MYSTIC INTERACTIVE PRIVACY POLICY
Last Updated: February 2, 2024
Welcome to Mystic Interactive! Mystic Interactive, LLC (“Mystic Interactive”, “we”, “our” or “us”) is an independent VR game development studio that creates high-quality and immersive VR games. We are committed to building strong relationships with our users and fellow game enthusiasts. This Privacy Policy is your (“you”, “client”, “job applicant”, “external partner”) guide to how we handle your personal data as we create new worlds and build our games.
We refer to the websites (e.g., mysticinteractive.com) we operate as our “websites”. When you visit our websites or otherwise engage with our services (e.g., play our games, attend an event, apply for a job, or partner with us) (collectively, “services”) we collect the necessary data to provide these services to you. This Privacy Policy applies to personal data processed by us, including on our websites, games, and any other downloadable software that we publish or distribute and any other online or offline offerings.
1. DATA WE COLLECT
A. DATA WE COLLECT FROM YOU
We may collect data that you provide directly to us for the following services:
Visit Our Websites: When you visit our website, you may interact with us by contacting us, visiting our socials, or joining our Discord.
Contact Us: When you contact us we may collect request data, such as your name, email, and message details. Any medium that provides a free form comment box has the potential to collect unanticipated data. We ask that you refrain from providing sensitive data in these fields. Any additional data in your message or subsequent messages, such as your phone number or a mailing address, may be collected and shared as needed to resolve your request.
Visit Our Socials: When you click on our social media icons, you are directed to our corresponding social media pages (e.g., Reddit) and our websites receive click-through analytics data. Social media platforms may also collect analytics data from their corresponding links. This data often includes your IP address, browser type, device type, and operating system.
Join Our Discord: We provide an open Discord invite on our website. When you click the invite to join our Discord, you are referred to the invite page. If you accept the invite and click the button, your Discord account is linked to our server. Discord settings are privately managed, but you can remove yourself from our server at any time. When you use our social features through our Discord or social media pages, any text, audio, visual, and/or other electronic communications data that you disclose may be read, copied, may collected, or used by other community members, and may become publicly available. Please make sure your privacy settings reflect your preferences and use caution when posting your personal data online.
Create an Account: To access certain functions and applications on our websites or services, you may be required to register with us. During registration, you will be required to provide contact data, which may include your date of birth, email address, username, and password.
Play Our Games: When you play our games, we collect client data about you and your game play. This includes your device data (e.g., device type and operating system), game play data (e.g., progress, achievements, and statistics), and any personal data you provide to us to resolve gameplay issues (e.g., your name and email address). Because we develop virtual reality (“VR”) games, we may collect interaction data to implement quality-of-life features into our games. This may include tracking hand gestures and eye movement in addition to more common completion and bug telemetry. We do not share or sell your interaction data and it is not used outside of enhancing game features and resolving user issues.
Apply for a Job: When you submit a job application to us, we may collect data you provide, to include name, address, email address, phone number, employment history, educational background, professional certifications or licenses, references, resume or CV, cover letter, salary expectations or history, availability for work, citizenship status, and other data you provide during the hiring process. We may also collect more data about you once you become an employee. Our Employee Privacy Policy, which is given to employees during onboarding, outlines how we handle employee privacy.
Partner with Us: When you partner with us in a shared business, promotion, or charity, we may collect personal data such as name, email address, phone number, job title or business role, company or organization name, business address, and information about the nature of our partnership or collaboration.
B. DATA COLLECTED BY THIRD PARTIES AND SHARED WITH US
Social Media Platforms: We may collect data from your social media profile if you use social media (e.g., Reddit) to connect with us or interact with our content. This may include your public profile data, such as your name, username, profile picture, bio, and location, as well as any content you publicly share or engage with, such as likes, comments, shares, and open group messages. We use this data to connect with our community, analyze engagement, and improve our content. Please note that we do not have access to any private or personal data that you have not made publicly available on these platforms.
