Privacy & Cookie Policy
Effective Date: 2020/04/23

1. Introduction and Overview.

This privacy policy (the “Privacy Policy”) governs your use of the Exit Games Service. Exit Games consists of: Exit Games Inc. (USA) and Exit Games GmbH (Germany), collectively referred to herein as “Exit Games,” “we,” “our,” or “us.”

This Privacy Policy provides a comprehensive description of how Exit Games collects, uses, and shares information about you as well as your rights and choices regarding such information. It applies to any online location that links to this Privacy Policy, including this website (the “Service”) or offline locations that makes this Privacy Policy available to you.

If you are a Nevada resident, California resident or data subject in Europe, please see the Additional Disclosures for Nevada Residents in Section 13, the Additional Disclosures for California Residents in Section 14, and the Additional Disclosures for People in Europe in Section 15. If you have any questions or wish to exercise your rights and choices, please contact us as set out in Contact Us found in Section 12 below.

2. Information Collection.

As a general matter, we act as a processor or service provider—processing information on behalf and at the instruction of another company (our business clients). In such cases, it is the business client whom has provided you with notice of collection, and where applicable, has obtained your consent for collection. Please refer to such business client’s privacy policy to better understand its practices and your rights with respect to information collected.

There are limited instances where we provide services, such as on our website, that requires the collection of information for our own purposes. In this limited instance, we are considered a controller or business that is independently determining the need for collection to achieve a particular business purpose. The following is a breakdown of our limited collection practices based on what you provide to us, information collected automatically, and information received from other sources necessary for us to provide you with the Service.

A. Information You Provide.

When you use our Service, there is certain information you provide to us. The following are the categories of information we collect and have collected in the last twelve (12) months:

  • Contact Data, including your first and last name, and postal address provided when you interact with the Service.
  • Account Credentials, including your username and password.
  • Billing Data, including your payment instrument number (such as a credit or debit card number), expiration date, and security code as necessary to process your payments provided when you order any subscription through the Service.
  • Content, including content you post in forums or messages you send to Photon developer support or on our Discord channels.

You may choose to voluntarily provide other information to us that we do not request, and, in such instances, you are solely responsible for such information.

B. Information Collected Automatically.

In addition, we automatically collect certain information when you use the Service. The categories of information we automatically collect and have collected in the last twelve (12) months includes:

  • Service Use Data, including data about features you use, pages you visit, products and services you view and purchase, the time of day you browse, and your referring and exiting pages.
  • Device Data, including data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and device identifiers such as IP address.
  • Location Data, including imprecise location data (such as location derived from an IP address).

We use various current – and later – developed tracking technologies to automatically collect information when you use the Service, including the following:

  • Log Files, which are files that record events that occur in connection with your use of the Service.
  • Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use two types of cookies: session cookies and persistent cookies. Session cookies make it easier for you to navigate our website and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings. For more information about the cookies we use, please see our “Cookie Policy”.
  • Pixels (also known as web beacons), which is embedded code that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website or email that contains a pixel, the pixel may permit us or a separate entity to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from separate entities that allow us to understand your use of our websites and emails, and provide you with additional functionality.

For further information on how we use tracking technologies for analytics, and your rights and choices regarding them, see Analytics in Section 6, and Your Rights and Choices in Section 7 below.

C. Information from Other Sources.

We also collect information from other sources. The categories of sources we collect information from and have collected from in the last twelve (12) months, include:

  • Social networks when you engage with our content, reference our Service, or grant us permission to access information from the social networks.

Otherwise, information that we receive is in the context of us acting as a service provider that is processing information at the instruction and on behalf of our business clients.

Please refer to Use of Information in Section 3 below, to better understand our practices with respect to information that may relate to you.

3. Use of Information.

We use the information we collect for purposes in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information, including in the last twelve (12) months, include to:

  • Operate and manage our Service, including your registration and account.
  • Perform services requested by you, such as respond to your comments, questions, and requests, and provide customer service.
  • Send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
  • Prevent and address fraud, breach of policies or terms, and threats or harm.
  • Monitor and analyze trends, usage, and activities.
  • Conduct research, including focus groups and surveys.
  • Improve the Service or other Exit Games websites, apps, marketing efforts, products and services.
  • Develop and send you direct marketing, including advertisements and communications about our and other entities’ products, offers, promotions, rewards, events, and services.
  • Fulfill any other purposes at your direction or with your notice and/or consent.

