Effective Date: October 8, 2025
Last Updated: October 8, 2025
Version: 1.0.0
This Privacy Policy ("Policy") describes how Gamer Growth Lab, LLC ("GGL," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use our platform for gaming creators, including our website, applications, and related services (collectively, the "Services").
By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must discontinue use immediately.
For users in the United States:
For users in the European Economic Area (EEA), United Kingdom, or Switzerland: We act as the data controller for personal data processed in connection with the Services.
Data Protection Officer (EU/UK users only):
We collect information that identifies, relates to, describes, or could reasonably be linked with you ("Personal Information").
Account Registration:
Profile Information:
Business Information:
Payment Information:
Communications:
Usage Data:
Location Data:
Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies. See Section 8 for details.
When you authorize access through OAuth, we collect data from third-party platforms:
Twitch:
YouTube:
Facebook Gaming / Instagram:
TikTok:
QuickBooks (Financial Data - WITH EXPLICIT CONSENT ONLY):
IMPORTANT - QuickBooks Access: Financial data from QuickBooks is collected ONLY after you explicitly connect your account and grant the "Accounting" scope. This data is used exclusively for:
You can disconnect QuickBooks at any time through Settings > Connected Platforms. Disconnecting will delete all imported financial data within 30 days.
OAuth Permissions: We only collect data you explicitly authorize through OAuth consent screens. You can revoke platform access at any time through each platform's settings or through our Settings page.
Publicly Available Data:
Aggregated Analytics:
We process Personal Information based on the following legal grounds and for the following purposes:
Our legitimate interest: Improving Services and developing new features that benefit users. Your interests are protected by data minimization, security measures, and your right to object.
Transactional Emails (Legitimate Interests):
Marketing Communications (Consent Required - Opt-In Only):
You may opt out of marketing at any time by clicking "unsubscribe" in emails or adjusting preferences in Settings > Notifications.
If GGL is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, Personal Information may be transferred to the successor entity. We will notify you via email and/or prominent notice on the Services before the transfer.
We do not sell Personal Information to third parties for monetary compensation.
We share Personal Information with third-party service providers who perform services on our behalf. These providers are contractually obligated to:
Categories of Service Providers:
All service providers maintain Data Processing Agreements (DPAs) ensuring GDPR compliance.
Data You Share With Platforms: When you connect third-party platforms (Twitch, YouTube, Facebook, TikTok, QuickBooks), you authorize us to access data according to OAuth permissions you grant. These platforms' privacy policies govern their data collection:
Data Platforms Can Access: We do not share your GGL account data back with connected platforms unless required for functionality (e.g., OAuth token refresh).
IMPORTANT - This May Constitute "Sharing" Under CCPA:
When you use our Sponsor Discovery feature and express interest in a brand (save to list, generate pitch, initiate contact), we may share limited creator metrics with that brand:
This sharing facilitates business opportunities but may be considered a "sale" or "sharing" under the California Consumer Privacy Act's broad definition, even though we receive no direct payment for the data itself.
You Have the Right to Opt Out:
When you opt out, brands cannot access your detailed metrics through our platform. You can still browse sponsors and contact them directly outside our system.
When you use our Creator Collaboration feature:
We may disclose Personal Information if required by law or in good faith belief that disclosure is necessary to:
We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you:
This data is not considered Personal Information and is not subject to this Policy.
We retain Personal Information only as long as necessary to fulfill the purposes described in this Policy or as required by law.
Active Accounts:
Deleted Accounts:
Platform Connection Data:
Legal Hold: Data subject to legal proceedings, investigations, or disputes is retained until the matter is resolved, even if you delete your account.
You may request deletion of your Personal Information at any time. See Section 9 for how to exercise this right.
Note: Deletion may make it impossible to provide Services. We will retain minimal data necessary to prevent account recreation for fraud prevention (hashed email only, retained for 2 years).
We implement technical and organizational measures to protect Personal Information against unauthorized access, alteration, disclosure, or destruction.