Gaming Platforms and Consoles: Our games are available on various gaming platforms and consoles such as Meta’s Quest, Valve’s Steam, and Sony’s PlayStation. We may collect and share necessary data from these platforms to facilitate your game purchase and to understand your game usage. This data may include your game activity, game progress, achievements, and game preferences. It is important to note that these platforms have their own privacy policies to protect the privacy and financial data of their users, and we never receive financial data for purchases made on these platforms.
Advertising Partners: At times, we may partner with advertising companies to promote our products and services. If you interact with our advertising or visit our website through an advertising partner's referral link, we may collect data from these advertising partners. This data may include information about the referral source, the pages you visited on our website, and any actions you took while on our site.
Analytics Providers: We partner with analytics providers to gain insights into how users engage with our services. These providers may collect data such as your IP address, browser type, device type, and usage data on our behalf. This data is used to improve our services and provide a better user experience.
C. DATA COLLECTED AUTOMATICALLY
We collect certain types of data related to your device and browsing experience automatically when you visit our websites or engage in our services. This is enabled by various technologies that allow us to collect data without requiring your direct input. When you visit our websites or engage in our services, we may utilize technology that automatically collects data associated with your device and browsing history.
Data collected automatically is used to help us understand your preferences and usage patterns, to personalize your experience, and to improve our websites and services. We do not sell or rent any of the data collected automatically to third parties.
Here are some examples of the types of data we automatically may collect:
Device and usage data: We collect data about your device and usage, such as your IP address, device type, operating system, browser type, and usage data. We do not assume your location based solely on your IP address, as it only serves as an approximate reference.
Log data: We may collect log data, such as your device data, engagement data, usage data, and any events that occurred in relation to your use of our services to help us improve our offerings and diagnose and fix any issues that may arise.
Cookies: We may use cookies and other tracking technologies on our websites and Portal, such as web beacons and pixel tags, to keep you signed into your accounts and to help personalize your experience.
You can choose to disable or delete cookies through your browser settings, but please note that some features of our website may not function properly without cookies. Please refer to Your Controls in Section 7(B) to learn more on how to manage your cookie preferences.
D. COOKIES
TYPES OF COOKIES
There are several types of cookies that may be used on our website:
Essential cookies: These cookies are necessary for the website to function properly and cannot be disabled. They are used to remember your preferences, login details, and other settings to provide you with a seamless browsing experience.
Performance cookies: These cookies are used to may collect data about how you use our website, such as which pages you visit most often. This data is used to improve the performance of our website and make it more user-friendly.
Functional cookies: These cookies are used to remember your preferences and settings, such as your language preference or your choice of theme. They help enhance your experience by providing personalized and relevant content.
USE OF COOKIES
We use cookies on our website to improve your browsing experience and to personalize the content and ads that are displayed to you. We may also use cookies to analyze how you use our website and to track your browsing behavior.
Our third-party partners may also collect this data when you use other websites or applications that integrate with our services. We may collect this data in accordance with applicable laws and regulations, and it is used solely for the purposes described in our Privacy Policy.
2. CHILDREN
Although our services are intended for adults, we recognize the importance of protecting the privacy of children who may access our services online. We encourage parents and guardians to discuss with their children what data should be released on the Internet, especially personal data. For services offered over Platform Marketplaces
Our websites and services are not intended for children under the age of 13, and we do not knowingly may collect data from children under 13. In some geographical areas, our websites or services may not be accessible to anyone under the age of 18, regardless of whether a parent or guardian has provided consent.
If you are under 13, we request that you do not submit personal data through any of our channels. If we later learn that we have inadvertently gathered personal data from a child under the age of 13, regardless of where that child resides, we will remove this data from our records as quickly as possible.
If you believe we have any data from or about a child under 13, please contact us at privacy@mysticinteractive.com, and we will promptly take the necessary steps to remove all such data.
