Privacy Policy

Who is the data controller

The data controller responsible for your personal data is:

As data controller, we determine the purposes and means of processing your personal data. If you have any questions about how we handle your data, please contact us at info@gamobby.com.

What data we collect

We collect different categories of data depending on how you interact with Gamobby:

Category	Examples	Source
Account data	Name, email address, username (Gamobby tag), password (encrypted)	You provide directly
Profile data	Bio, gaming tags, platform IDs (Battle.net, Steam, PSN, Xbox), privacy mode, games list	You provide directly
Social network data	Public profile info, follower/following lists from connected networks	Via OAuth from Instagram, TikTok, X/Twitter, Facebook
Usage data	Pages visited, features used, matches viewed, connections made, session duration	Automatically collected
Technical data	IP address, browser type, device type, operating system	Automatically collected
Communications	Messages you send to other users on Gamobby, support emails	You provide directly
Consent records	Record of which consents you gave and when, for GDPR compliance	Automatically recorded at signup

Social network data — explained in detail

Because using social network data is central to how Gamobby works, we explain it here in full transparency.

How we access it

When you choose to connect a social network (Instagram, TikTok, X/Twitter or Facebook), you are redirected to that platform's official OAuth authorisation flow. You log in directly with that platform — Gamobby never sees your password. The platform then grants Gamobby a limited access token, which we use to read specific data.

Exactly what we read

• Your public username and display name on that network
• Your public profile picture
• The list of accounts you follow and accounts that follow you

What we never read

• Your private messages or DMs on any platform
• Your posts, stories, photos or videos
• Your likes, comments or reactions
• Any content you have marked as private

How we use it

Your social graph (follower/following list) is used exclusively to identify mutual connections between Gamobby users — that is, to suggest people you may already know who are also on Gamobby and share your gaming interests. We do not use it for advertising, profiling, or any other purpose.

How long we keep it

We store a snapshot of your social graph at the time of connection and refresh it periodically to keep suggestions up to date. If you disconnect a social network from Gamobby, or delete your account, this data is permanently deleted within 30 days.

Revoking access

You can disconnect any social network at any time from your Gamobby profile settings. You can also revoke access directly from the settings of each platform (e.g. Instagram Settings → Apps and Websites → Gamobby → Remove).

Why we process your data and our legal basis

Under GDPR, every processing activity must have a lawful basis. Here is ours:

Purpose	Legal basis
Creating and managing your account	Performance of a contract (Art. 6(1)(b) GDPR)
Providing the matching and lobby service	Performance of a contract (Art. 6(1)(b) GDPR)
Processing social network data for matching	Your explicit consent (Art. 6(1)(a) GDPR), given at signup
Sending service-related emails (account, security)	Performance of a contract (Art. 6(1)(b) GDPR)
Sending newsletters (if you opted in)	Your consent (Art. 6(1)(a) GDPR)
Improving the platform and matching algorithm (if you opted in)	Your consent (Art. 6(1)(a) GDPR)
Complying with legal obligations	Legal obligation (Art. 6(1)(c) GDPR)
Fraud prevention and platform security	Legitimate interests (Art. 6(1)(f) GDPR)

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal. You can manage your consents from your account settings.

How long we keep your data

Data type	Retention period
Account and profile data	Until you delete your account, then 30 days
Social network data	Until you disconnect the network or delete your account, then 30 days
Usage and technical data	13 months from collection
Messages between users	Until both users delete the conversation, or account deletion
Consent records	3 years from the date of consent (legal requirement)
Support correspondence	2 years from resolution

After the retention period ends, data is permanently and irreversibly deleted from our systems.

Who we share your data with

We may share limited data with the following categories of recipients:

• Infrastructure providers: We use third-party cloud hosting services to operate the platform. These providers act as data processors under GDPR and are contractually bound to protect your data.
• Authentication providers: When you log in with a social network, that platform's OAuth system is involved. We only receive the data they send us; we do not share your Gamobby data back with them.
• Legal authorities: We may disclose data if required by law, court order, or to protect the rights and safety of our users or the public.

Any third party we work with is required to handle your data in accordance with GDPR and our data processing agreements.

International transfers

Your data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers based outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Cookies and tracking

Gamobby uses cookies and similar technologies to operate the platform, remember your preferences, and understand how users interact with the service.

• Essential cookies: Required for the platform to function (e.g. keeping you logged in). These cannot be disabled.
• Analytics cookies: Help us understand how users navigate Gamobby so we can improve it. Only set if you consented to analytics data use at signup.

We do not use advertising or tracking cookies. You can manage cookie preferences from your browser settings at any time.

Your rights under GDPR

As a data subject under GDPR, you have the following rights:

How to exercise your rights

To exercise any of your rights, contact us at info@gamobby.com with the subject line "Data Rights Request" and specify which right you wish to exercise.

We will respond within 30 days. In complex cases we may extend this by a further 60 days, in which case we will notify you. We will not charge a fee unless your request is manifestly unfounded or repetitive.

We may ask you to verify your identity before processing your request to protect your data from unauthorised access.

Children's privacy

Gamobby is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has created an account, please contact us at info@gamobby.com and we will delete the account and associated data promptly.

Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a prominent notice on the platform at least 14 days before the changes take effect.

The date at the top of this page always reflects when the Policy was last updated.

Contact and complaints

For any privacy-related questions or to exercise your rights, contact us at:

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at aepd.es. In other EU countries, you may contact your local supervisory authority.