Last Updated: October 19, 2025
1. Introduction
1.1. This Privacy Policy (hereinafter referred to as the "Policy") describes how HistoGames (hereinafter referred to as "we", "Service") collects, uses, stores, and protects your personal information.
1.2. By using our Service, you agree to the terms of this Policy.
1.3. We take data protection seriously and comply with the requirements of:
- GDPR (General Data Protection Regulation) — for EU users
- CCPA (California Consumer Privacy Act) — for California users
- Spanish data protection legislation
2. What information we collect
2.1. Information you provide
When registering:
- Email address (required)
- Password (hashed and stored encrypted)
- Username (optional)
- Country/region (for correct price display)
When using the Service:
- Favorite games
- Search history
- Notification settings (which games you're subscribed to)
- Interface preferences
When paying for subscription (in the future):
- Data will be processed by a third-party payment provider
- We will NOT store bank card data
- We will only receive: payment status, plan, subscription start/end date
2.2. Information collected automatically
Technical data:
- IP address
- User-Agent (browser, OS)
- Browser language
- Screen resolution
- Device type (desktop/mobile)
Service usage data:
- Pages viewed
- Filter and link clicks
- Session time
- Visit frequency
- Referral source (where you came from)
Cookies and similar technologies:
- Authentication cookies (for account login)
- Functional cookies (saving settings)
- Analytics cookies (Google Analytics)
- Advertising cookies (if advertising is used)
2.3. Information from third parties
Game price data:
- Collected from publicly available store websites (Steam, Epic Games, GOG, etc.)
- Does NOT contain personal data of store users
- Used exclusively for catalog display
OAuth authorization (if used):
- Google/Facebook/Discord profile data (email, name, avatar)
- We do NOT get access to your friends, messages, passwords
3. How we use your information
3.1. Main purposes of use
Providing the Service:
- ✓ Registration and authorization
- ✓ Displaying prices in your currency
- ✓ Saving favorites and history
- ✓ Sending discount notifications
Service improvement:
- ✓ Analyzing user behavior
- ✓ A/B testing features
- ✓ Fixing bugs
- ✓ Performance optimization
Communication:
- ✓ Responding to support requests
- ✓ Sending discount notifications (if subscribed)
- ✓ Informing about Service changes
- ✓ Marketing mailings (with your consent)
Security:
- ✓ Fraud prevention
- ✓ Protection against bots and spam
- ✓ Detection of suspicious activity
- ✓ Compliance with legislation
3.2. Legal bases for processing (GDPR)
We process your data based on:
- Contract (Art. 6(1)(b) GDPR) — to provide the Service
- Consent (Art. 6(1)(a) GDPR) — for marketing mailings
- Legitimate interest (Art. 6(1)(f) GDPR) — for analytics and security
- Legal obligations (Art. 6(1)(c) GDPR) — upon requests from authorities
4. Who we share your information with
4.1. We DO NOT sell your data to third parties
4.2. We may transfer data to the following categories of recipients:
Payment providers (in the future):
- Stripe, PayPal (for subscription processing)
- They will have their own privacy policies
Analytics services:
- Google Analytics (visit statistics)
- You can disable in cookie settings
Email services:
- SendGrid, Mailgun (for sending notifications)
- Only email address and name
Hosting and infrastructure:
- AWS, Google Cloud, Cloudflare (site hosting)
- Access to data is strictly limited
Law enforcement:
- Only upon official request
- In accordance with legislation
4.3. Data transfer abroad
If you are from the EU:
- Data may be transferred to the USA (AWS, Google)
- We use Standard Contractual Clauses (SCC) for protection
- You have the right to object to the transfer
5. Notifications and mailings
5.1. Types of notifications
Transactional (cannot be disabled):
- Registration confirmation
- Password reset
- Changes to Service terms
- Important security updates
Discount notifications (can be disabled):
- Discounts on games from your tracking list
- Configured in personal account
- Frequency: as data arrives (no more than once per hour)
Marketing mailings (can be disabled):
- Service news
- Special offers
- Frequency: no more than once a week
5.2. How to unsubscribe
Email:
- Click "Unsubscribe" at the bottom of the email
- Go to account settings → Notifications
Push notifications:
- Disable in browser settings
6. Cookies and tracking
6.1. What are cookies
Cookies are small text files stored on your device.
6.2. Types of cookies we use
| Type | Purpose | Duration | Can be disabled? |
|---|---|---|---|
| Strictly necessary | Authorization, security | Session / 30 days | ❌ No (Service won't work without them) |
| Functional | Saving settings (language, currency) | 1 year | ✅ Yes |
| Analytics | Google Analytics | 2 years | ✅ Yes |
| Advertising | Ad targeting | 1 year | ✅ Yes |
6.3. Managing cookies
In browser settings:
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Preferences → Privacy & Security
- Safari: Preferences → Privacy
On our site:
- Banner on first visit
- Cookie settings in footer
Consequences of disabling:
- Strictly necessary — Service doesn't work
- Functional — loss of settings on each visit
- Analytics — no impact on functionality
6.4. Do Not Track (DNT)
We respect the DNT browser setting and disable analytics cookies.
