Your Privacy is a Feature, Not a Footer.

This document is our engineering blueprint for data handling. It's designed to be read, not just filed away. Every clause reflects a technical constraint, a user expectation, or a design trade-off we actively chose.

Contact Our DPO

At a Glance

Controller: Trackeno Studio
Jurisdiction: Italy (GDPR)
Scope: Website & Games
Effective: 2026-01-01

01 / Foundation

How We Process Your Data

Every interaction with our website or games triggers a predictable data flow. We designed our systems to minimize data collection by default, treating personal data like a liability—something to be contained and secured.

Legal Basis (Art. 6 GDPR)

Legitimate Interest: For basic site analytics and security logging. We balance this against your privacy through strict retention periods (see Section 4).
Contractual Necessity: Required only for account creation and game saves. Never used for marketing unless explicitly opted-in.

Data Minimization in Practice

We do not build customer profiles. Game telemetry is anonymized within 24 hours and aggregated. Your email is stored in a hashed format unless you interact with support. Our Cookie Policy details our strict category approach: strictly necessary only.

Data Flow Diagram

Input: Browser / App
Step 1: TLS 1.3 Encryption (In Transit)
Step 2: Input Validation & Sanitization
Step 3: Pseudonymization (If Stored)
Step 4: Ephemeral Cache (24h)

The Cookie Dilemma

A Privacy Lens

On a gaming site, performance is paramount. Third-party cookies for ads or analytics are performance killers. Our choice was stark.

What We Chose

Server-side logging with IP pseudonymization. Zero third-party trackers. A single, first-party session cookie for game saves.

Optimizes

Speed, User Trust, Legal Compliance

What We Sacrificed

Granular user behavior analytics. Real-time conversion funnels. Cross-visit retargeting capabilities.

Sacrifices

Marketing Automation, Deep Behavioral Insights

"A player's frame rate is more important than our marketing team's dashboard. We chose the player." — Tech Lead, Internal Memo Q2 2025

02 / Your Rights

Your Data, Your Control

Under GDPR and Italian privacy law, you hold the rights below. We've built the technical pathways to exercise them without gatekeeping or delay.

Right of Access (Art. 15)

Request a full copy of all data we hold. Process time: 30 days max.

Initiate Request →

Right to Erasure (Art. 17)

Ask us to delete your account and all associated personal data.

Excludes: Legal obligation data, anonymized analytics.

Right to Portability (Art. 20)

Download your game save data and profile in a machine-readable format.

Format: JSON. Structured by game title & timestamp.

Right to Object (Art. 21)

Stop us from processing your data for 'legitimate interest' (e.g., analytics).

Data Protection Officer

For any data-related questions or requests, our DPO monitors this inbox directly.

Email:privacy@trackeno.space

Response SLA:3 Business Days

Channel:Dedicated Secure Portal

Full Contact Details

How We Protect & How Long We Keep It

Security isn't a feature. It's a foundational layer. Our retention periods are not arbitrary; they're based on user utility and legal requirements.

Encryption (At Rest)

Database fields containing personal identifiers (emails, tokens) are encrypted using AES-256-GCM.

Access Control

Zero-trust model. Engineering staff have segmented access. No single database key holds all data.

Game Saves

Stored indefinitely unless manually deleted by the user. Max 3 saves per game per account.

User Controlled

Server Logs

Anonymized IP addresses after 7 days. Full deletion after 30 days for security audits.

System Necessity

Data Retention Timeline

7 Days

Raw Server Logs

Full IPs, request paths

30 Days

Pseudonymized Logs

Hashed IPs, timestamps

Indefinite

Game Saves & Accounts

Until deletion request

See Cookie Policy for session lifecycle.