Sandscape

Legal

Privacy Policy

Effective April 14th, 2025

1. Introduction

Welcome to Sandscape! This Privacy Policy explains how Sandscape ("we," "us," or "our") collects, uses, shares, and protects information about you when you access or use our multi-platform social gaming application, website, and related services (collectively, the "Service"). Sandscape allows users ("Users," "you," or "your") to create, play, and share AI-generated games using prompts, engage in social interactions, and participate in our creator marketplace. This policy applies to all platforms where Sandscape is available, including iOS, Android, Windows, macOS, and the Web.

By accessing or using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Service. We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy outlines our practices and your rights concerning your personal information.

Please read this Privacy Policy carefully. We may update this policy from time to time, and we will notify you of any significant changes by posting the new policy on our Service or by other means as required by law. Your continued use of the Service after such changes constitutes your acceptance of the revised policy.

2. Information We Collect

We collect various types of information to provide and improve the Service, ensure its security, and comply with legal obligations. The information we collect can be broadly categorized as follows:

  • Account Information: When you register for an account, we collect information such as your chosen username, email address, and a hashed version of your password. You may optionally provide additional profile information, such as a profile picture, display name, or bio. This information is used to create and manage your account, identify you within the Service, and facilitate social interactions.
  • User-Generated Content (UGC): The core of Sandscape involves creating games using prompts. We collect the text prompts you enter to generate games. We also collect metadata associated with the games you create, play, or share, such as game titles, descriptions, tags, thumbnails, performance metrics (e.g., play counts, ratings), and creation dates. Depending on our technical implementation and storage policies, we may also store the AI-generated game content itself. This UGC is essential for the functioning of the Service, allowing you and others to interact with the games.
  • Social Interaction Data: As a social platform, we collect information about your interactions with other users and content. This includes your connections or follows, messages exchanged with other users (if applicable), comments you post, games you like or rate, and content you share within the Service.
  • Usage Data: We automatically collect information about how you access and use the Service. This includes your gameplay activity (games played, duration, scores), interactions with platform features (buttons clicked, pages visited), device information (device type, operating system, unique device identifiers), IP address, browser type, language preferences, and referring URLs. This data helps us understand user behavior, improve the Service, personalize your experience, and troubleshoot issues.
  • Payment Information: If you subscribe to our Premium or Pro tiers, purchase Sand Coins, or engage in transactions on the Creator Marketplace, we will collect payment-related information. Typically, this is processed directly by our third-party payment processors (e.g., Stripe, PayPal, App Store, Google Play Store). We may receive transaction confirmation details (like purchase amount and date) but generally do not store your full credit card number or detailed financial account information ourselves. We will specify which third-party processors are used and link to their privacy policies.
  • Technical and Device Information: We collect technical data to ensure the Service functions correctly and securely. This includes device IDs, information about your device's hardware and software configuration, crash reports, and performance data.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to operate and analyze the Service, remember your preferences, personalize content and advertising (for free tier users), and measure usage. Please see our separate Cookie Policy for detailed information on the types of cookies used, their purposes, and how you can manage your preferences.
  • Communications Data: When you contact us for support, provide feedback, or communicate with us in any other way, we collect the content of your communications and any contact information you provide.

3. How We Use Information

We use the information we collect for various purposes related to providing, maintaining, and improving the Service. These purposes include:

