic Area ("EEA"). For example, our servers are located in the United States and Canada, and some of our service providers may be located outside of the EU and the EEA.

Where the Company transfers Personal Data outside the EU/EEA, the Company will ensure that Adequacy Decisions apply or Standard Contractual Clauses have been entered into between the transferring entity and the receiving external party. Additional safeguards will also be put in place prior to such transfers.

Under Data Privacy Laws you are entitled upon request to receive a copy of any documentation, demonstrating that appropriate safeguards have been taken in order to protect your Personal Data during a transfer outside of the EU/EEA. You can do so by reaching out to us at hello@goldentides.gg.

We will retain your information only for as long as is necessary for the purposes set out in this Privacy Policy. We use the following criteria to establish our retention period:

• Account information - Until account deletion or 3 years of inactivity
• Gameplay data - Up to 2 years for development and analytics purposes
• Support communications - Up to 3 years
• Legal compliance data - As required by applicable law
• Marketing data - Until consent is withdrawn or account deletion

For more specific information about data retention terms, please contact us at hello@goldentides.gg and we will provide the specific data retention terms for your jurisdiction.

Your data is secured by appropriate safeguards, taking into account the circumstances, the state of the art in the industry, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk. In support of this commitment, we have implemented appropriate technical, physical and organizational measures to protect your Personal Data against unauthorized or accidental destruction, alteration or disclosure; misuse; damage; theft or accidental loss; or unauthorized access.

Providing data to us is not mandatory. However, we are unable to provide the Services, or some parts or features of the Services, without processing your data. You have a number of options to limit or control the extent to which your data is processed.

In relation to our processing of your Personal Data you can, under certain circumstances, exercise the following rights:

8.1 Access

You may request confirmation of whether or not Personal Data is processed and, if that is the case, access to your Personal Data and additional information such as the purposes of the processing.

8.2 Object to Certain Processing

You may object to the processing of your Personal Data on the basis of a legitimate interest, on grounds relating to your particular situation, and to its processing for direct marketing purposes.

To unsubscribe from our marketing communications, please use the unsubscribe link provided in the messages we send.

8.3 Rectification

You have at any time the right to have inaccurate Personal Data rectified, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data made complete.

8.4 Erasure

You may have your Personal Data erased under certain circumstances, such as when your Personal Data is no longer needed for the purposes for which it was collected.

8.5 Restriction of Processing

Under certain circumstances you may ask us to restrict the processing of your Personal Data to only comprise the storage of your Personal Data.

8.6 Withdrawal of Consent

You have the right at any time to withdraw your consent to the processing of Personal Data, to the extent that the processing is based on your consent.

8.7 Data Portability

You may ask to receive a machine-readable copy of your Personal Data that is processed, and ask for the information to be transferred to another Controller (where possible).

8.8 Complaints to the Supervisory Authority

You have the right to lodge complaints pertaining to the processing of your Personal Data to the relevant data protection supervisory authority.

8.9 How to Exercise Your Rights

To exercise these rights, contact us at hello@goldentides.gg with "Privacy Request" in the subject line. Include:

• Your username or email address
• Specific request (access, deletion, correction, etc.)
• Any relevant details or documentation

We will respond to all privacy requests within 30 days.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws:

9.1 Your GDPR Rights Include:

• Right of access - Confirmation of whether we process your personal data and access to that data
• Right to rectification - Correction of inaccurate or incomplete personal data
• Right to erasure ("right to be forgotten") - Deletion of your personal data in certain circumstances
• Right to restrict processing - Limitation of how we process your data in certain situations
• Right to data portability - Receive your data in a machine-readable format for transfer to another service
• Right to object - Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent - Withdraw consent at any time where processing is based on consent
• Right not to be subject to automated decision-making - Protection from decisions based solely on automated processing

9.2 Legal Basis for Processing

We process your data based on:

• Contract performance - To provide our gaming services
• Legitimate interests - To improve our services and prevent fraud
• Consent - For marketing communications and non-essential cookies
• Legal obligation - To comply with applicable laws

9.3 Data Protection Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data appropriately.

9.4 International Transfers

When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions.

10.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how we use it
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

California Shine the Light: Under California's "Shine the Light" law, California residents may request information about the customer information we shared, if any, with other businesses for their own direct marketing uses. To obtain this information, send an email to hello@goldentides.gg with "Request for California Privacy Information" in the subject line.

10.2 Other US States

If you are based in other US states with enacted data protection laws, you may have similar rights including:

• Right to opt-out of the sale or sharing of your personal information for targeted advertising
• Right to access and data portability
• Right to correction of inaccurate personal data
• Right to deletion unless an exception applies
• Right to appeal our decision if we deny your privacy rights request

Golden Tides is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it promptly.

Platform-level age restrictions (Steam requires 13+, Epic Games requires 13+) provide our primary enforcement mechanism. If you believe a child under 13 has provided us with personal information, please contact us immediately at hello@goldentides.gg.

12.1 Cookies We Use

Our website may use:

• Essential cookies for basic functionality
• Analytics cookies to understand how you use our services
• Preference cookies to remember your settings

12.2 Your Choices

You can control cookies through your browser settings, though disabling certain cookies may affect functionality.

We may update this Privacy Policy from time to time, for example due to changes in our operations or the legal obligations that apply to us. Updates will be made available at https://www.goldentides.gg/privacy. We will also inform you of any material changes through appropriate means such as email or in-game notifications.

If you have questions about this Privacy Policy or our data practices, contact us:

For data subject rights requests, use subject line "Privacy Request" and include your specific request and relevant details.