3. DATA WE PROCESS
A. LEGAL BASIS FOR PROCESSING
As a company operating in Seattle, Washington, and providing services globally, we are committed to complying with the Children's Online Privacy Protection Act of 1998 (COPPA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and emerging data protection and content moderation laws.
When you provide us with your personal data, we may ask for your country of residence, or we may determine your location based on your IP address or device registration country to ensure that we are complying with the required laws.
We process your personal data based on legal requirements and use several legal bases, including consent, contractual necessity, legitimate interests, legal obligations, vital interests, and public interest. We always ensure that we have a legal basis for processing your personal data and strive to make sure that the processing is fair, transparent, and proportionate to the purpose for which it is being collected and used.
For example, we typically rely on:
Consent: We ask for your consent when placing cookies on your device on the Internet (through our cookie consent banner), to send you email marketing, or to deliver third-party targeted advertising to you on our services.
Contractual Necessity: We rely on contractual necessity to process data when you participate in giveaways, purchase our games through gaming platforms, or otherwise use our services.
Legitimate Interests: We rely on legitimate interest to respond to inquiries and provide data about our services through the website contact form, evaluate job applicants for employment through job applications, to prevent fraud, enhance security and improve website functionality and user experience through analytics. We also rely on legitimate interest to analyze engagement and improve content through social media and streaming platforms, to facilitate game purchase and understand game usage through gaming platforms, and to analyze advertising and improve content through advertising partners.
Legal Obligations: We rely on a legal obligation basis to process your personal data when it is necessary for compliance with our legal obligations, such as tax and accounting obligations.
Vital Interests and Public Interests: We may process your personal data in rare cases where it is necessary to protect your vital interests or the vital interests of others, or to perform a task in the public interest. If you are a resident in a territory where our legitimate interests mentioned above are not recognized as a lawful basis under applicable law, we will identify and use other appropriate lawful bases to process your personal data such as contractual necessity or your consent.
We will always ensure that the legal basis for processing your personal data is clearly identified and documented. We will also make sure that the processing of your personal data is fair, transparent, and proportionate to the purpose for which it is being collected and used.
If you have any questions or concerns about the legal basis for processing your personal data, please contact us at privacy@mysticinteractive.com.
B. DATA MANAGEMENT OVERVIEW
We use various types of data to operate our services, improve your experience, provide you with services and support, personalize our communications with you, and maintain our legitimate business interests. Some examples of the types of data we may collect, and use include:
Personal and contact data (your name, email address, and phone number)
Account and profile data (your username, password, and preferences)
Usage data (data about how you interact with our services)
Device and browser data (IP address, device type, and browser type)
General location data (such as your general geographic location based on your IP address or GPS data)
Interaction data (including eye tracking, hand gestures, body movement, and spatial awareness data for VR gameplay enhancement)
As part of our commitment to transparency, we have developed this matrix to give you a clear understanding of the personal data we collect, process, and share, as well as the data recipients.
| Source and Purpose | Personal Data | Recipients |
|---|---|---|
| Website Inquiry: Respond to inquiries and provide information about our services | Name, email, message content | Mystic Interactive |
| Marketing Communications: Promote our services and events | Name, email, company, job title | Mystic Interactive, Email Marketing Providers |
| Social Media Analysis: Analyze engagement and improve content | Public profile data, engagement | Mystic Interactive, Social Media Platforms |
| Gaming Experience: Facilitate game purchase and understand game usage | Game activity, preferences, interaction data (for VR games) | Mystic Interactive, Gaming Platforms |
| Advertising Analysis: Analyze advertising effectiveness and content improvement | Referral info, website actions | Mystic Interactive, Advertising Partners |
| Service Improvement: Improve services and user experience | IP, browser/device type, usage data | Mystic Interactive, Analytics Providers |
| Employment Evaluation: Evaluate job applicants | Name, contact, employment history, education, resume | Mystic Interactive, Background Check Companies |
C. DATA PURPOSES
We may use these types of data for the following purposes:
Service Provision and Support: Using your personal, contact, account, profile, and usage data to deliver services, facilitate contests, manage preferences, provide support, and communicate important information about your purchases and subscriptions.
