Blood & Bytes: Kagura - Privacy Policy
1. Introduction
Genoma Games ("we," "us," or "our"), a game development studio based in Madrid, Spain, develops and operates Blood & Bytes: Kagura. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you interact with our game, website, testing programs, or related services.
We are committed to protecting your privacy and complying with applicable data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Spain's Ley Organica de Proteccion de Datos Personales (LOPDGDD).
Data Controller: Genoma Games Madrid, Spain Email: info@genomagames.com Physical address available upon request.
2. Applicable Regulations
Based on the global nature of our services, we comply with the following privacy regulations:
European Union - GDPR
As a Spanish company processing personal data of EU residents, we are directly subject to the General Data Protection Regulation (GDPR). This regulation requires lawful, fair, and transparent data processing with valid legal bases such as consent.
Spain - LOPDGDD
Spain's Fundamental Law on Data Protection (Ley Organica de Proteccion de Datos Personales y Garantia de los Derechos Digitales) implements and refines GDPR requirements for Spanish territory.
California - CCPA/CPRA
For California residents, we comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), which grants specific privacy rights including the right to know, delete, correct, and opt-out.
United States - CAN-SPAM Act
All email communications comply with the CAN-SPAM Act, which establishes rules for commercial email including clear unsubscribe mechanisms.
Other US States
We monitor and comply with comprehensive privacy laws in other US states as applicable, including Colorado, Connecticut, Virginia, and others.
3. Personal Data We Collect
We collect the following categories of personal information:
3.1 Contact Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Name | Identification and communication | Consent |
| Email Address | Primary communication channel, sending game keys and updates | Consent |
3.2 Demographic Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Country | Regional segmentation and localization | Consent |
| Preferred Language | Communication and game localization | Consent |
| Year of Birth | Age verification and demographic analysis | Consent |
3.3 Gaming Profile Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Gaming Frequency | Player segmentation and testing group assignment | Consent |
| Average Session Duration | Understanding player habits | Consent |
| Gaming Platforms Used | Technical compatibility assessment | Consent |
| Preferred Platform | Primary testing focus | Consent |
| Alpha/Beta Experience | Tester experience assessment | Consent |
| Feedback Experience | Identifying proactive testers | Consent |
3.4 Preference Information
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Liked Game Genres | Player affinity analysis | Consent |
| Disliked Game Genres | Understanding player preferences | Consent |
| Games of Interest | Reference comparison | Consent |
| Gaming Motivations | Player type classification | Consent |
| Related Interests | Broader interest profiling | Consent |
3.5 Consent Records
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Opt-in for Updates | Permission to send game news and announcements | Consent |
| Opt-in for Surveys | Permission to send feedback requests | Consent |
3.6 Game Access Data
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Game Key | Linking access to your contact record | Contract performance |
| Registration Date | Program administration | Legitimate interest |
| Key Activation Status | Tracking program participation | Legitimate interest |
4. How We Use Your Information
We use your personal data for the following purposes:
4.1 Service Delivery
- Registering you as a player or tester
- Assigning and distributing game keys
- Tracking your participation status
- Segmenting players into appropriate groups
4.2 Communications (Only with Your Consent)
- Sending game updates and development news (if opted-in)
- Sending feedback surveys and questionnaires (if opted-in)
- Important announcements related to your game access
4.3 Product Improvement
- Analyzing player demographics to understand our audience
- Understanding gaming preferences to inform development decisions
- Evaluating player feedback for quality assessment
5. Third-Party Services and Data Processors
We use the following third-party services to process your data:
5.1 Brevo (formerly Sendinblue)
Purpose: Email marketing and contact management Data Shared: Email address, name, game key assignment, consent preferences Location: European Union (with appropriate safeguards for any transfers) Role: Data Processor DPA: We maintain a Data Processing Agreement with Brevo in compliance with GDPR Article 28.