  • Providing and Operating the Service: To allow you to register and manage your account, generate games using AI based on your prompts, play games created by you and others, interact with social features (profiles, connections, sharing, comments), and participate in the Creator Marketplace.
  • Improving and Personalizing the Service: To understand how users interact with the Service, analyze usage patterns and trends, gather feedback, troubleshoot issues, develop new features, and personalize your experience (e.g., suggesting games or connections).
  • Processing Payments: To process your subscription payments, purchases of Sand Coins, and transactions within the Creator Marketplace, primarily through our third-party payment processors.
  • Communication: To communicate with you about your account, service updates, new features, policy changes, and promotional offers (where permitted and with opt-out options). We also use your information to respond to your support requests and feedback.
  • Safety and Security: To maintain the security and integrity of the Service, detect and prevent fraud, spam, abuse, security incidents, and other harmful activities, verify accounts and activity, and enforce our Terms of Service and Community Guidelines.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, and to protect our rights, property, and safety, as well as the rights, property, and safety of our users or the public.
  • AI Model Training: We may use the prompts you provide and potentially other related data (in an anonymized or aggregated form where feasible) to train and improve the AI models that power the game generation features of the Service. We will strive for transparency regarding this use and provide options if required or feasible. [Optional: Add more specific details or link to a separate AI FAQ/Policy if needed].
  • Advertising (Free Tier): For users on our free tier, we may use certain non-personally identifiable or aggregated information to display contextual or targeted advertising. We aim to minimize intrusive advertising and provide relevant experiences. Please see our Cookie Policy and your settings for more information on ad personalization and opt-out choices.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), Switzerland, or the UK, we rely on several legal bases to process your personal information:

  • Performance of a Contract: We process your information as necessary to provide the Service you have requested, pursuant to our Terms of Service. This includes creating your account, generating games, enabling social features, and processing payments.
  • Legitimate Interests: We process your information for our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving and personalizing the Service, ensuring safety and security, communicating with you, analyzing usage, developing new features, and potentially for AI model training (balanced against user impact).
  • Consent: We may rely on your consent to process your information for specific purposes, such as sending certain marketing communications or using non-essential cookies. Where we rely on consent, you have the right to withdraw it at any time.
  • Legal Obligation: We may process your information when necessary to comply with a legal obligation, such as responding to lawful requests from authorities or maintaining records required by law.

5. Information Sharing and Disclosure

We do not sell your personal information in the traditional sense. However, we may share your information with third parties under the following circumstances, consistent with the purposes described in this policy and as permitted by law:

  • With Other Users: Your username, profile information (that you choose to make public), and the UGC you create or share (like prompts and generated games) are visible to other users of the Service according to your settings and the nature of the social features you use.
  • With Third-Party Service Providers: We engage third-party companies and individuals to perform services on our behalf, such as cloud hosting (e.g., AWS, Google Cloud), database management (e.g., MongoDB, Supabase), payment processing (e.g., Stripe, PayPal, App Store/Google Play in-app purchases), analytics providers (e.g., Google Analytics), AI service providers (for game generation), customer support tools, and content delivery networks. These providers only have access to the information necessary to perform their functions and are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.
  • For Legal Reasons: We may disclose your information if we believe it is reasonably necessary to comply with a law, regulation, legal process (like a subpoena or court order), or governmental request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect our rights or property or the rights or property of our users.
  • Business Transfers: In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, financing, or similar transaction or proceeding, your information may be shared or transferred as part of that transaction, subject to standard confidentiality arrangements.
  • With Advertisers (Free Tier): For users on our free tier, we may share non-personally identifiable, aggregated, or device-level information (like advertising identifiers, subject to your device settings) with third-party advertising partners to enable the delivery of targeted advertisements within the Service. We do not share information that directly identifies you (like your name or email address) with advertising partners without your explicit consent. For California residents, this sharing for cross-context behavioral advertising may constitute "Sharing" under the CPRA, and you have the right to opt-out (see Section 6).
  • With Your Consent: We may share your information for other purposes if we have obtained your explicit consent to do so.

6. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. We aim to provide these rights to all our users regardless of location where feasible.

  • Access: You have the right to request access to the personal information we hold about you.
  • Rectification: You have the right to request correction of inaccurate personal information we hold about you. You can often update your account information directly through your profile settings.
  • Erasure (Deletion): You have the right to request the deletion of your personal information, subject to certain exceptions (e.g., where we need to retain the data for legal compliance or to provide the Service).
  • Restriction of Processing: You may have the right to request that we restrict the processing of your personal information under certain circumstances.
  • Data Portability: You may have the right to receive a copy of certain personal information you provided to us in a structured, commonly used, and machine-readable format.
  • Objection: You may have the right to object to the processing of your personal information based on our legitimate interests.
  • Withdraw Consent: Where we rely on your consent to process information, you have the right to withdraw that consent at any time.

