KeyStone

Privacy Policy

Last Updated: January 30, 2026

1. Who We Are

KeyStone ("we," "us," "our") is an early-stage, in-beta project currently not yet incorporated as a legal entity. We provide various software applications and platforms, including backend-as-a-service (BaaS) solutions for game servers, art reference board applications, and other digital tools and services (collectively, "Services"). References to KeyStone include its founders, operators, affiliates, successors, and assigns.

2. Scope of This Policy

This Privacy Policy applies to all information we collect, use, store, and process in connection with all of our Services, including our websites, applications, platforms, and any other services offered under the KeyStone name. It explains what information we collect, how we use it, who we share it with, and what rights you have regarding your data.

3. Information We Collect

We may collect various types of information from you when you access or use our Services. This includes:

  • Account Information: If you create an account, we collect your name, email address, password, username, and any other information you provide during registration or profile setup.
  • Contact Form Information: When you submit inquiries or messages through our contact forms, we collect your name, email address, subject, message content, and any other information you provide.
  • User Content: Any content, data, code, files, or materials you upload, submit, or store through our Services, including but not limited to game data, configurations, art files, and documentation.
  • Device and Technical Information: Your device type, operating system, browser type, IP address, device identifiers, and other technical specifications that help us understand how you access our Services.
  • Usage Data: Information about how you interact with our Services, including pages viewed, features used, time spent, clicks, searches, and other usage patterns collected through analytics tools.
  • Network Information: Data about your internet connection, network type (mobile, WiFi), and related technical information.
  • Advertising Identifiers: Unique identifiers assigned by advertising platforms (Google, Meta, TikTok) to track advertising performance and user engagement across their networks.

4. How We Use Information

We use the information we collect for the following purposes:

  • Provide and Improve Services: To deliver, maintain, support, and improve our Services, including technical support, bug fixes, and feature development.
  • Respond to Inquiries: To respond to your questions, comments, and requests submitted through contact forms or other communication channels.
  • Communications: To send you service-related announcements, updates, security alerts, support messages, and other administrative communications.
  • Analytics and Usage Analysis: To analyze how our Services are used, understand user behavior, identify trends, measure engagement, and optimize performance and user experience.
  • Detect and Prevent Issues: To detect, investigate, and prevent fraud, abuse, security incidents, technical issues, and other harmful or prohibited activities.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and lawful requests from government authorities.
  • Marketing and Advertising: To send you marketing communications about our Services, new features, promotions, and related products (where permitted by law and your preferences).

5. Legal Basis for Processing (UK/EU)

If you are located in the United Kingdom or European Union, we process your personal data based on the following legal grounds:

  • Contract: Processing is necessary to perform our obligations under our Terms of Service and to provide the Services you request.
  • Legitimate Interest: We have a legitimate interest in analyzing usage, improving our Services, detecting fraud and abuse, and marketing our Services, balanced against your rights and interests.
  • Consent: Where required, we rely on your explicit consent for non-essential cookies, advertising tracking, and certain marketing communications.
  • Legal Obligation: We process data when required by applicable laws, regulations, or lawful government requests.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (such as pixels, beacons, and local storage) for multiple purposes:

  • Analytics: To track usage patterns, understand how visitors interact with our Services, and measure performance metrics.
  • Advertising: To deliver targeted advertising, measure advertising effectiveness, and track conversions across our Services and partner sites.
  • Functionality: To remember your preferences, maintain login sessions, and enhance your experience.

We use a cookie banner to manage your consent preferences for non-essential cookies and tracking. You can manage your cookie preferences at any time through the banner or your browser settings. Please see our Cookie Policy for more detailed information.

7. Advertising and Analytics Providers

We work with third-party service providers who process your data on our behalf for analytics and advertising purposes:

  • Google Analytics and Google Ads: Google processes data such as your IP address, browser type, device ID, and usage patterns to provide analytics and advertising services. Google's data processing is governed by its privacy policy. Opt out of Google ads.
  • Meta Ads (Facebook): Meta processes data for targeted advertising and performance measurement. Manage Meta ad preferences.
  • TikTok Ads: TikTok processes data for advertising and analytics purposes. TikTok Privacy Center.

