Privacy Policy

Updated April 25, 2023

This Privacy Policy describes how your personal information is collected, used, and shared  through the Stardust website, API, and marketplace (collectively, “the Services”).Stardust offers an easy-to-use platform for game developers to build their games in the metaverse. To use our platform, game developers – our clients – share information to us about  their end users– i.e., their players – including those users’ account information and transaction  information. We process that information on our clients’ behalf to facilitate our clients’ use of our  platform.We may also collect personal information for our own business purposes, such as information that individuals submit to us directly through the Stardust marketplace and business contact  details of potential clients who visit our website.This Privacy Policy applies to:The Stardust.gg website and any other websites or online services controlled by us and which display this Privacy Policy, andGame development services that we provide to our clients through our API.We provide a supplementary notice for California residents and notice to European users  below.

INFORMATION WE COLLECT

Information We Collect for Stardust’s Own Business Purposes
We may collect information about individuals who interact with Stardust when using our Services, such as players who use our marketplace, employees of our clients, job applicants,  and other individuals.

Information collected when you visit our website includes:

Contact details,
such as your first and last name, email and mailing addresses, and phone number.
Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
Device data, such as the manufacturer and model, operating system, IP address, location data, and unique identifiers associated with the device you use to access the platform.

Information collected when you use the Stardust marketplace includes:
Account details,
such as your first and last name, email and mailing addresses, and phone number.
Payment details, such as your USDC, Bitcoin, Ethereum, or Solana payment, or your credit card details and billing address. We use third-party payment processors, Circle and Fireblocks, to process this payment information. Stardust does not have access to this information.
Social media data, such as your handle and other information that social media platforms may share when you log-in to the Stardust marketplace using your social media accounts. The types and amount of data you share depend on the privacy settings in the social media account you connect to our platform.
Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them.
Device data, such as the manufacturer and model, operating system, IP address, location data, and unique identifiers associated with the device you use to access the platform.

Cookies and similar technologies.
Our website may use the following technologies:
Cookies, which are text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

Information We Collect From or On Behalf of Our Clients
We may collect information about end users – players who play our clients’ games – from our clients or, at clients’ requests, from their service providers. Our clients determine the scope of the information transferred to us, and the information we receive may vary by client. Typically, we may collect end users’ account and login information, in-game purchase history, user inventory and gaming settings, and other data produced by game developers using our API.Stardust processes and stores end users’ payment information using a payment widget integrated with Circle and Coinbase Commerce, our third party payment processors. Stardust does not have access to this payment information, and this information is subject to these payment processors’ privacy policies.

OUR USE OF PERSONAL INFORMATION

Our Use of Personal Information for Stardust’s Own Business Purposes
We use personal information for the following purposes or as otherwise described at the time of collection:
Services delivery, including to:Operate the Services and our business;Maintain and improve the Services and the Services’ features;Create and maintain your account;Facilitate user connections on our Services;Recommend content that might be of interest to you;Process your transactions;Communicate with you about the Services, including by sending announcements, updates, security alerts, and support and administrative messages; andProvide support for the Services, and respond to your requests, questions, and feedback.
Research and development. We may create and use de-identified information for our business purposes, including to analyze the effectiveness of our Services, to improve and add features to our Services, and to analyze the general behavior and characteristics of users of our Services. We may use this anonymous, aggregated, or de-identified data and share it with third parties for our lawful business purposes.
Compliance and protection. We may use personal information to:Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);Audit our internal processes for compliance with legal and contractual requirements and internal policiesPrevent, identify, investigate,  and deter fraudulent, harmful,  unauthorized, unethical or illegal activity, including cyberattacks and identity theft; andComply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
Marketing and advertising: We may send you marketing  communications via email as  permitted by law. You will have the ability to opt-out of our marketing and promotional  communications as described in the “Opt out of marketing communications” section below.

Our Use of Personal Information on Behalf of our Clients
We use personal information we collect from or on behalf of our clients to provide services to  our clients at their direction. We do not use this information for Stardust’s own purposes. We  use personal information only as directed or authorized by our client. Typically, we are directed  or authorized to use personal information collected on behalf of the client to:Provide, operate, maintain, secure and improve the API, including by creating new features; Create, maintain, and authenticate your account; Deliver advertising and marketing content to players on behalf of our clients;Process transactions through our third party payment processors; andProvide support for the API, and respond to your requests, questions and feedback.

