Privacy Policy
Last updated: February 7, 2026
1. Who We Are
Gamplo is operated by Outpoot ("we", "us", "our"). Our servers are located in Germany (European Union). For privacy-related inquiries, contact us at [email protected].
2. Data We Collect
We collect only what is necessary to operate the platform:
Account Information
Email address, username, display name, password (hashed, never stored in plain text), and avatar image.
Profile Information
Bio, cosmetic preferences (name color, avatar decoration), activity status settings, and friend connections.
Technical & Security Data
IP address and user agent string, stored in your session data for security purposes (fraud prevention, abuse detection). In game sessions, your IP address is stored only as an irreversible hash — we cannot recover your original IP from it.
Usage Data
Game play sessions (which games, duration), forum posts, chat messages in games, game save data (cloud saves), daily login streaks, Blips (virtual currency) balance and purchase history.
Developer-Uploaded Content
If you publish games, we store your game files, images, descriptions, changelogs, and achievement icons.
3. How We Use Your Data
- Provide the service — authenticate you, display your profile, and save your game progress.
- Security & abuse prevention — rate limiting, detecting fraudulent accounts, and enforcing our Terms of Service.
- Transactional emails — email verification codes and password reset links.
- Process purchases — fulfill Blips virtual currency purchases and maintain transaction records.
- Content moderation — automatically filter inappropriate content in chat and user submissions.
4. Legal Basis for Processing (GDPR)
Since our servers are in Germany, GDPR applies. We process your data under these legal bases:
- Contract performance — account creation, game services, and virtual currency transactions (Art. 6(1)(b) GDPR).
- Legitimate interest — security, fraud prevention, and platform integrity (Art. 6(1)(f) GDPR).
- Legal obligation — retaining purchase records as required by law (Art. 6(1)(c) GDPR).
5. Cookies & Analytics
We use a single session cookie that is strictly necessary to keep you logged in. It contains no tracking data and expires after 7 days of inactivity. Because this cookie is strictly necessary for the service to function, no cookie consent banner is required under GDPR (Recital 30, Art. 5(3) ePrivacy Directive).
We use Plausible Analytics, a privacy-friendly, cookie-free analytics service. Plausible is self-hosted on our EU infrastructure, does not use cookies or track personal data, and is fully GDPR-compliant. It collects only aggregated, anonymized statistics (page views, referrers, device types) and cannot identify individual users. No consent banner is required for this type of analytics. Learn more at Plausible's documentation.
6. Third-Party Services
We share data with the following services only as necessary to operate Gamplo:
Resend (Email Delivery)
Your email address is shared with Resend to deliver verification codes and password reset emails. See Resend's Privacy Policy.
Polar (Payment Processing)
When you purchase Blips, your payment information is processed by Polar. We do not store your credit card or payment details — Polar handles this entirely. See Polar's Privacy Policy.
Backblaze B2 (File Storage)
Avatars, game files, and other uploaded content are stored on Backblaze B2 servers. See Backblaze's Privacy Policy.
Plausible Analytics
We use Plausible Analytics, a self-hosted, privacy-friendly analytics service. Plausible is hosted on our EU infrastructure, does not use cookies, does not collect personal data, and provides only aggregated, anonymized statistics. No data is shared with third parties. See Plausible's Data Policy.
We do not sell, rent, or share your personal data with advertisers or data brokers.
7. Third-Party Games
Games hosted on Gamplo are created by independent developers. Games are sandboxed in iframes on a separate subdomain (games.gamplo.com) and cannot access your Gamplo account cookies, session, or personal data from the main site. Games can store settings locally in their own isolated storage (scoped to games.gamplo.com only) but cannot read data from the main platform. Game developers may implement their own data collection within their games. Gamplo is not responsible for data collection practices of third-party game developers. If a game collects data beyond what the Gamplo SDK provides, that game's developer is the data controller for that additional data.
8. Data Storage & Retention
Your data is stored on servers located in Germany (EU). We retain your data for as long as your account is active. When you delete your account, all your personal data — including your profile, avatar, sessions, game data, and uploaded files — is permanently deleted. This process is automatic and immediate.
9. Your Rights
Under GDPR and applicable privacy laws, you have the following rights. We have made these fully self-service — no need to contact us:
Right of Access (Data Export)
Download all your data anytime from Settings → Data → "Download My Data". You will receive a JSON file containing all personal data we hold about you.
Right to Erasure
Delete your account and all associated data from Settings → Danger Zone → "Delete Account". This permanently removes all your data, including files stored on our servers.
Right to Rectification
Update your display name, bio, and avatar directly from your Settings page at any time.
Right to Restrict Processing
You can enable Ghost Mode in Settings to hide your online status, or disable friend activity notifications.
10. Children's Privacy
Gamplo is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us at [email protected] and we will promptly delete that data.
11. International Data Transfers
Your data is primarily stored and processed in Germany (EU). Some third-party services (Resend, Polar, Backblaze) may process data outside the EU. These services provide appropriate safeguards such as Standard Contractual Clauses (SCCs) or are covered by adequacy decisions under GDPR.
12. Data Security
We implement appropriate technical and organizational measures to protect your data, including: passwords stored using secure hashing algorithms, IP addresses hashed with a secret salt in game sessions, CSRF protection on all API routes, rate limiting to prevent abuse, and games sandboxed in iframes without access to your session.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of Gamplo after changes constitutes acceptance of the revised policy.
14. Contact
For any privacy-related questions or to exercise your rights beyond the self-service options, contact us at [email protected].