Privacy Policy

1) Introduction & Scope

This Privacy Policy applies to the Xplayo gaming platform ("Xplayo", "we", "us" or "our"), including our website, embedded games, and related services (collectively, the "Platform"). By using the Platform, you agree to this Policy. If you do not agree, please discontinue use.

2) Key Definitions

• Personal Data: Information that identifies or can reasonably be linked to a person (e.g., email, IP in combination with other data).
• Usage Data: Information about how visitors access and use the Platform (pages viewed, device type, session duration).
• Cookies: Small text files stored on your device to remember settings and improve performance; see Cookies.
• Pseudonymous Identifier: An identifier that does not directly identify a person without additional, separate information.

3) Information We Collect

A. Automatically Collected (Technical & Usage)

• IP address (truncated or masked where feasible), approximate geolocation (country/region derived from IP)
• Device, OS, browser and user-agent identifiers; language; screen resolution
• Referring/exit pages, navigation paths, time on page, event metrics
• Error logs, performance/latency measurements, security telemetry

B. Information You Provide Voluntarily

• Contact information (email, message contents) when you reach out
• Feedback, bug reports, feature suggestions
• Search queries entered into on-site search

C. Advertising & Analytics Data

Ad networks and analytics partners may collect or receive pseudonymous identifiers (e.g., cookie IDs, advertising IDs) to measure impressions, prevent fraud, cap frequency, and personalize ads where permitted by law and your settings.

D. Third-Party Sources

We may receive aggregated or inferred data (e.g., coarse location or interest segments) from analytics or advertising partners. We do not merge such data with your direct identifiers unless you contact us and we need to respond.

E. Avoid Providing Sensitive Data

Please do not submit government IDs, financial account numbers, or health information via open contact channels. We do not intentionally collect such data.

4) How We Use Information

• Deliver core game browsing and playback functionality
• Monitor performance, diagnose outages, protect against abuse and fraud
• Improve user experience through aggregated analytics
• Respond to inquiries and provide support
• Measure ad effectiveness and reduce invalid traffic
• Comply with legal requirements and enforce our Terms

Legal Bases (if applicable)

• Legitimate Interests: operating, securing, and improving the Platform, fraud prevention
• Consent: non-essential cookies and personalized advertising where required
• Legal Obligation: responding to lawful requests
• Contract: providing requested features or support

Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects. Basic ad selection or content ordering may use contextual or pseudonymous signals.

5) Google AdSense & Third-Party Vendors

We use Google AdSense to display advertisements. Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to this site and/or other sites. Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to this site and/or other sites on the Internet.

• Opt out of personalized advertising via Google Ads Settings.
• See more choices at AboutAds or the NAI opt-out.
• Google may use the DoubleClick cookie and other technologies for ad delivery, measurement, and fraud prevention.

Note: Each third party processes data under its own privacy policy.

6) Cookies & Similar Technologies

We use first-party and third-party cookies/local storage for the following purposes:

• Essential: core navigation, load balancing, security
• Analytics: aggregated usage insights (pages viewed, session length)
• Advertising: ad delivery, frequency capping, measurement, contextual relevance
• Preferences: remembering display or language choices

Representative (Non-Exhaustive) Cookie/Storage Categories

Type/Name	Purpose	Approx. Lifespan
session_id (essential)	Maintain session continuity	Session
consent_state (essential)	Record your cookie/tracking preferences	6–12 months
analytics_id / _ga / _ga_*	Aggregate usage metrics (analytics)	12–24 months
_gcl_au	Ad/Attribution measurement	3 months
ad_frequency_cap	Limit repeated ad display	~90 days
YSC / VISITOR_INFO1_LIVE (YouTube)	Player preferences and bandwidth	Session / ~6 months

Names/durations may vary by deployment and partners. Update this table to reflect your actual configuration.

Managing Preferences

Use the cookie banner or the Preferences panel to opt out of non-essential cookies. You can also manage or delete cookies in your browser settings. Blocking essential cookies may impair functionality.

7) Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

• Access a copy of personal data we maintain
• Request correction/update of inaccurate data
• Request deletion (erasure) where legally supportable
• Object to or restrict certain processing
• Withdraw consent for processing based on consent
• Port data in a structured, commonly used format

EEA/UK/Swiss Users

You also have the right to lodge a complaint with your local supervisory authority. We encourage contacting us first so we can address concerns directly.

California (CPRA)

California residents may request details about categories of personal information collected, sources, purposes, third-party disclosures, and specific pieces of information (subject to verification). We do not sell personal information. To limit cross-context behavioral advertising, open Preferences and disable Advertising cookies, or enable Global Privacy Control (GPC) in your browser.

8) Data Retention

We retain personal data only as long as necessary for the purposes described or to satisfy legal obligations, resolve disputes, and enforce agreements.

Category	Illustrative Elements	Indicative Retention
Contact Data	Email, message contents	Until resolved + up to 12 months
Technical Logs	Masked IP, user-agent, errors	30–180 days (rolling)
Usage Analytics	Pages viewed, session duration	Aggregated/anonymized after ~12 months
Ad/Identifier Data	Cookie IDs, device signals	Partner-specific (typically 90–400 days)

9) Security Measures

• Transport Layer Security (HTTPS) for data in transit
• Access controls restricted to operational need; role-based access; logging
• Infrastructure hardening, routine patching, and monitoring for anomalous traffic

No Internet transmission or storage system can be guaranteed 100% secure; we use commercially reasonable safeguards.

10) International Data Transfers

Your data may be processed on servers located in jurisdictions different from your own. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms adopted by competent authorities.

11) Children’s Privacy

The Platform is for general audiences and is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child provided data, contact us for prompt removal.

12) Changes to This Policy

We may revise this Policy to reflect changes in law, features, or practices. Material updates will be indicated by updating the date above and, where appropriate, additional notice (banner or modal). Continued use after changes indicates acceptance.