PERSONAL INFORMATION SHARING
We may share personal information for the purposes set out in this Privacy Policy with:
Game developers. We may share your personal information with the game developer  from whom or on whose behalf we collected the information.
Service providers . Companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, analytics, customer  support, email delivery, payment services, and identity verification services).
Professional advisors . Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services that they render to  us.
Authorities and others . Law enforcement, government authorities, and private parties as we believe necessary to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims);(b) enforce the terms and conditions that govern the Services; and (c)protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.
Business transferees Acquirers and other relevant  participants in business  transactions (or negotiations for such transactions) involving a corporate divestiture,  merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any  portion of the business or assets of, or equity interests in, Nifty’s or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Third-party platforms and social media networks.
If you have enabled features or functionality that connect the Services to a third-party platform or social media network  (such as by logging into Stardust using your account with a third-party), we may disclose the information that you authorized us to share. We do not control the third-party platforms’ use of your personal information, which is governed by that third party’s privacy policy and terms and conditions.

Players can also share their personal information through the API with:
Other players and the public, when players create a public profile, post content, and engage in public transactions in the API;
Other businesses, when players participate in offers, promotions and other features available via the API or marketed to players; and
Social media platforms, when players choose to share content on social media.

PRIVACY CHOICES

Access to information.
To keep your information accurate, current, and complete, please contact us as specified below. We will take reasonable steps to update or correct information in our possession that you have previously submitted via the Service. Please also feel free to contact us if you have any questions about our Privacy Policy or the information practices of the Services at support@stardust.gg.
Disconnect social media companies. When you connect your social media accounts to Stardust, we notify those platforms. You may disconnect your social media accounts directly on the Services at any time.
Opt out of marketing communications. You may opt out of marketing-related communications by following the opt out or unsubscribe instructions contained in the marketing communication we send you.
Online tracking opt out.
There are a number of ways to limit online tracking, which we have summarized below:
Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

HOW WE PROTECT INFORMATION
We maintain administrative, technical, and physical safeguards designed to protect the personal information we maintain against accidental, unlawful, or unauthorized access, disclosure,  alteration, use, loss, or destruction. However, we cannot guarantee that the safeguards we  maintain will ensure the security of the personal information.

LINKS TO OTHER WEBSITES AND THIRD-PARTY CONTENT
The Services may contain links to websites and other online services operated by third parties.  In addition, our content may be integrated into web pages or other online services that are not  associated with us. These links and integrations are not an endorsement of, or representation  that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

PROCESSING PERSONAL INFORMATION IN THE US
We are headquartered in the United States. To provide our services and operate our website, it  is necessary for us to process personal information in the United States.If we transfer personal information across borders such that we are required to apply  appropriate safeguards to personal information under applicable data protection laws, we will do  so. Please contact us for further information about any such transfers or the specific safeguards  applied.

CHILDREN
Our website and services are not intended for use by children under 13 years of age. If we learn that we have collected personal information through our website or services from a child under  13 without the consent of the child’s parent or guardian as required by law, we will delete it.

CHANGES TO OUR PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time. If we make material changes to  this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on  the website.

HOW TO CONTACT US
You may contact us with questions, comments, or complaints about this Privacy Policy by email at support@stardust.gg or at the following mailing address:555 Bryant Street #120Palo Alto, Ca, 94301

NOTICE FOR CALIFORNIA RESIDENTS
The California Consumer Privacy Act of 2018(“CCPA”) requires us to provide this supplemental privacy notice to our consumers in California.Please note that we do not sell personal information.

CCPA Notice Scope
This CCPA Notice and the rights it sets out apply to the personal information we collect, use or disclose about consumers who submit personal information to us directly through the Stardust marketplace.This CCPA Notice does not apply to the personal information we collect, use or disclose about:Our game developer clients’ end-users – i.e., their players – whose information we process on our clients’ behalf to facilitate our clients’ use of our platform.Representatives of businesses who visit our website to seek to obtain our products or services.For the California residents to whom this CCPA notice does apply, the CCPA grants the following rights.

Information.
This Privacy Policy explains how we use and share your personal information through the Services, during the past 12 months. We describe the sources through which we collect personal information and the types of personal information collected in the “Information We Collect” section above. We describe the purposes for which we use and share this information in the “Our Use of Personal Information ”above.
Access
You can request a copy of the personal information that we maintain about you.Deletion . You can ask to delete the personal information that we maintain about you.Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.You are entitled to exercise the rights described above free from discrimination.

Here is how you can submit requests:

To request access to or deletion of personal information collected via the Services , please email us atsupport@stardust.gg or call us at (833) 242 - 2002

To verify your identity prior to responding to your requests , we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.

Authorized agents .California residents can empower an “authorized agent” to submit requests on their behalf.