7. How we protect your data
7.1. Technical measures
Encryption:
- ✓ HTTPS (SSL/TLS) for all pages
- ✓ Passwords are hashed (bcrypt, Argon2)
- ✓ Database is encrypted
Attack protection:
- ✓ Rate limiting (request throttling)
- ✓ CSRF tokens
- ✓ XSS filtering
- ✓ WAF (Web Application Firewall)
Data access:
- ✓ Only authorized personnel
- ✓ Two-factor authentication (2FA)
- ✓ Logging of all actions
7.2. Organizational measures
- ✓ Regular security audits
- ✓ Staff training
- ✓ Data backups
- ✓ Incident response plan
7.3. What we CANNOT guarantee
The Internet is not 100% secure:
- We make every effort, but CANNOT guarantee absolute protection
- You use the Service at your own risk
- Ensure the security of your device and password
8. How long we store your data
8.1. Retention periods
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Search history | 6 months |
| Favorite games | Until you delete them |
| Access logs | 90 days |
| Analytics | 26 months (GDPR requirement) |
| Payments | 7 years (tax requirement) |
8.2. After account deletion
Deleted immediately:
- Email, password, name
- Favorites, history
- Notification settings
Stored anonymously:
- Aggregated statistics (not linked to you)
- Payment data (for accounting, without email)
Deleted within 30 days:
- Backups
9. Your rights (GDPR, CCPA)
9.1. Right to access
You can request a copy of all your data.
- Format: JSON, CSV, PDF
- Timeline: within 30 days
- Free (first request per year)
9.2. Right to rectification
You can correct inaccurate data in account settings.
9.3. Right to erasure ("Right to be forgotten")
You can delete your account at any time.
- Settings → Delete Account
- Or write to us: [email protected]
Exceptions (we may refuse):
- Unfulfilled financial obligations
- Fraud investigation
- Legal requirements (payment data retention)
9.4. Right to restriction of processing
You can restrict data processing:
- Disable analytics
- Disable marketing
- Disable profiling
9.5. Right to data portability
You can export data in machine-readable format (JSON).
9.6. Right to object
You can object to:
- Data processing for marketing
- Automated decision-making
- Profiling
9.7. Right to withdraw consent
You can withdraw consent to data processing at any time.
9.8. How to exercise rights
Online:
- Account settings → Privacy
- Data export / Account deletion
By email:
- [email protected]
- Specify: subject "GDPR request", your account email, what you want
Response time: within 30 days
10. Children and privacy
10.1. The Service is NOT intended for children under 13 years old.
10.2. We do NOT knowingly collect data from children under 13.
10.3. If you are a parent and discovered that your child created an account:
- Contact us: [email protected]
- We will delete the account within 48 hours
10.4. Users 13-18 years old:
- Parental consent required (in some jurisdictions)
- Parents can request account deletion
11. Data breaches
11.1. What we do in case of breach
Within 72 hours:
- ✓ We will notify the regulator (GDPR requirement)
- ✓ We will assess the breach scope
- ✓ We will take remedial measures
If your data is compromised:
- ✓ We will notify you by email
- ✓ We will describe which data is affected
- ✓ We will recommend changing your password
11.2. What you should do
If you receive a notification:
- Change your password immediately
- Check account activity
- Enable 2FA (if available)
12. Policy changes
12.1. We may update the Policy as necessary.
12.2. Change notification:
- 30 days before taking effect
- Email to your address
- Banner on site
12.3. Significant changes (require your consent):
- New data processing purposes
- New categories of recipients
- Data transfer to new countries
12.4. If you disagree with changes — delete your account before they take effect.
13. Contacts and complaints
13.1. Contact information
Data Protection Officer (DPO):
- Email: [email protected]
- Website: histo.games
General questions:
- Email: [email protected]
13.2. Complaints to regulator (GDPR)
If you are from the EU, you can complain to the supervisory authority:
By country:
- Spain: AEPD (www.aepd.es)
- Germany: BfDI (www.bfdi.bund.de)
- France: CNIL (www.cnil.fr)
- UK: ICO (ico.org.uk)
13.3. Legal information
Data controller:
- Name: HistoGames
- Contact: [email protected]
- Jurisdiction: Spain
14. Additional information for different jurisdictions
14.1. EU users (GDPR)
- ✓ All rights described in section 9
- ✓ Legal bases for processing: section 3.2
- ✓ Cross-border transfer: section 4.3
- ✓ DPO contact: section 13.1
14.2. California users (CCPA)
Additional rights:
- Right to know what data is collected
- Right to deletion
- Right to opt-out of sale (we DO NOT sell)
- Right to non-discrimination
Contact: [email protected]
15. Conclusion
Your privacy is important to us.
We commit to:
- ✓ Collect only necessary data
- ✓ Use data only for the Service
- ✓ NOT sell data to third parties
- ✓ Protect data with modern methods
- ✓ Respect your rights
If you have questions — contact us.
Summary (TL;DR)
- ✓ We collect: email, IP, cookies, usage history
- ✓ Purpose: providing Service, discount notifications, analytics
- ✓ We DO NOT sell your data
- ✓ You can: download data, delete account, unsubscribe from mailings
- ✓ Protection: HTTPS, encryption, regular audits
- ✓ Storage: until you delete your account
- ✓ Rights: access, rectification, deletion, portability
- ✓ Cookies: mandatory + optional (can be disabled)
- ✓ Children: prohibited under 13
- ✓ Contact: [email protected]
Last Updated: October 19, 2025 | Version: 1.0