Encryption:
Access Controls:
Infrastructure Security:
Application Security:
Monitoring:
You are responsible for:
In the event of a data breach affecting your Personal Information, we will:
No security system is perfect. While we implement industry-standard security measures, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk.
GGL operates primarily in the United States. If you access Services from outside the United States, your Personal Information will be transferred to, stored, and processed in the United States.
For users in the EEA, UK, or Switzerland, we rely on the following mechanisms for international data transfers:
Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses (Decision 2021/914) with our service providers to ensure adequate protection for Personal Information transferred outside the EEA.
Adequacy Decisions: Where the European Commission has determined that a country provides adequate data protection, we may transfer data to that country without additional safeguards.
Your Consent: In some cases, we may request your explicit consent for specific transfers.
Your Personal Information may be processed in:
By using the Services, you acknowledge and consent to these transfers.
Your Rights: EEA/UK users retain all rights under GDPR regardless of where data is processed. You may contact our Data Protection Officer at dpo@gamergrowthlab.com with concerns about international transfers.
We use cookies, web beacons, pixels, and similar technologies to collect information and enhance Services.
Strictly Necessary Cookies (No Consent Required): These cookies are essential for Services to function:
You cannot disable these cookies without making Services unusable.
Analytics Cookies (Consent Required): These cookies help us understand usage patterns:
Marketing Cookies (Consent Required): These cookies are used for advertising:
Browser Controls: Most browsers allow you to control cookies through settings:
Disabling cookies may limit functionality.
Cookie Consent Banner: Upon first visit, you will see a consent banner allowing you to:
Your choices are stored for 12 months.
Global Privacy Control (GPC): We honor Global Privacy Control signals. If your browser sends a GPC signal, we automatically:
Third-party services integrated into the Services may use their own tracking technologies, governed by their respective privacy policies. We use service providers in the following categories:
We do not control third-party cookies and are not responsible for their privacy practices.
Some browsers offer "Do Not Track" (DNT) settings. Because there is no universal standard for DNT, we do not currently respond to DNT signals. However, we do honor Global Privacy Control (GPC) signals as described above.
Depending on your location, you have certain rights regarding your Personal Information.
Access: Request a copy of your Personal Information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your Personal Information
Portability: Receive your data in a machine-readable format (JSON, CSV)
Opt-Out: Unsubscribe from marketing communications
Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have the right to:
Right to Know (CCPA § 1798.100): Request disclosure of:
Right to Delete (CCPA § 1798.105): Request deletion of Personal Information, subject to legal exceptions (e.g., completing transactions, fraud prevention, legal compliance)
Right to Correct (CPRA § 1798.106): Request correction of inaccurate Personal Information
Right to Opt-Out of Sale/Sharing (CCPA § 1798.120): We do not sell Personal Information for money. However, sharing creator metrics with sponsors for business matching may constitute "sharing" under CCPA. You may opt out via:
Right to Limit Use of Sensitive Personal Information (CPRA § 1798.121): We do not use sensitive Personal Information (as defined by CPRA) in ways that require opt-out rights.
Right to Non-Discrimination (CCPA § 1798.125): You will not be denied Services, charged different prices, or provided inferior service quality solely for exercising CCPA rights.
Authorized Agent: You may designate an authorized agent to make requests on your behalf. We require:
Verification Process: We verify your identity by:
Response Time: We respond to CCPA requests within 45 days, with possible 45-day extension if necessary. We will notify you of any extension.
Under the General Data Protection Regulation (GDPR), EEA/UK/Swiss residents have the right to:
Right of Access (GDPR Art. 15): Obtain confirmation of whether we process your Personal Information and access to that information
Right to Rectification (GDPR Art. 16): Request correction of inaccurate or incomplete Personal Information
Right to Erasure (GDPR Art. 17) - "Right to be Forgotten": Request deletion of Personal Information when:
Exceptions: We may retain data when required for legal compliance, establishing/defending legal claims, or other lawful bases.