Personalization and Communication: Employing personal, contact, account, profile, usage, and location data for social sharing, targeted advertising, content recommendations, and service updates.
Operational Excellence and Safety: Applying personal, contact, account, profile, usage, device, browser, and location data to enhance service operations, safeguard against fraud, enforce policies, conduct audits, and ensure a secure and fair environment.
User Experience and Performance: Analyzing usage data, device and browser data, and interaction data (such as eye tracking, gestures, and movement) to refine game dynamics, improve VR compatibility, and optimize performance for a seamless gaming experience.
Customization and Community Engagement: Personalizing gameplay, supporting community interactions, enabling in-game communications, and fostering content creation based on gameplay data and player preferences.
Development and Content Updates: Utilizing feedback and usage data to guide iterative development, expand content, and manage virtual economies, ensuring ongoing engagement and a balanced gaming experience.
4. DATA DISCLOSURES
A. DATA TRANSFERS
We may need to transfer your personal data to third-party recipients located outside of the jurisdiction in which you reside or the jurisdiction where the data was originally collected, for the purposes outlined in this Policy. When we transfer your data to recipients located in other jurisdictions, we will take steps to ensure that your data is protected in accordance with applicable data protection laws.
If you are in the European Economic Area or the United Kingdom, please note that transfers of personal data to international recipients located outside of these territories will only be made in accordance with applicable data protection laws, including the use of appropriate safeguards such as standard contractual clauses (SCCs) approved by the European Commission or other appropriate measures.
B. DISCLOSURE EVENTS
With your consent: We may disclose your data to other recipients with your express consent, unless otherwise described below. For example, you may agree to us sharing your data with a certain company or organization to hear about their products, services, or promotions. These recipients will process the data you agree to share according to their respective privacy notices.
To protect us or others: We may access, preserve, and disclose any data we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; may collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
To cooperate in the event of merger, sale, or other asset transfer: In the event of a reorganization, divestiture, merger, sale, or bankruptcy, we may transfer all data we may collect to the relevant third-party and will obtain your consent to do so if required by law or contract.
C. RECIPIENT CATEGORIES
Authorized Agents: If you authorize an agent to make rights requests on your behalf, we may disclose your personal data to them. This may include any data we hold about you. To ensure the security of your personal data, we require identity verification and your explicit authorization that the agent is authorized to request data deletion on your behalf.
Affiliates and Business Partners: We may share personal data with our Affiliates and Business Partners who co-offer our services. These partners may include other businesses or individuals who receive your data for the purpose of assessing the effectiveness of the partnership and may receive data related to their partnership with us.
Vendors and Service Providers: We may share your personal data with vendors and service providers to help us operate our business and provide you with our services. These service providers may include website hosting providers, email marketing platforms, customer relationship management providers, and other similar service providers. We require that any service provider processing your personal data only do so on our behalf and for purposes consistent with this Privacy Policy.
Law Enforcement / Courts: We may disclose personal data to law enforcement agencies, courts, or other government bodies as required by law or legal process, or to protect our rights or the rights of others. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also disclose personal data to third parties if we believe that disclosure is necessary to prevent or investigate possible wrongdoing, such as fraud or identity theft, or to enforce our Terms of Use or other agreements. Additionally, we may share personal data with third parties if we believe that such sharing is necessary to protect the safety, property, or other rights of our users or the public, or to respond to an emergency.
5. DATA STORAGE & RETENTION
When we store and process your data we utilize technical, physical, and administrative safeguards to meet data transfer requirements set by various privacy laws.
A. STORAGE
When you access our services, including when available on third-party platforms, your personal data is generally collected by us directly and processed in the United States. Personal data we may collect may be subsequently stored and processed for the purposes set out in this Privacy and Cookie Policy in the United States or any other country in which we or our third-party distributors operate. By using our services, you acknowledge that your personal data may be transferred to recipients in the United States and other countries that may not offer the same level of privacy protection as the laws in your country of residence or citizenship.
