Privacy Policy

Information You Provide

Account Information:

• Email address
• Username and display name
• Password (encrypted)
• Profile information (bio, avatar, links)
• Theme preferences (dark/light mode)

Seller Information (for Creators):

• Creator profile details
• Game listings and descriptions
• Stripe Connect account information (handled by Stripe)
• Payment and tax details (stored by Stripe, not us)

Transaction Information:

• Purchase history
• Download records
• Payment information (processed and stored by Stripe)

User-Generated Content:

• Reviews and ratings
• Comments and community posts
• Wishlists and favorites
• Following/follower relationships

Information We Collect Automatically

Technical Information:

• IP address (for security and fraud prevention only, not stored for analytics)
• Browser type and version
• Device information
• Operating system

This information is collected to maintain platform security, prevent fraud, and improve user experience.

Analytics Information (Anonymous):

We use Umami, a privacy-focused analytics tool that collects only anonymous, aggregate data:

• Pages visited (anonymized, not linked to you)
• Referral source (how you found us)
• General device type (desktop, mobile, tablet)
• Country-level location (no precise location data)

This data cannot be used to identify you personally. See Section 3 for more details on our privacy-focused analytics.

We use the information we collect for the following purposes:

Platform Operations

• Creating and managing your account
• Authenticating your identity
• Processing purchases and downloads
• Facilitating transactions between Buyers and Sellers
• Providing customer support

Communications

• Sending transactional emails (purchase confirmations, download links)
• Account-related notifications (security alerts, password resets)
• Platform updates and feature announcements (if you opt in)
• Responding to your inquiries and support requests

Security and Compliance

• Detecting and preventing fraud
• Enforcing our Terms of Service
• Protecting against abuse and malicious activity
• Complying with legal obligations

Platform Improvement

• Analyzing usage patterns to improve features
• Understanding how users interact with the platform
• Testing new features and functionality
• Troubleshooting technical issues

Legal Basis (GDPR)

For users in the EU, we process your data based on:

• Contract: Processing necessary to provide our services and fulfill our Terms of Service
• Consent: Where you have given explicit permission (e.g., marketing emails)
• Legitimate interests: Fraud prevention, security, and platform improvement
• Legal obligation: Compliance with applicable laws

What Cookies We Use

Indie Retro Games uses only strictly necessary cookies that are essential for the platform to function. These cookies are exempt from consent requirements under GDPR and ePrivacy regulations.

Session Cookies:

• Keep you logged in as you navigate the site
• Stored in our database, not in your browser
• Expire when you log out or after 2 hours of inactivity

Security Cookies:

• CSRF tokens to protect against cross-site request forgery attacks
• Authentication cookies to verify your identity
• Essential for platform security

Preference Cookies:

• Theme preference (dark/light mode) stored in localStorage
• Privacy banner dismissal cookie (remembers if you've seen our privacy notice)
• These do not track or identify you

Analytics

We use Umami, a privacy-focused analytics tool, to understand how visitors use our platform. Umami is designed with privacy in mind:

• No cookies: Umami does not use cookies or store any data in your browser
• No personal data: We do not collect IP addresses, device fingerprints, or any personally identifiable information
• No cross-site tracking: Your activity is not tracked across different websites
• Aggregate data only: We only see anonymous, aggregate statistics like page views and referral sources
• GDPR compliant: No consent required because no personal data is collected

What We DON'T Use

We do not use:

• Tracking analytics (Google Analytics, etc.) that collect personal data
• Advertising cookies or pixels
• Social media tracking pixels
• Third-party marketing cookies
• Cross-site tracking
• Behavioral profiling

Why No Cookie Banner?

Because we only use strictly necessary cookies required for the platform to function, we are not legally required to show a cookie consent banner under GDPR, PECR, or ePrivacy regulations.

Managing Cookies

You can configure your browser to reject all cookies, but this will prevent you from using Indie Retro Games as the platform requires session cookies to function.

We do NOT sell, rent, or trade your personal information.

When We Share Information

With Sellers:

• When you purchase a game, the Seller receives information necessary to fulfill the transaction (your username and purchase details)
• Your email address is NOT shared with Sellers

With Service Providers:

• Stripe: Payment processing and Seller payouts. Stripe has its own Privacy Policy
• Email service provider: For sending transactional emails (account verification, password resets, purchase confirmations)
• Cloud hosting: Our servers and database are hosted securely

All service providers are contractually bound to protect your data and use it only for the purposes we specify.