Right to Restriction of Processing (GDPR Art. 18): Request limitation on how we process your Personal Information when:
Right to Data Portability (GDPR Art. 20): Receive Personal Information in structured, commonly used, machine-readable format (JSON or CSV) and transmit to another controller
Right to Object (GDPR Art. 21): Object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds that override your interests.
Right to Withdraw Consent (GDPR Art. 7(3)): Where processing is based on consent (e.g., marketing emails, analytics cookies), you may withdraw consent at any time. Withdrawal does not affect lawfulness of processing before withdrawal.
Right Not to Be Subject to Automated Decision-Making (GDPR Art. 22): See Section 9.5 below.
Right to Lodge a Complaint (GDPR Art. 77): File a complaint with your local supervisory authority if you believe we have violated GDPR. Contact information for EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en
UK residents: Information Commissioner's Office (ICO) - https://ico.org.uk
Submit a Request:
Include in Your Request:
Verification: We verify your identity before processing requests to protect against fraudulent requests. You may be asked to:
Response Time:
We will notify you of any extension and the reason.
No Fee: Exercising your rights is free. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.
We use automated systems for:
Business Health Scoring (GCS Algorithm):
Sponsor Matching:
Creator Collaboration Matching:
Tax Optimization Suggestions:
Your Rights: Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our automated systems do not make such decisions - they provide informational scores and suggestions only.
European Economic Area: If you believe we have violated GDPR, you may lodge a complaint with your local Data Protection Authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
United Kingdom:
Information Commissioner's Office (ICO): https://ico.org.uk
Tel: 0303 123 1113
California:
California Privacy Protection Agency: https://cppa.ca.gov
Email: regulations@cppa.ca.gov
The Services are not intended for individuals under 13 years of age (or under 16 in the EEA/UK). We do not knowingly collect Personal Information from children.
If we learn that we have collected Personal Information from a child without parental consent, we will delete that information immediately.
If you believe we have collected information from a child, contact us immediately at: privacy@gamergrowthlab.com
By using the Services, you represent that you are at least 13 years old (or 16 in the EEA/UK). We may request proof of age and will terminate accounts that do not meet age requirements.
Parents or legal guardians who believe their child has provided Personal Information may contact us to:
We may update this Policy to reflect changes in our practices, technology, legal requirements, or other factors.
For material changes that significantly affect your rights or how we process data, we will:
Material changes include:
For minor updates (e.g., clarifications, formatting, contact information), we will:
Your continued use of the Services after changes become effective constitutes acceptance of the updated Policy, except where law requires explicit consent.
If you do not agree to changes, you must discontinue use and may request account deletion.
Previous versions of this Policy are available upon request at: privacy@gamergrowthlab.com
We maintain records of all Policy versions for legal compliance and transparency.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
For Privacy Rights Requests (Access, Deletion, Correction, Opt-Out):
Data Protection Officer (EEA/UK users only):
Security Issues:
California "Shine the Light" Law (Cal. Civ. Code § 1798.83): California residents may request information about disclosure of Personal Information to third parties for direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.
Minors Under 18: California minors under 18 who are registered users may request removal of content they posted publicly. Email privacy@gamergrowthlab.com with "California Minor Content Removal" in the subject line. Note: Removal does not ensure complete deletion from all systems or third-party copies.
Nevada residents may opt out of the "sale" of Personal Information. We do not sell Personal Information as defined under Nevada law (NRS 603A). If you wish to exercise Nevada privacy rights, contact: privacy@gamergrowthlab.com
Residents of these states have privacy rights similar to CCPA, including rights to access, delete, correct, and opt out of targeted advertising and sale of Personal Information. To exercise these rights, use the same process described in Section 9.2.