Specific Rights for California Residents (CCPA/CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of the information, the purposes for collecting, selling, or sharing it, and the categories of third parties to whom we disclose it.
  • Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: You have the right to request the correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: You have the right to direct us not to "sell" or "share" your personal information. As defined under CCPA/CPRA, "sharing" includes disclosing information for cross-context behavioral advertising. You can exercise this right by clicking the "Do Not Sell or Share My Personal Information" link [Provide Link Here - e.g., in footer/settings] or by adjusting your privacy settings within the Service.
  • Right to Limit Use of Sensitive Personal Information (SPI): If we collect SPI (as defined by CPRA) and use it for purposes beyond what is necessary to provide the Service or as permitted by law, you have the right to limit its use and disclosure. You can exercise this right via the "Limit the Use of My Sensitive Personal Information" link [Provide Link Here - if applicable].
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Exercising Your Rights:

You can exercise many of your choices through your account settings. To exercise other rights, please contact us using the details provided in Section 13 ("Contact Information"). We will need to verify your identity before processing your request and may ask for additional information to do so. We will respond to your request within the timeframes required by applicable law.

Managing Communications: You can opt-out of receiving promotional emails from us by following the unsubscribe instructions in those emails. You may still receive non-promotional communications regarding your account or our ongoing business relations.

Cookies and Tracking: Please refer to our Cookie Policy for information on how to manage cookies and tracking technologies.

7. Data Security

We implement reasonable technical and organizational measures designed to protect the security of your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments. However, please be aware that no security system is impenetrable, and we cannot guarantee the absolute security of your information. We encourage you to use strong passwords, keep your account credentials confidential, and be mindful of security risks when using any online service.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including providing the Service, complying with our legal obligations, resolving disputes, and enforcing our agreements. The criteria used to determine our retention periods include:

  • The duration of your active account and use of the Service.
  • The necessity of the data to provide the Service or for our legitimate business purposes.
  • Applicable legal or regulatory requirements (e.g., financial record-keeping, statutes of limitations).
  • The need to resolve disputes or enforce our agreements.

When personal information is no longer needed for these purposes, we will securely delete or anonymize it. If you delete your account, some information may be retained in backups for a limited period or as required by law, but will not be accessible through the Service.

9. International Data Transfers

Sandscape operates globally, and your information may be transferred to, stored, and processed in countries other than your own, including the United States, where our servers or those of our service providers may be located. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal information from regions like the European Economic Area (EEA), Switzerland, or the United Kingdom (UK) to other countries, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office, or adequacy decisions, or the EU-U.S./Swiss-U.S. Data Privacy Framework (if applicable and certified), to ensure that your information is protected in accordance with applicable data protection laws.

10. Children's Privacy

The Service is not intended for or directed at children under the age of 13 (or 16 in certain jurisdictions like the EEA). We do not knowingly collect personal information from children under this age threshold. If you are under the applicable age limit, please do not use the Service or provide any personal information to us.

If we learn that we have inadvertently collected personal information from a child under the applicable age limit without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe that we might have any information from or about a child under the relevant age, please contact us using the details in Section 13.

[Note: If Sandscape decides to allow users between 13-18 (or similar age range), specific provisions regarding parental consent for certain features or data uses might be needed depending on jurisdiction and platform policies.]

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve the Service, analyze usage, remember your preferences, and personalize your experience (including advertising for free tier users). For more detailed information about the technologies we use, the purposes for which we use them, and your choices regarding these technologies, please see our separate Cookie Policy [Provide Link to Cookie Policy Here - to be created].

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. If we make material changes, we will notify you by posting the updated policy on the Service, updating the "Effective Date" at the top, and/or by other means, such as email notification, as required by law. We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

13. Contact Information

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, please contact us at:

privacy@sandscape.ai

14. Supervisory Authority (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with a competent data protection authority if you believe that our processing of your personal information violates applicable data protection law. Contact details for data protection authorities in the EEA are available here, for the UK here, and for Switzerland here.