This Privacy Policy explains in clear yet comprehensive terms how Core Games (“Core”, “we”, “us”, or “our”) collects, uses, shares, stores, safeguards, and deletes information about individuals who interact with our games, websites, applications, community features, events, customer support channels, and any other online or offline services we operate (collectively, the “Services”).
We recognise that privacy is both a fundamental expectation and a trust we must continually earn. We therefore process personal data with diligence and proportionality, in accordance with applicable laws, including the EU/UK GDPR, the California Consumer Privacy Act (as amended) (“CCPA”), and other regional statutes to the extent they apply. Where laws diverge, we apply the stricter standard as a matter of policy unless doing so would conflict with mandatory local requirements.
1) Scope and Who This Policy Covers
This Policy applies to personal data processed by Core in the context of the Services. It does not cover independent third-party offerings that are governed by their own privacy terms, even when accessed through our Services (for example, platform storefronts, payment processors, or community tools operated by others).
2) Definitions
- Personal Data means any information relating to an identified or identifiable natural person.
- Controller means the entity that determines the purposes and means of the processing of personal data (here: Core Games for the processing described in this Policy).
- Processor means a service provider that processes personal data on our behalf pursuant to a contract.
- Sensitive Data means categories such as precise location, financial details, government identifiers, health data, children’s data, or information revealing racial/ethnic origin, political opinions, religious beliefs, genetic/biometric identifiers, or sexual orientation.
3) Information We Collect
The types of data we collect depend on how you interact with us:
- Data you provide: account credentials, email address, display name, country/region, age or age-band, content you upload (mods, screenshots, avatars, chat), support requests, bug reports, and survey responses.
- Transactional data: purchase history, license status, refund information (card details are handled by our payment partners and never stored in our systems).
- Automatic data: IP address, device identifiers, platform IDs, language, time zone, OS and hardware specifications, crash logs, game/session telemetry, anti-cheat signals, feature usage, performance metrics, and coarse location derived from IP.
- Cookies & similar tech: session tokens, analytics beacons, local storage, SDK event logs. You can manage non-essential cookies via our Cookie Preferences link in the footer.
- Third-party sources: platform providers (e.g., console/PC storefronts), social networks (if you link accounts), and anti-fraud vendors, in accordance with their privacy terms and your settings.
4) Purposes for Processing
- Provide and maintain the Services (account creation, gameplay, matchmaking, cloud saves, cross-play, entitlements).
- Improve performance and quality (analytics, telemetry, crash diagnostics, QA, A/B testing, accessibility and localization).
- Safety, integrity, and fair play (moderation, anti-cheat, anti-fraud, abuse and spam prevention, enforcement of Terms).
- Customer support (troubleshooting, refunds, communications with you).
- Marketing and community (newsletters, events, rewards, creator programs), with opt-out controls.
- Legal compliance (tax, accounting, regulatory requests, dispute resolution), and legitimate interests (protecting our users and Services).
5) Legal Bases (EEA/UK)
Where GDPR applies, we rely on: (a) performance of a contract (to deliver the game or service you requested); (b) legitimate interests (to secure and improve the Services, prevent abuse, and understand usage) balanced against your rights; (c) consent (for non-essential cookies/marketing); and (d) compliance with legal obligations.
6) Children
Our Services are intended for audiences of appropriate age ratings per territory. We do not knowingly collect personal data from children below the age at which consent is required in their jurisdiction without verifiable parental consent. If you believe a child has provided personal data to us, contact privacy@coregames.com.
7) Sharing and Disclosures
We may share data under strict controls with:
- Vendors/Processors providing hosting, cloud infrastructure, analytics, anti-cheat, crash reporting, email delivery, customer support, and payment processing.
- Platform partners to verify entitlements, cross-play, achievements, or friends functionality you opt into.
- Community & moderation partners supporting safety and content review.
- Corporate transactions (merger, acquisition, financing, or sale of assets), where data may transfer as part of the business and remain protected by consistent commitments.
- Legal compliance where required by law or to protect the rights, safety, and property of users, employees, and Core.
We do not sell personal information. For CCPA/CPRA purposes, we also do not “share” data for cross-context behavioral advertising unless you explicitly opt into such functionality; where applicable, we provide “Do Not Sell or Share My Personal Information” controls.
8) International Transfers
We operate globally. When transferring personal data outside your jurisdiction, we implement appropriate safeguards—such as EU Standard Contractual Clauses, the UK Addendum, or other recognised transfer mechanisms—and conduct risk assessments where mandated by law.
