Privacy Policy

Last updated: February 2026

In this privacy policy ("Privacy Policy"), it is described how MIXRIFT including its affiliates ("MIXRIFT") Processes Personal Data. For more information and/or to exercise rights as a Data Subject, contact information to MIXRIFT can be found under Contact Information.

The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these jurisdictions, please see the privacy addendum for your jurisdiction that is attached to this Privacy Policy.

1. Definitions

• User means any entity, organization, corporation or living natural person that uses the Services and/or interacts with MIXRIFT in any way.
• Data Processor means anyone who Processes Personal Data on behalf of a Data Controller.
• Data Controller means a legal entity, who alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
• Data Protection Legislation means the applicable data protection legislation such as Regulation (EU) 2016/679 (General Data Protection Regulation; the "GDPR") and any other applicable data protection legislation.
• EU/EEA means the European Union/European Economic Area.
• Personal Data means any information that, directly or indirectly, can identify a natural person.
• Processing means any operation or set of operations performed with regard to Personal Data, whether or not performed by automated means, such as collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, combination, blocking, erasure or destruction.
• Recipient means a natural or legal person, public authority or another body, to whom Personal Data may be disclosed to by MIXRIFT.
• Services means any of MIXRIFT' services and/or games as well as communications provided on MIXRIFT' websites and other electronic channels.

General

This Privacy Policy describes how MIXRIFT as a Data Controller Processes User's Personal Data on a general level. Specific information about further Processing can be found in separate agreements, websites or other documents related to MIXRIFT.

MIXRIFT may need to Process Personal Data in order to provide the Services to the Users, fulfill legal obligation or for the performance of agreements. If a User chooses not to provide or submit Personal Data in the Services, it may prevent MIXRIFT from fulfilling the above mentioned obligations. In some cases, Users may not be able to use and access the Services, such as multiplayer features of the games provided by MIXRIFT.

MIXRIFT ensures the confidentiality of Personal Data and has implemented appropriate technical and organizational measures to safeguard Personal Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction or any other unlawful Processing.

MIXRIFT may use approved Data Processors for Processing Personal Data. MIXRIFT ensures that Data Processors Process Personal Data under documented instructions of MIXRIFT which are in accordance with adequate and required security measures in accordance with Data Protection Legislation.

Personal Data of Children

The Services are not directed or intended for children and MIXRIFT does not knowingly collect Personal Data from children under 18 years old in the Services. MIXRIFT prohibits submission of Personal Data by children, unless sent under the supervision of their parent or guardian. It is important to safeguard the privacy of children and MIXRIFT encourages parents to regularly monitor their children's use of online activities. MIXRIFT will promptly delete Personal Data submitted by children unless legally obligated to retain such data.

MIXRIFT requests that any parents of children under the age of 18 that may have submitted Personal Data to make contact at [email protected].

Security

MIXRIFT has taken reasonable steps to ensure that Personal Data it collects is secure and reasonable measures are put in place to protect the confidentiality, security, and integrity of the Personal Data collected from our Users. Personal Data is stored in secure operating environments that are not available to the public and that are only accessible to authorized employees and contractors. MIXRIFT also has security measures in place to protect the loss, misuse, and alteration of the information under our control.

Please note that MIXRIFT may provide links to other games and websites that are operated and hosted by third parties who may have their own privacy policies. The Processing of Personal Data by third parties in other games and websites are governed by their own privacy policies, which may be substantially different from this Privacy Policy.

Any improper collection or misuse of User Created Content or information provided in the Game is a violation of the Terms of Use and should be reported to MIXRIFT at [email protected].

Collection of Personal Data and Categories of Data Subjects

MIXRIFT primarily collects from and Processes Personal Data of Users of the Services, such as players of the games provided by MIXRIFT. Personal Data may be collected from Users directly, by User's submission of Personal Data and/or automatically from the use of the Services. MIXRIFT may also save electronic communications or otherwise document MIXRIFT' interaction and communication with Users in various electronic channels. MIXRIFT also collects non-personally identifiable information, such as anonymous gameplay data and statistical information, derived from the Services, in order to improve the Services.

MIXRIFT also collects and Processes Personal Data from prospective customers, agents, legal representatives, corporate representatives, signatories, shareholders, contact persons, board members, job applicants and visitors of MIXRIFT' offices.

MIXRIFT may also collect Personal Data from other sources, such as third party sites or platforms, newspapers, blogs, instant messaging services in order to improve and provide the Services as well as a more personalized experience. MIXRIFT will in some cases ask for email addresses for sales and marketing purposes.

Game Server Data

For certain multiplayer titles (including Hell Horde and Battle Orb), MixRift operates a game server to provide gameplay functionality including progress saving, leaderboards, and score tracking. The following data is collected and stored:

• Oculus/Meta User ID (a pseudonymised identifier that does not include name, email, or other directly identifying information)
• Gameplay data including scores, game progress, save states, and leaderboard entries

This data is stored on a server hosted by Digital Ocean B.V. located in the European Union. All data is encrypted in transit (SSL/TLS) and at rest (disk encryption). The legal basis for this Processing is legitimate interest (Article 6(1)(f) GDPR) — providing the gameplay functionality that players reasonably expect. This data is retained for a maximum of 5 years from the date of last player activity, after which it is deleted.