Each provider may process data outside your country or region. Their privacy practices are governed by their own privacy policies, and we encourage you to review them. Where applicable, these providers may participate in privacy frameworks such as the EU-US Data Privacy Framework.

8. Data Sharing

We do not sell, rent, or trade your personal data. We may share your information in the following limited circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our Services, including hosting providers, analytics vendors, advertising partners, and technical support vendors. These providers are contractually bound to use your data only as necessary to provide services to us.
  • Legal Requirements: When required by law, regulation, legal process, government request, or to protect the rights, safety, and property of KeyStone, our users, or the public.
  • Business Transfers: If KeyStone is acquired, merged, or its assets are transferred, your personal data may be transferred as part of that transaction. We will provide notice if such a change occurs.
  • Protection of Rights: To enforce our Terms of Service, protect against fraud and abuse, and protect the legal rights and safety of KeyStone, our users, and the public.

9. International Data Transfers

Your personal data may be processed, stored, and transferred outside your country of residence, including to countries that may not have the same data protection standards as your home country. When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard Contractual Clauses: We use contractual clauses approved by the European Commission to ensure adequate protection for international data transfers.
  • Adequacy Decisions: We rely on adequacy decisions where applicable (e.g., for certain countries recognized as having adequate data protection).
  • Google Cloud Infrastructure: We use Google Cloud services with data centers in multiple regions, including London (United Kingdom), Iowa (United States), and Sydney (Australia), to ensure data residency compliance where applicable.

10. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

  • Account Data: Retained while your account is active. Upon account deletion, we will delete your personal data, subject to legal retention obligations.
  • Contact Form Data: Retained as long as needed to respond to your inquiry and provide customer support, typically up to 90 days after our final response.
  • Analytics Data: Retained in aggregated, anonymized form for trend analysis and service improvement. Individual identifiers are typically removed after 24 months.

11. Your Rights

Depending on your location, you have certain rights regarding your personal data. These rights may include:

  • Right to Access: You have the right to request and obtain a copy of the personal data we hold about you.
  • Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal data, subject to certain legal exceptions.
  • Right to Object: You have the right to object to processing of your personal data for marketing, analytics, or other purposes.
  • Right to Restrict Processing: You have the right to request that we restrict how we process your personal data in certain circumstances.
  • Right to Data Portability: You have the right to request your personal data in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: If we process your data based on consent, you have the right to withdraw that consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.

To exercise any of these rights, please submit a request through our Contact form or email timdommett@icloud.com. We will respond to your request within the timeframe required by applicable law.

12. Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS protocols
  • Encryption of sensitive data at rest
  • Access controls to limit who can access your data
  • Secure hosting on Google Cloud infrastructure
  • Regular security assessments and updates

However, no security system is absolutely secure. While we strive to protect your personal data, we cannot guarantee 100% security. You are responsible for maintaining the confidentiality of your account credentials.

13. Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal data from, children under the age of 13 (or 16 in the United Kingdom and European Union). If we become aware that we have collected personal data from a child in these age groups, we will take steps to delete such data and terminate the child's access to our Services. If you believe we have collected information from a child, please contact us immediately at timdommett@icloud.com.

14. Updates to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be notified to you via email (if you have provided an email address) or by posting a prominent notice on our Services. Your continued use of the Services after any changes constitutes your acceptance of the revised Privacy Policy. It is your responsibility to review this policy periodically. The "Last Updated" date at the top of this policy indicates when it was last modified.

15. Contact

If you have questions, concerns, or requests regarding this Privacy Policy, your personal data, or our privacy practices, please contact us:

  • Via our Contact form at keystonegames.com/contact
  • By email at timdommett@icloud.com

We will respond to your inquiries and requests within the timeframe required by applicable law.