NOTICE TO EUROPEAN USERS
VeraSafe has been appointed as Stardust Cards Corporation representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to support@stardust.gg, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:VeraSafe Ireland Ltd.Unit 3D North Point HouseNorth Point Business ParkNew Mallow RoadCork T23AT2PIreland

Legal basis for processing . We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.Processing PurposeLegal BasisService deliveryProcessing is necessary to perform the contract governing our provision of services in connection with the Services, or to take steps that you request prior to signing up for the  Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request in connection with the Services.Research and developmentThese activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).Marketing and advertisingThese activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).Compliance and protectionThese activities constitute our legitimate interests. We do not use your personal information for these activities where our interests  are overridden by the impact on you (unless we have your consent or are  otherwise required or permitted to by law).  Processing is  also necessary to comply with our legal obligations.With your consentProcessing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.

Use for new purposes . We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.If you provide us with any sensitive personal information when you use our Services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our services.

Retention.
We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes.To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cross-border Data Transfer .If we transfer your personal information from Europe to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

Your rights . European data protection laws may give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:

Access Provide you with information about our processing of your personal information and give you access to your personal information.
Correct Update or correct inaccuracies in your personal information.
Delete Delete your personal information.
Transfer Transfer a machine-readable copy of your personal information to you or a third party of your choice.
Restrict Restrict the processing of your personal information.
Object Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.You may submit these requests by email to support@stardust.gg or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.You can find your data  protection regulator here .

SECURITY AT STARDUST
As a company that provides developers with tools to build and scale blockchain gaming, Stardust understands the critical importance of security. To make sure your trust is our top priority, Stardust implements a range of measures to protect our platform and our users. Stardust uses enterprise-grade security and regular audits to ensure you’re always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 compliant and draw inspiration from several frameworks including, CIS Top 20, NIST Cybersecurity Framework, and others.

ORGANIZATIONAL SECURITY
Our program is tailored to be a custom fit to Stardust. We strive to ensure that the policies and procedures we put into place appropriately reflect our unique environment and constantly evolve with updated guidance and new industry best practices. The overall security posture at Stardust is to be preventative rather than reactive. This can only be achieved with cross-organization cooperation and by implementing well-designed security controls.

Compliance
Stardust is currently engaged with an external firm to complete our SOC2 audit and, once achieved, is committed to inviting an external firm to examine our data security annually in order to maintain our SOC 2-compliant status.

PROTECTING CUSTOMER DATA

Cloud Hosted Environment
Stardust’s infrastructure is hosted through Amazon Web Services (AWS), so all physical assets where customer data resides are managed by the cloud provider. Stardust leverages this infrastructure model and adds security controls on top of AWS. From a security standpoint, the controls are based on best practices, such as the AWS Well Architected Framework, and designed to take into account the specific data storage and processing risks associated with each aspect of the technology used at Stardust, including unique factors associated with cloud-hosted environments. Stardust uses the latest encryption technologies, multi-factor authentication, and comprehensive monitoring to ensure that user data and assets remain safe and secure

Employee Security
At Stardust we understand that security starts with our employees. They are the cornerstone of our security posture and our first line of defense. Thus, security controls are most effective when they are supported by a robust security culture. As such, we engage our employees (and contractors) in a culture of security for the entire employee lifecycle – from the time they apply to work at Stardust and throughout their time at the company. This includes background checks, mobile device management, and ongoing security awareness training.

Endpoint Security
All employee workstations are required to be enrolled in our Mobile Device Management (MDM) Solution. The security team has created appropriate restrictions and configuration profiles, and automated deployments and application updates in order to meet security objectives. All workstations are configured by default with disk encryption, firewall, and strong passwords, and lock when idle. Additionally, Stardust secures our endpoints using best-in-class endpoint detection and response malware protection to prevent both known and novel attacks. These security controls are deployed and enforced using automated scheduling via our MDM solution. Remote access, monitoring, and erasure capabilities, alongside automatic alerts, help the security team meet ongoing compliance needs.

Access Controls
Stardust strictly adheres to principles of least privilege and employs permission sets and access that reflect job roles. Wherever possible, access is restricted only to what is necessary to fulfill job responsibilities or specific project tasks. Our access request, on-boarding, and off-boarding processes help us enable, track, manage, and revoke employee access when needed. Access revocations are completed within 24 hours. The security team performs access reviews on a quarterly basis.Stardust has also implemented an enterprise-wide and centralized password manager. Having a password management solution enables employees to meet password requirements more easily and allows the security team to monitor and ensure good password hygiene throughout the company.