Categories of Personal Data

The main categories of Personal Data Processed by MIXRIFT include:

• Identification and contact information such as name, personal identification code/number, internet protocol (IP) address, online nickname, date of birth, address, telephone number, email address and country of residence.
• Communication information such as complaints/support matters in voice/written form, images and/or audio recordings, emails, messages and other communications such as social media.
• Electronic interaction information such as the type of browser that is used, the type of operating system that is used, the IP address or other unique identifier such as a device identifier of any computer(s) or device(s) that are used to access electronic channels.

Legal Basis and Purpose of Processing

Performance of Agreements

MIXRIFT Processes Personal Data to fulfill obligations in agreements with external parties. This Processing relates to the execution, documentation and administration of agreements entered into by MIXRIFT. Examples of purposes for Processing are to verify transactions with business partners, to perform play- and beta tests and to provide the games as part of the Services.

Legal Obligations

MIXRIFT Processes Personal Data in order to fulfill legal obligations imposed by regulators. Examples of purposes for Processing are to identify Users in order to make sure that MIXRIFT does not collect Personal Data from children as well as to comply to bookkeeping obligations.

Consent

MIXRIFT Processes Personal Data in some cases when Users have provided their consent to it and the provided consent can always be withdrawn. An example of purpose for Processing is when subscribing to MIXRIFT' newsletter.

Legitimate Interest

MIXRIFT Processes Personal Data based on MIXRIFT' legitimate interest. MIXRIFT have concluded this Processing necessary for the interest pursued by MIXRIFT, which outweighs the User's interest of protection of the Personal Data. Examples of purposes for Processing are to improve the Services, to provide personalized offers and direct marketing and to organize competitions and campaigns.

Cookies

Cookies are used by MIXRIFT for different purposes when visiting MIXRIFT' websites.

Recipients of Personal Data

Based on the legal bases and the purposes for Processing by MIXRIFT, MIXRIFT may share User's Personal Data with Recipients to Process Personal Data as a Data Processor. MIXRIFT will only share necessary Personal Data for the purposes of the disclosure and never for the Recipient's own purposes. Further, MIXRIFT will only share Personal Data if the Recipients have ensured an adequate level of protection of the Personal Data in accordance with Data Protection Legislation. MIXRIFT may also share anonymous or aggregated information, or other data that is not considered Personal Data with third parties.

Third Party Agents / Contractors / Developers

Where applicable the Recipient's Processing of Personal Data will not be covered by this Privacy Policy. In such instances you must review such Recipients' privacy policies.

Location of Processing

In some cases MIXRIFT may transfer and share Personal Data to third parties (including service providers operating on behalf of MIXRIFT) which may be located in countries outside the EU/EEA which may not have the same level of data protection laws as those in the country where the User is located. Where Personal Data is transferred to a country outside the EU/EEA that is not subject to an adequacy Data Protection Legislation, the transfer will only occur if there are appropriate safeguards in place such as (i) an agreement with the EU Standard Contractual Clauses, code of conducts, certifications or other clauses compliant and in accordance with Data Protection Legislation, or (ii) the country outside EU/EEA has an adequate level of data protection as approved by the EU Commission.

Retention Period of Personal Data

MIXRIFT will not retain Personal Data longer than necessary for the purposes for the Processing carried out by MIXRIFT unless required by Data Protection Legislation. MIXRIFT may need to retain Personal Data in order to establish, exercise or defend a legal claim or to comply with applicable law, including accounting rules. Personal Data is deleted or anonymized by MIXRIFT as soon as it no longer serves the purpose it was collected and Processed for.

Data Subject's Rights

User's have the following general rights as Data Subjects regarding the Processing of Personal Data carried out by MixRift:

• Right to correction — Users can request to correct the Personal Data if the Personal Data is incorrect, incomplete or inadequate.
• Right to objection — Users can object to the Processing for certain purposes, such as direct marketing.
• Right to erasure — Users can require the Personal Data to be deleted.
• Right to restriction — The User can restrict the Processing, for example when the amount of Personal Data necessary for Processing is contested by the User.
• Right to information and access — Users can receive information if their Personal Data is Processed and gain access to their Personal Data.
• Right to receive a copy — Users can request to receive their Personal Data that is Processed, provided that the Processing is based on agreement or consent. If technically feasible, the User may request that the Personal Data is transferred to another Data Controller.
• Right to withdraw consent — Users can withdraw their consent to the Processing of Personal Data.
• Right to not be subject to automated decision-making — Users can request that their Personal Data is not part of Processing for any automatic decision-making, including profiling, if such processing has any significant or legal effects.

Please note that the above described rights may be limited if the Personal Data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

To invoke any of the rights described above or for more information, Users may contact MIXRIFT at any time by emailing [email protected]. MIXRIFT will process and answer requests without undue delay and in any event within one month of the receipt of the request unless a longer period is required due to the complexity of the request. In this case, the response time can be up to three months in total.

Changes to the Privacy Policy

This Privacy Policy applies to all Personal Data collected or provided to MIXRIFT. This Privacy Policy is subject to change and MixRift may make any necessary changes to this Privacy Policy. MIXRIFT will notify Users of material changes by providing information about the changes in the Services. Users are encouraged to check back and review this Privacy Policy from time to time. All continued use of and access to the Services is subject to this Privacy Policy and will signify Users acceptance of Privacy Policy and any potential changes to it.

Contact Information