We do not use information collected for automated decision-making, including individual profiling.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use information about you, please see Your Rights and Choices in Section 7 below.

4. Sharing of Information

We share information we collect in accordance with the practices described in this Privacy Policy. They types of entities to whom we share and have shared information with in the last twelve (12) months, include:

  • Service Providers. We share information with entities that process information on our behalf for our business purposes. Service providers assist us with services such as hosting providers, cloud service providers, payment providers, data analytics, marketing and advertising, website hosting, and technical support. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.
  • Vendors and Other Parties. We share information with vendors for business purposes, including analytics. Vendors may act as our service providers, or in certain contexts, independently decide how to process your information. For more information on analytics, see the “Analytics” section below.
  • Affiliates. We share information with our related entities including our parent and sister companies for business purposes such as customer support, marketing, and technical operations
  • Customers. We share information with our customers in connection with us processing information on their behalf. For example, we share information with our customers in order to maintain and administer your online accounts, respond to your questions and comments, comply with your requests, market and advertise to you, and otherwise comply with applicable law.
  • Merger or Acquisition. We share information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
  • Public Forums. We share information you make public through the Service, such as information in your profile or that you post on public boards. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to additional rights set out in Your Rights and Choices in Section 7 below.
  • Security and Compelled Disclosure. We share information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also share information to protect the rights, property, life, health, security and safety of us, the Service or anyone else.


Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we share information about you, please see Your Rights and Choices in Section 7 below.

5. Technology Integrations.

Our Service includes links that hyperlink to websites, platforms, and other services not operated or controlled by us. In addition, we integrate technologies operated or controlled by separate entities into parts of our Service.

Please note that when you interact with other entities, including when you leave our Service, those entities may independently collect information about you and solicit information from you. The information collected and stored by those entities remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Analytics.

We use analytics services, such as Google Analytics, to help us understand how users access and use the Service.We do this to find out things such as the number of visitors to the various parts of the site. As part of this process, we may incorporate tracking technologies into our own Service(including our website and emails).

As indicated above, vendors may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

For further information on the types of tracking technologies we use on the Service and your rights and choices regarding analytics, please see Information Collected Automatically in Section 2B above, and Your Rights and Choices in Section 7 below.

7. Your Rights and Choices.

A. Account Information.

You may access, update, or remove certain information that you have provided to us through your account by visiting your account settings or sending an email to the email address set out in Contact Us found in Section 12 below. We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use information about you as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

B. Tracking Technology Choices.

  • Cookies and Pixels. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies.If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
  • Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals. For more information on “Do Not Track,” visit https://www.allaboutdnt.com.

Please be aware that if you disable or remove tracking technologies some parts of the Service may not function correctly.

C. Analytics.

Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout. Please note that if you opt out using any opt out tools, the opt out may only apply to the specific browser or device from which you opt out. We are not responsible for the effectiveness of, or compliance with, any opt out options or programs, or the accuracy of any other entities’ statements regarding their opt out options or programs.

D. Communications.

You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link, or emailing us at the email address set out in Contact Us found in Section 12 below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about your account, transactions, servicing, or Exit Games’ ongoing business relations.

Please note that your opt out is limited to the email used and will not affect subsequent subscriptions.

8. Children.

The Service is intended for a general audience, and is not directed at children under(13) years of age.We do not knowingly collect personal information(as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) in a manner not permitted by COPPA. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us at privacy@photonengine.com. We will remove the data to the extent required by applicable laws.We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

If you are a California resident under 18 years old and registered to use the Service, you can ask us to remove any content or information you have posted on the Service. To make a request, email us at privacy@photonengine.com with “California Under 18 Content Removal Request” in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Data Security.

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

10. International Transfer.

Our headquarter is based in Germany, with servers and other business partners located worldwide, including in the United States. If you are accessing the Service from outside of the U.S., please be aware that information collected through the Service may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Privacy Policy. If your data is collected in Europe, we will transfer your personal data subject to appropriate safeguards, such as Standard Contractual Clauses.

11. Changes to this Privacy Policy.

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. By continuously using our Service, you acknowledge our Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address.

12. Contact Us.

If you have any questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us:

By email: privacy@photonengine.com

If you have a disability and would like to access this Privacy Policy in an alternative format, please contact us at privacy@photonengine.com.

13. Additional Disclosures for Nevada Residents.

Nevada law(NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as privacy@photonengine.com.

