GOOD LIFE GAMES

1. Introduction and Overview

Good Life Games (“Company,” “we,” “us,” or “our”) operates the website www.goodlifegames.co and associated subscription-based gaming platform (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information about users of our Service.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of the Service immediately.

This policy applies to all users of our platform, including individual subscribers, company accounts, and visitors. It covers information collected through our website, mobile app, subscription platform, community features, and any related services.

Jurisdiction Note: Depending on your location, additional rights and protections may apply to you. See Sections 11–13 for jurisdiction-specific disclosures (CCPA/CPRA, GDPR, and Nebraska residents).

2. Information We Collect

2.1 Account Registration Data

When you create an account or subscribe to our Service, we collect:

• Account type (individual or company/organization)
• First and last name
• Email address and username
• Password (stored in encrypted, hashed form — we never store plaintext passwords)
• Full mailing address
• Phone number
• Gender (optional)
• Industry or professional context

We encourage you not to reuse passwords from other services. Good Life Games will never request your password via email or unsolicited communication.

2.2 Subscription and Billing Data

When you subscribe to a paid plan, billing and payment information is collected and processed exclusively by our third-party payment processor. We do not store, transmit, or have access to complete payment card numbers, CVV codes, or full banking details on our servers. We may receive limited transaction metadata (e.g., subscription tier, renewal date, masked card type) for account management purposes.

2.3 Usage and Technical Data

When you access and use the Service, we automatically collect:

• IP address (current and session-based)
• Device type, operating system, and browser version
• Pages visited, features accessed, and time spent on the platform
• In-app actions, game participation data, and engagement metrics
• Session duration and login frequency
• Referral sources and navigation paths

2.4 Communications and Support Data

We collect information you provide when you:

• Submit a contact or inquiry form
• Use our live chat feature
• Open a support ticket
• Respond to surveys or feedback requests
• Communicate with our team by email or phone

2.5 Community and User-Generated Content

If you participate in community features of the platform (e.g., forums, leaderboards, group activities, shared dashboards, or collaborative challenges), we collect:

• Content you post, submit, or share within the platform
• Your participation history and community interactions
• Preferences, settings, and customization choices
• Admin or group management actions (for company/team account holders)

Please be aware that content you post to public or semi-public community areas may be visible to other users. Do not post sensitive personal information in community areas.

2.6 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. A cookie is a small text file placed on your device by your browser. We use:

• Essential/Functional Cookies: Required to authenticate your session, maintain login state, and operate core features of the Service. These cannot be disabled without impairing platform functionality.
• Analytics Cookies: Used to understand how users interact with the Service, measure engagement, and identify areas for improvement. These may include first-party analytics tools.
• Preference Cookies: Used to remember your settings and personalization choices across sessions.

We do not use advertising cookies or enable third-party behavioral tracking cookies on our platform. You may control cookie settings through your browser preferences. Note that disabling essential cookies will prevent you from using core account features. For details on managing cookies, consult your browser’s help documentation.

3. How We Use Your Information and Our Lawful Basis

We process your personal information only for specific, documented purposes. Where required by applicable law (including GDPR), we identify the lawful basis for each category of processing:

• Account Management and Service Delivery — Lawful Basis: Performance of a Contract. To create and manage your account, authenticate your identity, process subscriptions, and deliver the features of the Service you have subscribed to.
• Customer Support and Communications — Lawful Basis: Performance of a Contract / Legitimate Interests. To respond to your inquiries, resolve support issues, and communicate important service updates.
• Platform Improvement and Analytics — Lawful Basis: Legitimate Interests. To analyze how the Service is used, identify bugs or performance issues, and improve features, content, and user experience.
• Personalization — Lawful Basis: Legitimate Interests / Consent. To tailor content, recommendations, and product offerings to your interests and usage patterns.
• Security and Fraud Prevention — Lawful Basis: Legitimate Interests / Legal Obligation. To monitor for unauthorized access, prevent abuse, and protect the integrity of the platform and its users.
• Legal Compliance — Lawful Basis: Legal Obligation. To meet our obligations under applicable law, including responding to lawful government requests and regulatory requirements.
• Marketing Communications — Lawful Basis: Consent (where required). To send newsletters, product announcements, or promotional content, where you have opted in. You may withdraw consent at any time.
• Sponsor and Partner Integrations — Lawful Basis: Legitimate Interests / Consent. Where our platform includes sponsor-integrated content, challenges, or branded experiences, we may use aggregated or de-identified engagement data to measure performance. We do not share individual-level identifiable data with sponsors without your explicit consent.

4. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active Account Data: Retained for the duration of your account and subscription.
• Inactive Account Data: If your account has been inactive for 36 consecutive months with no subscription activity, we may deactivate and archive your account. We will notify you before doing so.
• Billing and Transaction Records: Retained for a minimum of 7 years to comply with financial recordkeeping requirements.
• Support and Communication Records: Retained for up to 3 years following resolution of the relevant inquiry or support issue.
• Legal Hold: Certain data may be retained beyond standard periods if required for ongoing litigation, regulatory investigation, or other legal proceedings.

Upon expiration of the applicable retention period, personal information will be securely deleted or anonymized so that it can no longer be associated with you. You may request deletion of your personal information at any time. See Section 7 (Your Rights) for details.

5. How We Protect Your Information

We implement administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit using Transport Layer Security (TLS/SSL) technology
• Encrypted storage of passwords using industry-standard hashing algorithms
• Access controls limiting internal access to personal data on a need-to-know basis
• Regular vulnerability scanning and malware detection on our infrastructure
• All payment transactions are processed through PCI-compliant third-party payment gateways and are never stored on our servers

Despite our efforts, no security system is impenetrable. We cannot guarantee absolute security of data transmitted over the internet. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you in accordance with applicable law and without unreasonable delay. Where specific timeframes are mandated by law (e.g., 72 hours under GDPR for supervisory authority notification), we will comply with those requirements.

Note: We have removed the previous commitment to notify within “one business day.” That standard is inconsistent with most applicable legal frameworks, which require notification “without unreasonable delay” and only after the breach has been sufficiently investigated to provide accurate information.

6. Third-Party Disclosure and Service Providers

6.1 We Do Not Sell Your Data: We do not sell, rent, or trade your personally identifiable information to third parties for their own marketing or commercial purposes. This applies to all users, including California residents under the CCPA/CPRA.

6.2 Service Providers (Data Processors): We share limited personal information with trusted third-party service providers who assist us in operating the Service. These providers are contractually bound to process your data only on our behalf, for specified purposes, and in compliance with applicable privacy law. Categories of service providers include: Payment processing (e.g., Stripe, Braintree, or similar); Cloud hosting and infrastructure providers; Email delivery and communication platforms; Analytics providers; Customer support software; Security and monitoring services.

6.3 Sponsor and Partner Integrations: Our platform may include sponsored content, branded challenges, or partner integrations. In such cases, we share only aggregated, anonymized performance data with sponsors (e.g., participation rates, engagement metrics). We do not disclose individual user identities or contact information to sponsors without your separate, explicit consent.

6.4 Legal Disclosures: We may disclose personal information if required to do so by law, regulation, legal process, or governmental request, or where necessary to protect the rights, property, or safety of Good Life Games, our users, or others.

6.5 Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify users via email and post a notice on our website prior to any such transfer becoming effective.

6.6 International Data Transfers: Good Life Games is based in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers maintain facilities. For users located in the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights and Choices

Depending on your location, you may have the following rights. We will respond to verified requests within 30–45 days.

• 7.1 Right to Access: You may request a copy of the personal information we hold about you.
• 7.2 Right to Correction: You may request that we correct inaccurate or incomplete information.
• 7.3 Right to Deletion: You may request that we delete your personal information, subject to legal obligations (e.g., tax records).
• 7.4 Right to Data Portability: You may request a copy of your info in a structured, machine-readable format.
• 7.5 Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time.
• 7.6 Right to Object / Restrict Processing: You may object to certain processing activities, including direct marketing.

7.7 How to Submit a Request:

To exercise any of the rights above, please contact us at: Email: info@goodlifegames.co or Mail: Good Life Games, 10842 Old Mill Road, Suite 1, Omaha, NE 68154, USA.

8. Email Communications and CAN-SPAM Compliance

In accordance with the CAN-SPAM Act, we agree to: Use only truthful, non-misleading subject lines; Clearly identify messages that are advertisements; Include our physical business address; Honor opt-out requests promptly (within 10 business days); Monitor third-party email service providers for compliance.

9. Children's Privacy (COPPA)

Our Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe your child has provided us with info without consent, please contact info@goodlifegames.co and we will promptly delete it.

10. Do Not Track Signals

We honor Do Not Track (DNT) browser signals. When a DNT signal is detected, we do not plant non-essential cookies, engage in behavioral advertising, or track your browsing activity across third-party websites.

11. California Privacy Rights (CCPA/CPRA)

In the past 12 months, we have collected: identifiers; commercial information; internet activity; and inferences. California residents have the Right to Know, Right to Delete, Right to Correct, and Right to Non-Discrimination. We do not sell or share personal information for cross-context behavioral advertising.

12. EEA, UK, and Swiss User Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have rights described in Section 7. You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK).

13. California Online Privacy Protection Act (CalOPPA)

In compliance with CalOPPA, we agree: Users may visit our site anonymously; A link to this policy is on our homepage; The link includes the word 'Privacy'; Users will be notified of material changes on this page.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date, post a notice on our website, and where required by law, provide notice by email.