Legal Requirements:

We may disclose your information if required by law, such as:

• In response to a valid court order, subpoena, or legal process
• To protect our rights, property, or safety
• To protect the rights, property, or safety of our users
• To prevent fraud or illegal activity
• To comply with law enforcement requests

Business Transfers:

If Indie Retro Games is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our platform before your information is transferred and becomes subject to a different privacy policy.

Public Information

Some information is publicly visible by design:

• Your username and profile (if you choose to make it public)
• Reviews and ratings you post
• Games you publish (for Creators)
• Your wishlist and favorites (if you choose to make them public)

We take data security seriously and implement appropriate technical and organizational measures:

Technical Safeguards

• Encryption: All data transmitted to and from our servers is encrypted using HTTPS/TLS
• Password security: Passwords are hashed using bcrypt (industry-standard one-way encryption)
• Database security: Access to our database is restricted and monitored
• CSRF protection: All forms are protected against cross-site request forgery
• HTTPOnly cookies: Session cookies cannot be accessed by JavaScript

Operational Safeguards

• Regular security updates and patches
• Limited access to personal data (need-to-know basis)
• Secure backup procedures
• Monitoring for unauthorized access

Payment Security

We never see or store your full payment card details. All payment information is processed and stored by Stripe, a PCI-DSS Level 1 certified payment processor. We only receive confirmation of successful payments.

Your Responsibility

You can help keep your account secure by:

• Using a strong, unique password
• Not sharing your password with anyone
• Logging out when using shared or public computers
• Reporting any suspicious activity to support@indieretrogames.com

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data using industry best practices.

Active Accounts

We retain your personal information for as long as your account is active or as needed to provide you services.

Account Deletion

When you delete your account:

• Your personal information (email, profile details) is removed from our active database
• Your public content (reviews, comments) may be anonymized rather than deleted to maintain community integrity
• Transaction records are retained for legal and tax compliance
• Backups containing your data are deleted according to our backup rotation schedule (typically within 90 days)

Legal Retention

Some information must be retained for legal reasons:

• Transaction records: 7 years (tax and accounting requirements)
• Fraud prevention: Information related to banned accounts or fraudulent activity
• Legal disputes: Data relevant to ongoing legal proceedings

Seller Obligations

If you are a Seller, you may have ongoing obligations to Buyers who purchased your content (such as refund requests or support). In these cases, we may retain certain information necessary to fulfill these obligations.

All Users

Access: You can view and update your account information in your account settings.

Correction: You can update or correct your personal information at any time.

Deletion: You can request deletion of your account by contacting support@indieretrogames.com or using account settings.

Email preferences: You can opt out of marketing emails (transactional emails are still required for account security).

Additional Rights for EU Users (GDPR)

If you are located in the European Union, you have additional rights:

Right to Access: Request a copy of all personal data we hold about you.

Right to Rectification: Correct inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.

Right to Restriction: Request that we limit processing of your data in certain circumstances.

Right to Data Portability: Request your data in a machine-readable format to transfer to another service.

Right to Object: Object to processing based on legitimate interests.

Right to Withdraw Consent: Withdraw consent for processing at any time (where processing is based on consent).

Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we have violated your rights.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: support@indieretrogames.com
• Subject line: "Privacy Rights Request"
• Include your username and the specific right you wish to exercise

We will respond to your request within 30 days (or as required by applicable law).

Indie Retro Games is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@indieretrogames.com . We will delete such information from our systems.

As stated in our Terms of Service , users must be at least 13 years old to create a Buyer account and at least 18 years old (or have parental consent) to create a Seller account.

Indie Retro Games operates internationally, and your information may be stored and processed in any country where we or our service providers operate.

If you are located in the European Union, we ensure that any international transfers of your data are protected by:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

Our payment processor, Stripe, complies with GDPR and maintains appropriate safeguards for international data transfers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How we notify you:

• We will update the "Last Updated" date at the top of this policy
• For material changes, we will notify you via email (to the email address associated with your account)
• We may also display a prominent notice on the platform

Your continued use of Indie Retro Games after we post changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the platform and delete your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us at:

Email: support@indieretrogames.com

For GDPR-related inquiries: Include "GDPR Request" in your subject line

Thank you for trusting Indie Retro Games with your personal information. We are committed to protecting your privacy and being transparent about our data practices.