Skip to main content

Privacy Policy

Last updated: May 7, 2026

1. Who we are

MakeMyGame (“we”, “us”, “our”) is a B2B marketplace for the gamedev industry, operated as a Delaware C-Corporation. We connect studios, publishers, and service companies through a structured deal-flow platform.

Data controller contact: privacy@makemygame.io

2. Cookies and tracking

We use the minimum cookies necessary to operate the platform:

  • Session cookie (authjs.session-token) — keeps you signed in. Strictly necessary.
  • CSRF token (authjs.csrf-token) — prevents cross-site request forgery. Strictly necessary.
  • Stripe cookies — set by Stripe on their own domain during payment checkout only. Not accessible to MakeMyGame.

Our analytics (Plausible Analytics, EU-hosted) are cookieless. No tracking pixels or beacon images are used. No consent banner opt-in is required for analytics.

3. Data we collect

  • Account data: name, email address, profile image (from Google OAuth or provided by you)
  • Organization data: company name, description, logo, website, location, team size, service categories
  • Transaction data: tickets posted, bids submitted, deal stage progressions, bid amounts (no payment card data — Stripe handles all card processing)
  • Billing data: Stripe customer and subscription IDs, subscription plan, billing period (no card numbers stored)
  • Usage data: aggregate pageview counts via Plausible Analytics (cookieless, no individual tracking)
  • Communications: emails sent through Resend for authentication, notifications, and digest emails

4. How we use your data

  • Providing and operating the MakeMyGame platform (legal basis: contract, GDPR Art. 6(1)(b))
  • Sending transactional emails (authentication magic links, bid notifications, stage change alerts) (legal basis: contract)
  • Processing subscription payments via Stripe (legal basis: contract)
  • Preventing fraud, abuse, and maintaining platform security (legal basis: legitimate interests, GDPR Art. 6(1)(f))
  • Measuring platform usage to improve the service (legal basis: legitimate interests — anonymized analytics only)
  • Complying with legal obligations (legal basis: legal obligation, GDPR Art. 6(1)(c))

5. Data retention

  • Account and organization data: retained for the duration of your account, plus 30 days after account deletion (to allow recovery)
  • Billing records: retained for 7 years from the transaction date as required by applicable tax and accounting law
  • Deal history (tickets, bids): retained indefinitely after a deal closes — deal records are part of the platform's public reputation data. User attribution is anonymized if a user account is deleted (the record remains, the name does not)
  • Authentication logs: retained for 90 days for security purposes, then deleted

6. Data residency

All data is stored and processed within the European Union:

  • Application hosting: Vercel EU region
  • Database: Supabase (PostgreSQL), EU region
  • File storage: Cloudflare R2, EU region
  • Email delivery: Resend (EU Data Processing Addendum available)
  • Error monitoring: Sentry (EU region)
  • Analytics: Plausible Analytics (EU-hosted, cookieless)

No personal data is transferred outside the EU.

7. Your rights under GDPR

If you are located in the EU/EEA, you have the following rights:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate data
  • Erasure (“right to be forgotten”): request deletion of your personal data where no legal obligation requires retention
  • Portability: receive your data in a machine-readable format (JSON or CSV)
  • Restriction: request that we limit processing of your data
  • Objection: object to processing based on legitimate interests

To exercise any right, email privacy@makemygame.io. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Third-party processors

We share data only with the processors needed to operate the platform:

  • Vercel — application hosting (EU region)
  • Supabase — database hosting (EU region)
  • Stripe — payment processing (DPA in place)
  • Cloudflare R2 — file storage (EU region)
  • Resend — transactional email delivery
  • Sentry — error monitoring (EU region, PII stripped before transmission)
  • Plausible Analytics — cookieless usage analytics (EU-hosted)

We do not sell personal data to any third party.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated by email to registered users at least 14 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

Questions about this Privacy Policy or your data: privacy@makemygame.io

We use cookies to keep you signed in and protect against request forgery. Our analytics are cookieless and require no consent.