For EEA, UK, and Swiss users, we process Personal Information based on the following legal grounds:
| Processing Activity | Legal Basis (GDPR Article) | Your Rights |
|---|---|---|
| Account creation and management | Contract performance (Art. 6(1)(b)) | Access, rectification, deletion |
| Platform data synchronization | Contract performance (Art. 6(1)(b)) | Access, restriction, portability |
| Payment processing | Contract performance (Art. 6(1)(b)) | Access, rectification |
| Customer support | Contract performance (Art. 6(1)(b)) & Legitimate interests (Art. 6(1)(f)) | Access, rectification |
| Business health scoring (GCS) | Legitimate interests (Art. 6(1)(f)) | Access, object, restriction |
| Service improvement and analytics | Legitimate interests (Art. 6(1)(f)) | Object, restriction |
| Marketing communications | Consent (Art. 6(1)(a)) | Withdraw consent, deletion |
| Sponsor matching and data sharing | Consent (Art. 6(1)(a)) | Withdraw consent, deletion |
| Fraud prevention and security | Legitimate interests (Art. 6(1)(f)) | Object |
| Legal compliance (tax, court orders) | Legal obligation (Art. 6(1)(c)) | Limited rights |
Legitimate Interests: Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms. You have the right to object to processing based on legitimate interests. Contact privacy@gamergrowthlab.com to object.
Consent: Where we rely on consent, you may withdraw consent at any time. Withdrawal does not affect lawfulness of processing before withdrawal.
Not Financial, Tax, or Legal Advice: Tax estimates, revenue projections, business structure recommendations, and all other financial information provided through the Services are for informational purposes only and do not constitute professional financial, tax, accounting, or legal advice.
You should consult a licensed CPA, tax advisor, attorney, or other qualified professional for advice specific to your individual situation.
Accuracy Not Guaranteed: While we strive for accuracy, we do not guarantee the accuracy, completeness, reliability, or timeliness of any information provided through the Services, including but not limited to:
No Reliance: You acknowledge that you should not rely solely on information from the Services for important financial or business decisions. Always verify information with professionals and original sources.
Limitation of Liability: We are not liable for any losses, damages, or adverse consequences arising from your use of or reliance on financial information provided through the Services.
You may not use the Services if you are subject to U.S. export restrictions or are located in a country subject to U.S. embargo (currently Cuba, Iran, North Korea, Syria, and Crimea region of Ukraine). You represent that you are not on any U.S. government list of prohibited or restricted parties.
Personal Information: Information that identifies, relates to, describes, or could reasonably be linked with you, directly or indirectly.
Services: The GGL platform, including website, web applications, mobile applications (if applicable), and all related services.
OAuth: Open Authorization protocol allowing third-party applications to access user data without sharing passwords.
Cookies: Small text files stored on your device by websites you visit.
Processing: Any operation performed on Personal Information, including collection, storage, use, disclosure, and deletion.
Data Controller: Entity that determines the purposes and means of processing Personal Information.
Data Processor: Entity that processes Personal Information on behalf of the Data Controller.
GDPR: General Data Protection Regulation (EU Regulation 2016/679).
CCPA: California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.).
CPRA: California Privacy Rights Act (amends CCPA, effective January 1, 2023).
Sensitive Personal Information (CPRA): Social Security number, driver's license, passport, financial account credentials, precise geolocation, racial/ethnic origin, religious beliefs, union membership, genetic data, biometric data processed to identify an individual, health information, sex life/sexual orientation, citizenship/immigration status.
END OF PRIVACY POLICY
This Policy was prepared with legal counsel and reviewed for compliance with GDPR, CCPA/CPRA, CalOPPA, UK DPA, and other applicable privacy laws. It is designed to meet enterprise legal standards while protecting user privacy and platform security.
For questions about this Policy or our privacy practices, contact: privacy@gamergrowthlab.com
Last reviewed: October 8, 2025
Document ID: 6fabdd3c--0a9-f-49
Version: v1.0.0 | Word Count: 5,245 | Read Time: 27 min
SHA256: [Generated at acceptance: proof of exact content user consented to]
Questions about privacy or data protection? Contact our Data Protection Officer at privacy@gamergrowthlab.com or legal@gamergrowthlab.com