14. Additional Disclosures for California Residents.

These additional disclosures for California residents apply only to individuals who reside in California.The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing personal information to provide notices and means to exercise rights.

A. Notice of Collection.

In the past twelve(12) months, we have collected the following categories of personal information enumerated in the CCPA:

  • Identifiers, including name, email address, account name, IP address, and an ID or number assigned to your account.
  • Customer records, billing and shipping address, and credit or debit card information provided when you order any subscription through the Service.
  • Commercial information, including purchases and engagement with the Services.
  • Internet activity, including your interactions with our Service.
  • Geolocation data.

For more information on information we collect, including the sources we receive information from, review Information Collection in Section 1. We collect and use these categories of personal information for the business purposes described in Use of Information in Section 3, including to provide and manage our Services. Please review Sharing of Information in Section 4 for more detail about the parties we have shared information with.

Exit Games does not sell personal information as defined by the CCPA.

B. Roles.

Our Service is primarily intended to provide information to our business clients.You understand and agree that information collected about you is solely within the context of us conducting due diligence regarding, or providing or receiving a product or service to or from your employer.

If you are a California resident and we as a service provider have processed personal information about you on behalf of our clients and you wish to exercise your CCPA rights, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your personal information.We will refer your request to that client, and will support them to the extent required by California privacy law in responding to your request.

C. Right to Know and Delete.

If you are a California resident, you have the right to delete the personal information we have collected from you and the right know certain information about our data practices in the preceding twelve(12) months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, contact us at https://www.photonengine.com/en-US/contact. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

D. Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.

E. Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

F. Shine the Light.

Customers who are residents of California may request(i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and(ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in Contact Us found in Section 12 above and specify that you are making a “California Shine the Light Request”. We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

15. Additional Disclosures for People in the EU.

A. Roles.

Data protection laws in Europe distinguish between organizations that process personal data for their own purposes(known as “controllers”) and organizations that process personal data on behalf of other organizations(known as “processors”).

We act as a controller only with respect to personal data collected as you interact with our websites and emails.Controller under the General Data Protection Regulation(“GDPR”) in this regard is Exit Games Inc., 121 SW Salmon ST STE 1100, Portland, Oregon 97204, USA.

However, in most instances, we act as processor on behalf of our business clients—a separate legal entity—which is the controller. For example, game developers will create games which will be hosted in our globally distributed Photon Cloud. Please visit the applicable client’s privacy policy for information about their privacy practices. Any questions that you may have relating to the processing of personal data by Exit Games on behalf of the customer and your rights under data protection law should be directed to the customer as the controller, not to us.

B. Lawful Basis for Processing.

Data protection laws in Europe require a “lawful basis” for processing personal data.

Personal data you voluntarily provide us through our site(which may include your name, company, address and contact details such as your telephone number, email address or fax number) will be used for the purposes of satisfying your requests, such as ensuring an error-free and comfortable usage of our websites and registration with our Services.This is based on Art. 6(1)(b) of the GDPR.

If you registered as a developer our Services, we collect your personal data in order to administer your membership, including your account details in connection with your membership sign-in. This is based on Art. 6(1)(b) of the GDPR.

The provision of the above described personal data is a contractual requirement. If you do not provide us this information, we may not be able to provide you with our Services.

We may also send you as a registered developer further information about our Services or through our periodic newsletters, which may be unsubscribed by you at any time with a link that is provided with the newsletter. This is based on Art. 6(1)(f) of the GDPR.Our legitimate interest is to provide your with news and information on our Services.

If you have emailed us with an enquiry we will use your email address to respond to your query. This is based on Art. (1)(b) of the GDPR when this is done prior to entering into a contract or based on Art. 6(1)(f) of the GDPR in any other case. Our legitimate interest is to respond to your enquiry.

The use of Analytics (as described above in Section 6) is either based on your consent (Art. 6(1)(a) of the GDPR) or our legitimate interest in analyzing the use of our Services (Art. 6(1)(f) of the GDPR).

We do not involve automated decision-making, including profiling.

C. Retention Periods.

We will retain personal data only for as long as it is necessary in relation to the purposes for which they were collected or otherwise processed.

D. Recipients and International Transfers.

Exit Games uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run Exit Games’ Websites and services.As far as necessary, personal data is also shared between us as the Controller and Exit Games GmbH in Hamburg, Germany.