B. RETENTION
We retain the data we collect in accordance with our Retention Policy, for as long as necessary to provide our services, and we may retain that data beyond that period if necessary for legal, operational, or other legitimate reasons.
Where possible, we may also de-identify, anonymize, or aggregate the data we may collect, or may collect it in a way that does not directly identify you. We may use and share such data as necessary for our business purposes and as permitted by applicable law.
6. DATA SECURITY
We take the security of your personal data seriously and take appropriate measures to protect it. We use a variety of physical, technical, and organizational measures to safeguard your personal data against accidental, unauthorized, or unlawful access, use, or disclosure. We also require our third-party service providers to take appropriate security measures to protect the confidentiality and security of your personal data.
Despite our best efforts, no security measure is entirely foolproof. We cannot guarantee the security of your personal data, and we cannot be responsible for unauthorized access to or theft, alteration, or destruction of your personal data. You are responsible for keeping your login credentials and passwords confidential. If you believe your account has been compromised, please contact us immediately at privacy@mysticinteractive.com.
If we become aware of a data breach that affects your personal data, we will notify you as required by applicable law. We will also take appropriate measures to mitigate the impact of the breach and prevent future occurrences.
Please note that our services may contain links to third-party websites or services. We are not responsible for the security or privacy practices of those websites or services, so we encourage you to review their privacy policies and terms of use before using or accessing them.
7. YOUR RIGHTS & CONTROLS
We believe that respecting your privacy and providing you with control over your personal data is fundamental to our relationship with you. We understand that you have a right to make choices about how your data is used and shared. With that in mind, we strive to provide you with meaningful choices and controls when it comes to the may collection and use of your data.
A. YOUR RIGHTS
Authorized Agents: You have the right to use an authorized agent to make a request to exercise your data privacy rights. If you choose to do so, we will require that you verify your identity based on data you have directly provided to us. If you use an authorized agent to submit a request to opt-out of the sale or sharing of your personal data for targeted marketing purposes, we will require your signed permission demonstrating that you have authorized the agent to act on your behalf. We take your privacy seriously and want to ensure that you have control over your personal data.
Right to be Informed: You have the right to know what personal data we may collect, how we use it, and who we share it with. We provide this information in our Policy and in any other relevant notices at points of collection.
Right of Access: You have the right to access the personal data we hold about you. While you have the right to submit access requests directly to us, we have provided comprehensive information about our data processing practices in this Policy to address any general questions you may have.
Right to Rectification: Depending on the services you interact with, you may have access to self-service tools that allow you to update your personal data directly. If you need further assistance, you have the right to request that any inaccurate or incomplete personal data we hold about you be corrected.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller. This right to data portability is intended to give you more control over your personal data and facilitate the movement of your data between different organizations.
Right to Erasure: You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent to our processing of your data.
Right to Object to Data Processing: You have the right to object to the processing of your personal data in certain circumstances, such as when the processing is for direct marketing purposes or is based on our legitimate interests.
Right to Object to Automated Decision Making: You have the right to object to decisions made about you solely based on automated processing, including profiling, if these decisions have legal or significant effects on you. We do not engage in such automated decision-making processes that may impact you, but if we do in the future, we will provide you with additional information and an opportunity to object.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when the accuracy of the data is contested, or you object to the processing.
We take your privacy seriously and strive to provide you with the means to exercise your rights under GDPR and CCPA. We will not discriminate against you for exercising these rights. However, we may need to collect certain data from you to verify your identity and respond to your requests. We will only request data that we have already collected and can internally validate. If we are unable to verify your identity, we may not be able to process your requests. If you have any questions or would like to exercise any of your individual rights, please contact us at privacy@mysticinteractive.com.