Brevo is used to:
- Store and manage contact information
- Send email communications (updates, surveys)
- Track email delivery and engagement metrics
- Link game keys to contact records
5.2 Notion
Purpose: Internal database for program management Data Shared: Registration form responses Location: United States (EU-US Data Privacy Framework participant) Role: Data Processor
5.3 Steam
Purpose: Game distribution platform Data Shared: No personal data shared directly; game keys are redeemed by users Note: When you redeem a game key on Steam, Steam's own privacy policy applies to that relationship.
6. International Data Transfers
As our players may be located worldwide, your data may be transferred outside your country of residence.
For EU Residents
Transfers outside the European Economic Area (EEA) are protected by:
- EU-US Data Privacy Framework (for US recipients certified under this framework)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
Your Rights
You have the right to request information about the safeguards in place for any international transfers of your data.
7. Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy:
| Data Category | Retention Period |
|---|---|
| Contact Information | While you use our services + 2 years |
| Demographic Information | While you use our services + 2 years |
| Gaming Profile & Preferences | While you use our services + 2 years |
| Consent Records | Duration of consent + 3 years (legal compliance) |
| Game Key Assignment | While you use our services + 2 years |
| Transaction Records | 7 years (tax and financial compliance) |
"While you use our services" means the period during which you actively interact with our game, website, or communications. We consider your relationship inactive after 24 months without any interaction (login, email open, or other engagement).
Why we retain data after inactivity: The additional 2-year retention period allows us to: (1) enable account reactivation if you return to our services, (2) respond to any disputes or support requests related to your previous participation, and (3) comply with potential legal obligations.
After the retention period, your data will be:
- Deleted, or
- Anonymized for aggregate statistical purposes
8. Your Rights
Depending on your location, you have the following rights regarding your personal data:
8.1 Rights Under GDPR (EU Residents)
- Right of Access: Request a copy of all personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Request limitation of how we process your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw your consent at any time
- Right to Complain: Lodge a complaint with your local data protection authority
8.2 Rights Under CCPA/CPRA (California Residents)
- Right to Know: Request disclosure of data collected and its purposes
- Right to Delete: Request deletion of your personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out: Opt-out of sale or sharing of personal information
- Right to Non-Discrimination: Not be penalized for exercising your rights
Note: We do not sell your personal information.
8.3 How to Exercise Your Rights
To exercise any of these rights, including withdrawing your consent, contact us at:
Email: info@genomagames.com Subject Line: Privacy Request - [Your Right]
To withdraw consent: Send an email to info@genomagames.com with the subject "Withdraw Consent" specifying which consent(s) you wish to withdraw. You can also use the unsubscribe link in any marketing email to withdraw consent for that specific communication type.
We will respond to your request within the timeframes required by applicable law.
9. Email Marketing and Unsubscribe
9.1 Opt-In Communications
We only send marketing emails (updates, surveys) if you have explicitly opted-in. Each type of communication has a separate opt-in.
9.2 Unsubscribe
Every marketing email includes an unsubscribe link. You can:
- Click the unsubscribe link in any email
- Contact us at info@genomagames.com
- Update your preferences through Brevo's preference center
9.3 Transactional Communications
Essential communications (game key delivery, critical updates) are not subject to marketing opt-in and will be sent to all active users.
10. Children's Privacy
Our game and services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If we discover that we have collected personal data from a child under 16, we will delete that information promptly.
If you believe a child under 16 has provided us with personal information, please contact us at info@genomagames.com.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: Data transmitted via HTTPS; data at rest protected by service provider encryption
- Access Controls: Limited access to personal data on a need-to-know basis
- Service Provider Security: We only use service providers with appropriate security certifications
- Breach Response: Procedures in place to detect, investigate, and report data breaches
In the event of a data breach that poses a risk to your rights, we will notify the relevant authorities and affected individuals as required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements.
Notification of Changes:
- Material changes will be communicated via email to registered users
- The "Last Updated" date at the top will be revised
- Previous versions will be archived and available upon request
13. Contact Information
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Genoma Games Madrid, Spain Physical address available upon request.
Email: info@genomagames.com
Website: https://genomagames.com
This Privacy Policy is provided in English. A Spanish version may be made available upon request.