Privacy Policy - Escape Room Studio

1. Introduction

Escape Room Studio ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software-as-a-service platform for escape room management (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

Account information (name, email address, password)
Team and organization information
Escape room data, puzzles, clues, and game content
Player information and game session data
Payment and billing information
Customer support communications

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

Device information (IP address, browser type, operating system)
Usage data (pages visited, features used, time spent)
Log files and analytics data
Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Service
Process transactions and send related information
Send technical notices, updates, and support messages
Respond to your comments, questions, and requests
Monitor and analyze usage patterns and trends
Detect, prevent, and address technical issues and security threats
Comply with legal obligations and enforce our agreements

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: With trusted third-party service providers who assist us in operating our Service (e.g., payment processors, cloud hosting providers)
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share your information

5. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication mechanisms
Secure data centers and infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or legitimate business purposes.

7. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as defined in the General Data Protection Regulation (GDPR):

Contract Performance: To provide our Service and fulfill our contractual obligations to you
Legitimate Interests: To improve our Service, prevent fraud, and ensure security
Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)
Legal Obligation: To comply with applicable laws and regulations

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. If you are located in the EEA or UK, you have the following rights under GDPR:

Right of Access (Article 15): Request access to your personal information and receive a copy
Right to Rectification (Article 16): Request correction of inaccurate or incomplete information
Right to Erasure (Article 17): Request deletion of your personal information ("right to be forgotten")
Right to Restrict Processing (Article 18): Request restriction of processing in certain circumstances
Right to Data Portability (Article 20): Request transfer of your data in a machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@escaperoomstudio.com. We will respond to your request within one month (or two months for complex requests) as required by GDPR.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. We categorize cookies as follows:

Essential Cookies: Required for the Service to function (e.g., authentication, security)
Analytics Cookies: Help us understand how visitors use our Service
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertisements (only with your consent)

You can manage your cookie preferences through our cookie consent banner or your browser settings. However, disabling essential cookies may affect the functionality of our Service.

10. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained while your account is active and for 30 days after deletion
Transaction Records: Retained for 7 years as required by tax and accounting laws
Game Session Data: Retained for 2 years unless you request earlier deletion
Marketing Data: Retained until you opt-out or withdraw consent
Support Communications: Retained for 3 years for quality assurance purposes

After the retention period, we will securely delete or anonymize your personal data unless we are required to retain it for legal obligations.

11. Children's Privacy

Our Service is not intended for individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately at privacy@escaperoomstudio.com.

12. Data Residency and International Transfers

Your data is primarily stored and processed in the United States. If you are located in the EEA, UK, or other regions outside the United States, please note that we may transfer your personal data to the United States and other countries.

For transfers from the EEA and UK to the United States, we rely on appropriate safeguards including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other legally recognized transfer mechanisms

By using our Service, you consent to the transfer of your information as described in this Privacy Policy. If you have questions about our data transfer practices, please contact us at privacy@escaperoomstudio.com.

13. EU Representative

If you are located in the European Economic Area (EEA) and have questions or concerns about our data processing practices, you may contact our EU representative:

Email: privacy@escaperoomstudio.com

Subject Line: "EU Data Protection Inquiry"

You also have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities can be found at https://edpb.europa.eu.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date
Sending an email notification to registered users (for material changes)
Displaying a prominent notice on our Service

You are advised to review this Privacy Policy periodically for any changes. Your continued use of our Service after changes become effective constitutes acceptance of those changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@escaperoomstudio.com

Escape Room Studio

Attn: Privacy Officer

We aim to respond to all inquiries within 30 days. For urgent data protection matters, please include "URGENT" in your subject line.

1. Introduction

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

Account information (name, email address, password)
Team and organization information
Escape room data, puzzles, clues, and game content
Player information and game session data
Payment and billing information
Customer support communications

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

Device information (IP address, browser type, operating system)
Usage data (pages visited, features used, time spent)
Log files and analytics data
Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Service
Process transactions and send related information
Send technical notices, updates, and support messages
Respond to your comments, questions, and requests
Monitor and analyze usage patterns and trends
Detect, prevent, and address technical issues and security threats
Comply with legal obligations and enforce our agreements

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers: With trusted third-party service providers who assist us in operating our Service (e.g., payment processors, cloud hosting providers)
Legal Requirements: When required by law, court order, or government regulation
Business Transfers: In connection with a merger, acquisition, or sale of assets
With Your Consent: When you explicitly authorize us to share your information

5. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and updates
Access controls and authentication mechanisms
Secure data centers and infrastructure

6. Data Retention

7. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases as defined in the General Data Protection Regulation (GDPR):

Contract Performance: To provide our Service and fulfill our contractual obligations to you
Legitimate Interests: To improve our Service, prevent fraud, and ensure security
Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)
Legal Obligation: To comply with applicable laws and regulations

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. If you are located in the EEA or UK, you have the following rights under GDPR:

Right of Access (Article 15): Request access to your personal information and receive a copy
Right to Rectification (Article 16): Request correction of inaccurate or incomplete information
Right to Erasure (Article 17): Request deletion of your personal information ("right to be forgotten")
Right to Restrict Processing (Article 18): Request restriction of processing in certain circumstances
Right to Data Portability (Article 20): Request transfer of your data in a machine-readable format
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@escaperoomstudio.com. We will respond to your request within one month (or two months for complex requests) as required by GDPR.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. We categorize cookies as follows:

Essential Cookies: Required for the Service to function (e.g., authentication, security)
Analytics Cookies: Help us understand how visitors use our Service
Functional Cookies: Remember your preferences and settings
Marketing Cookies: Used to deliver relevant advertisements (only with your consent)

You can manage your cookie preferences through our cookie consent banner or your browser settings. However, disabling essential cookies may affect the functionality of our Service.

10. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained while your account is active and for 30 days after deletion
Transaction Records: Retained for 7 years as required by tax and accounting laws
Game Session Data: Retained for 2 years unless you request earlier deletion
Marketing Data: Retained until you opt-out or withdraw consent
Support Communications: Retained for 3 years for quality assurance purposes

After the retention period, we will securely delete or anonymize your personal data unless we are required to retain it for legal obligations.

11. Children's Privacy

12. Data Residency and International Transfers

For transfers from the EEA and UK to the United States, we rely on appropriate safeguards including:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other legally recognized transfer mechanisms

13. EU Representative

If you are located in the European Economic Area (EEA) and have questions or concerns about our data processing practices, you may contact our EU representative:

Email: privacy@escaperoomstudio.com

Subject Line: "EU Data Protection Inquiry"

You also have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities can be found at https://edpb.europa.eu.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy on this page
Updating the "Last updated" date
Sending an email notification to registered users (for material changes)
Displaying a prominent notice on our Service

You are advised to review this Privacy Policy periodically for any changes. Your continued use of our Service after changes become effective constitutes acceptance of those changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@escaperoomstudio.com

Escape Room Studio

Attn: Privacy Officer

We aim to respond to all inquiries within 30 days. For urgent data protection matters, please include "URGENT" in your subject line.