Information that you submit may be transferred to countries outside the European Economic Area(“EEA”). By way of example, this may happen if one or more of our servers are from time to time located in a country outside the EEA or one of our service providers is located in a country outside the EEA. If you make contact with any business featured on the site your details may be transferred outside the EEA. If we transfer your information outside the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected.

We transfer personal data to the following third countries:

Third country Legal safeguards
Australia Standard Contractual Clauses
Brazil Standard Contractual Clauses
Canada Standard Contractual Clauses
China Standard Contractual Clauses
India Standard Contractual Clauses
Japan Standard Contractual Clauses
Russia Standard Contractual Clauses
Singapore Standard Contractual Clauses
South Africa Standard Contractual Clauses
South Korea Standard Contractual Clauses
USA EU-U.S. Privacy Shield/Standard Contractual Clauses

To get a copy of the respective safeguards, please contact us at our European Representative office (see address below under G.)

E. Cookies.

Detailed below are the cookies we use and why and how long they last (in addition to the information provided above).

Google Analytics (used on all pages)

Cookie Description Expires after
_gid Used to distinguish users. 24 hours
_gat Used to distinguish users. 1 minute
_ga Used to throttle request rate. 2 years
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form (using the option “anonymizeIP”), including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Learn more about Google Analytics cookies.

Homepage (https://www.photonengine.com/)

Cookie Description Expires after
UserArea Storing the current website area/product. 14 days
This cookie is used to provide an easy navigation service in Photonengine Dashboard.

Dashboard (https://dashboard.photonengine.com/)

Cookie Description Expires after
UserArea Storing the current website area/product page. 14 days
egfaL Used to distinguish users. End of session
egcaL Used to distinguish users. 1 week
RequestVerificationToken Used to improve user security (anti XSRF/CSRF). End of session
These cookies are used to identify the logged-in user and provide data from the Photonengine services

Documentation (https://doc.photonengine.com/)

Cookie Description Expires after
ASP-Net_SessionId Used to distinguish users. End of session
This is a cookie that ASP.NET uses to store a unique identifier for your session. The session cookie is not persisted on your hard disk. Learn more about ASP.net cookies.

Forum (https://forum.photonengine.com/)

Cookie Description Expires after
cf_duid Used to distinguish users. 24 hours
vf_photon_TNH4Q-Vv Used to distinguish users. 20 minutes
vf_photon_TNH4Q-tk Used to distinguish users. End of session
vf_photon_TNH4Q Used to distinguish users. 1 month
These cookies are used to identify the user within the Exit Games “Vanilla Forum“ and also provide internal analytics about the forum usage.This data helps us to identify important topics and to improve Photon services

Blog (https://blog.photonengine.com/)

No additional cookies are used on our Blog Website.

F. Your Data Subject Rights.

You may object at any time to the processing of your personal data for marketing purposes.

If the processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

If you are a data subject in the EU, you have the following rights:

  • The right to require free of charge (i) information whether your personal data is retained and (ii) access to and/or (iii) duplicates of personal data retained;
  • The right to request proper rectification, removal or restriction of your personal data;
  • Where processing of your personal data is based on legitimate interests according to Article 6(1)(f) of the GDPR, the right to object on grounds relating to your particular situation at any time. If you object we will no longer process your personal data, unless there are compelling and prevailing legitimate grounds for the processing or the data is necessary for the establishment, exercise or defense of legal claims;
  • Where processing of your personal data is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have your personal data transmitted directly to another company, where technically feasible(data portability);
  • Where processing of your personal data is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question; and
  • The right not to be subject to any automatic individual decisions which produces legal effects on you or similarly significantly affects you.
You may exercise your rights by submitting a written request to us at the address set out in Contact Us in Section 12 above. We will respond to your request within 30 days. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.

Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements (based on Art. 6(1)(f) of the GDPR).

If your personal data has been processed by us on behalf of a customer and you wish to exercise any rights you have with such personal data, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal data.We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.

G. Complaints.

If you have a complaint about our use of your personal data or response to your requests regarding your personal data, you may lodge a complaint with a supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a data protection regulator, and would welcome you directing an inquiry first to us. In addition to the contact information above, please contact our:

European Representative (Headquarter)
Exit Games GmbH
Hongkongstraße 7,20457 Hamburg, Germany
registered number HRB 85991
Phone: +49/40/413596-0

Data Protection Officer: privacy@photonengine.com