GameForge
Legal

Data Processing Agreement

Last updated: April 26, 2026

This Data Processing Agreement ("DPA") forms part of the agreement between GameForge ("Processor") and the customer ("Controller") governing the processing of personal data in connection with the GameForge Platform. It is designed to comply with the GDPR, UK GDPR, and analogous laws.

1. Definitions

Terms used in this DPA have the meanings given to them in the GDPR, including "personal data", "processing", "controller", "processor", and "data subject".

2. Subject Matter and Duration

GameForge processes personal data on behalf of the Controller solely for the purpose of providing the Platform's services. Processing continues for the duration of the underlying agreement and for any retention period required by law or service continuity.

3. Categories of Data and Data Subjects

Categories of personal data may include name, email address, billing information, IP address, and any personal data the Controller chooses to upload as part of project content. Data subjects may include the Controller's employees, contractors, customers, and end users.

4. Processor Obligations

GameForge will: (a) process personal data only on documented instructions from the Controller; (b) ensure persons authorized to process the data are bound by confidentiality; (c) implement appropriate technical and organizational security measures; (d) assist the Controller in responding to data subject requests; (e) notify the Controller without undue delay of any personal data breach.

5. Sub-processors

The Controller authorizes GameForge to engage sub-processors (cloud hosting, payment processing, email delivery, AI inference providers). A current list is available on request. We will notify the Controller of any intended changes and provide an opportunity to object.

6. International Transfers

Where personal data is transferred outside the EEA, UK, or Switzerland, GameForge will rely on appropriate transfer mechanisms such as Standard Contractual Clauses or adequacy decisions.

7. Audit Rights

The Controller may request, no more than once per year, evidence of GameForge's compliance with this DPA in the form of summaries of recent third-party security audits or written assurances. On-site audits may be agreed for enterprise customers.

8. Data Return and Deletion

On termination of services, GameForge will return or delete personal data at the Controller's choice, except to the extent retention is required by applicable law.

9. Liability

Each party's liability under this DPA is subject to the limitations set out in the underlying agreement.

10. Contact

To execute a signed copy of this DPA or discuss specific data processing needs, reach us via the quote form.

Questions? Get in touch via the quote form.