9) Retention
We retain personal data only for as long as necessary to fulfil the purposes described above, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type; crash logs and raw telemetry are typically kept for a short operational window, while purchase records may be retained longer for tax and accounting.
10) Security
We employ technical and organisational measures appropriate to the risk, including encryption in transit, access controls, secret management, hardened build pipelines, network segregation, and monitoring. No system is perfectly secure; you share information at your own risk, and we encourage the use of strong, unique passwords and multi-factor authentication where available.
11) Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to processing based on legitimate interests or direct marketing. You may also withdraw consent at any time where consent is the legal basis. We will not discriminate against you for exercising these rights.
- GDPR/UK: access, rectification, erasure, restriction, portability, and objection; right to lodge a complaint with your supervisory authority.
- CCPA/CPRA: know/access, delete, correct, and limit use of sensitive personal information; right to opt out of sale or sharing where applicable.
- Other regions: we honour equivalent rights to the extent required by law.
To submit a request, contact privacy@coregames.com. We will verify your identity and respond within statutory timelines.
12) Cookies and Preference Management
We use first-party cookies for essential functions (authentication, security, session continuity) and third-party cookies/SDKs for analytics and performance measurement. Non-essential cookies are set only with consent where required. You can manage choices via our Cookie Preferences, adjust browser settings, or use platform-level controls.
13) Gameplay Telemetry & Anti-Cheat
To keep our games fair and stable, we collect limited telemetry such as session start/end, map identifiers, frame rate, ping, crash traces, and error codes. We may run client-side and server-side integrity checks, including device/driver signatures and behavioural signals, strictly to detect cheating and abuse. These measures are proportionate, minimised, and never used to profile players for unrelated purposes.
14) User-Generated Content & Community Conduct
Content you share in public features (forums, chats, leaderboards, user profiles) may be visible to others. We moderate to protect users and the integrity of the community, but we cannot guarantee that all content is monitored in real time. Do not post personal data you would not want to be public.
15) Third-Party Links and Integrations
Our Services may link to third-party sites or offer integrations (e.g., streaming platforms, social sign-in). Their privacy practices govern data you provide to them. Review those policies carefully; we are not responsible for third-party processing.
16) Changes to This Policy
We may update this Policy to reflect operational, legal, or regulatory changes. If changes are material, we will provide prominent notice (e.g., banner, email, in-game notice) and, where legally required, seek your consent. The “Last updated” date at the top indicates the most recent revision.
17) Contact Us
If you have questions or concerns about this Policy or our practices, you may reach our privacy team at privacy@coregames.com. If your concerns remain unresolved, you may have the right to contact your data protection authority.
Annex A — Detailed Disclosures
Categories of personal data (illustrative):
- Identifiers (account ID, email, IP, platform IDs); device and network information (OS version, GPU/CPU model, display, locale, time zone).
- Commercial data (purchases, entitlements, refund eligibility).
- Internet or electronic activity (page views, feature usage, diagnostic logs).
- Geolocation (coarse location from IP; precise location only with explicit consent and clear purpose).
- User content (avatars, posts, chat, uploads) and moderation metadata.
- Inferences (high-level analytics segments) created to understand service performance—not to make decisions with legal or similarly significant effects on you.
Recipients (examples):
- Hosting & infrastructure providers; content delivery networks.
- Payment partners for purchase authorisation and fraud prevention.
- Analytics and crash reporting providers operating under our instructions.
- Anti-cheat and security partners bound by strict contractual safeguards.
- Professional advisors (legal, accounting) under confidentiality obligations.
Criteria for retention:
- Duration of your account or the provision of the Services.
- Statutory requirements (e.g., tax, financial recordkeeping).
- Time limits for disputes or investigations.
- Operational necessity balanced against data minimisation principles.
How to exercise rights:
- Submit a request to privacy@coregames.com describing the right you wish to exercise.
- We may request reasonable information to verify your identity and your relationship to Core (for example, account ID or platform receipt).
- If we cannot fulfil your request due to legal constraints, security considerations, or the rights of others, we will explain our reasoning to the extent permitted by law.
Special categories:
We do not seek to collect sensitive data. If a specific feature requires it, we will present a dedicated notice and obtain explicit consent where required, strictly limiting use to the disclosed purpose.
Automated decision-making:
We do not engage in solely automated decisions that produce legal or similarly significant effects about you. Anti-cheat flags may result in manual review by trained personnel before enforcement actions are taken.
Regional notes:
- EEA/UK: Our lead supervisory contact information will be provided upon request where applicable.
- California: You may authorise an agent to make requests on your behalf; agents must provide verifiable proof of authorisation.
- Other jurisdictions: We comply with local laws and provide region-specific notices where required within our products.