B. YOUR CONTROLS
We understand the importance of privacy and strive to create an environment that respects your personal data and are dedicated to our mission and committed to transparency. The following outlines the choices available to you and how to exercise them, enabling you to take an active role in managing your own data.
Third-Party Accounts
Our services integrate with various third-party platforms and consoles, including but not limited to social media sites like Discord, Steam, and Reddit, where you can tailor your privacy settings to control shared data. We advise reviewing these platforms' privacy policies to ensure your understanding and comfort with their data sharing practices. Additionally, our websites feature advertisements and links to third-party services; by interacting with these, you'll be navigating away from our services. It's important to consult the privacy policies of these external sites or services, as they govern your interaction and the data you may share with them.
You can review their respective policies through the links below:
Social Media Platforms:
· Reddit: Reddit.com/Policies/Privacy-Policy
Gaming Platforms:
· Meta Quest: Facebook.com/Privacy/Policy
· Valve Steam: Store.SteamPowered.com/Privacy_Agreement/
· Sony PlayStation: Playstation.com/EN-US/Legal/Privacy-Policy/
Email Communications
If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you non-promotional communications regarding us and our services regarding our services or updates to our Terms or this Privacy Policy.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Advertising
If you prefer not to receive marketing messages or sponsored content, please contact us at privacy@mysticinteractive.com and we will ensure your preferences are updated accordingly.
Some third-party services we use may offer opt-out options to their data collection practices. You can find information about how to opt-out of these services by visiting the following links:
· Google Analytics Opt-Out: Tools.Google.com/DLPage/GAOptOut
· Meta (Facebook) Pixel Ads Preferences: Facebook.com/Ads/Preferences/
· X (Twitter) Personalization Settings: Twitter.com/Personalization
Cookie controls
You may stop or restrict the placement of technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.
You can also opt-out of targeted advertising from data and advertising partners participating in self-regulatory programs through the websites provided by the online advertising industry. For more information on targeted advertising, consumer choice, and privacy, please visit the following websites:
· Network Advertising Initiative: NetworkAdvertising.org/Managing/Opt_Out.asp
· Digital Advertising Alliance: AboutAds.info/Choices/
· European Digital Advertising Alliance: YourOnlineChoices.eu/
· Digital Advertising Alliance of Canada: YourAdChoices.ca/Choices/
Please note that you must opt-out separately for each browser and device used.
If you have any questions or concerns regarding your privacy choices or how we handle your personal data, please contact us at privacy@mysticinteractive.com. You can also contact the support teams for each platform if you require further assistance managing your privacy settings.
8. GENERAL PROVISIONS
A. POLICY UPDATES
We may occasionally update this Policy. When we do, we will revise the "last updated" date at the bottom of the Policy. If there are material changes to this Policy, we will use reasonable efforts to notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification.
B. CONTACT US
If you have questions about this Policy, please email us at privacy@mysticinteractive.com or send via carrier pigeon or postal mail to our Data Protection Team to the following address:
Attn: Data Protection Team
Mystic Interactive, LLC
508 Yale Ave N, PMB 211
Seattle, WA 98109
United States
C. CONTACT A DATA PROTECTION AUTHORITY
If you have a concern about how we may collect and use data, please contact us.
If you are a California or EEA resident, you have the right to file a complaint with the California Attorney General's office or any other relevant Data Protection Authority (“DPA”) if you believe your data privacy rights have been violated. We encourage you to contact us first so that we can try to resolve your concerns. However, you may also contact your local DPA directly. To contact your local DPA, please refer to the links below:
To contact your local DPA, refer to the links below:
· California - Attorney General of California
· Europe - DPA Directory
Where appropriate, your local DPA may also forward the matter to the Department of Commerce or FTC for consideration.
Last Updated: February 2, 2024
©2024 Mystic Interactive, LLC. All rights reserved. Mystic Interactive and the Mystic Interactive logo are trademarks of Mystic Interactive, LLC and its affiliates in the U.S. and other countries. All rights reserved.