Privacy Policy
This Privacy Policy describes how Glowsoft ("we", "us", "the Studio") collects, uses and protects your personal data in connection with the game Umbral ("the Game") and its online services. It is drawn up in accordance with Regulation (EU) 2016/679 ("GDPR") and the French Data Protection Act No. 78-17 of 6 January 1978, as amended.
1.Data controller
The controller responsible for processing your personal data is:
- Glowsoft, a French simplified joint-stock company (SAS) with share capital of €1,500.00
- SIREN: 993 347 335 — SIRET (head office): 993 347 335 00024 — RCS Nevers
- Registered office: 1 Place d'Armes - 1er étage de l'INKUB, 7 B rue du 13e de Ligne, 58000 Nevers
- Represented by its president: Jérémy Macadré
- Contact email: contact@glowsoft.fr
The Studio has not appointed a Data Protection Officer (DPO). For any question regarding your data, please write to the email address above.
2.Data we collect
The Game is an online co-op FPS that relies on Epic Online Services (EOS) for authentication, matchmaking and multiplayer sessions. In this context, the following categories of data may be processed:
| Category | Examples |
|---|---|
| Account / in-game identity (via Epic) | Epic identifier (Product User ID / EOS Account ID), display name (nickname), session identifier. |
| Gameplay and multiplayer session data | Match statistics, progression, session state, squad/lobby membership, multiplayer interactions. |
| Communication data (where applicable) | In-game text and/or voice chat, if enabled, solely to route them. |
| Technical and connection data | IP address, technical device identifiers, connection and session logs, network performance data (latency), timestamps — required for multiplayer. |
| Support data | The content of the messages you send us (contact email, reports) and the information you choose to include. |
We do not knowingly collect special categories of data within the meaning of Article 9 GDPR. Some of this data is processed directly by Epic Games as infrastructure provider (see §5).
3.Purposes of processing
- Provide the online service: Epic-account authentication, matchmaking, creating and maintaining multiplayer sessions, in-game chat/voice.
- Ensure proper technical operation: match synchronization, network stability, preventing disruptions.
- Security and game integrity: preventing cheating, abuse, fraud and behavior prohibited by the Terms.
- Support and user relations: responding to your requests and handling your reports.
- Compliance with legal obligations: where applicable, responding to requests from competent authorities.
4.Legal bases (GDPR Art. 6)
| Purpose | Legal basis |
|---|---|
| Providing the online service (auth, matchmaking, sessions, voice) | Performance of a contract (Art. 6(1)(b)) — the Terms you accept to play online. |
| Security, anti-cheat, abuse prevention, service improvement | Legitimate interest (Art. 6(1)(f)) of the Studio in providing a safe, reliable service. |
| Optional features requiring your agreement (e.g. certain non-essential cookies/trackers) | Consent (Art. 6(1)(a)), where required, revocable at any time. |
| Legal obligations and responses to authorities | Legal obligation (Art. 6(1)(c)). |
5.Processors and third-party recipients
To operate multiplayer, we rely on providers acting as processors or infrastructure providers:
Epic Games / Epic Online Services
The Game uses Epic Online Services, provided by Epic Games, Inc. (United States) and its affiliates, for Epic-account authentication, matchmaking, session management and network infrastructure. As such, Epic may process some of your data (identifiers, session data, technical data) on our behalf and/or its own.
Epic's processing of your data is governed by its own privacy policy: https://www.epicgames.com/site/privacypolicy. We encourage you to read it.
We may also use other technical providers (for example, our host OVH SAS). We do not sell your personal data to third parties.
6.Transfers outside the European Union
Because the Game uses Epic Online Services, your data may be transferred to and processed outside the European Union, in particular in the United States.
These transfers are framed by appropriate safeguards under Articles 44 et seq. GDPR, in particular:
- the Standard Contractual Clauses (SCCs) adopted by the European Commission;
- where applicable, the provider's adherence to a recognized transfer framework (e.g. the EU–US Data Privacy Framework) and/or supplementary protection measures.
For further details on the safeguards implemented by Epic, please refer to its privacy policy (see §5).
7.Data retention
We keep your data only for as long as necessary for the purposes described:
| Data type | Retention period |
|---|---|
| Multiplayer session data (real-time match state) | For the duration of the session, then deleted / anonymized. |
| Technical connection logs | 12 months, unless a legal obligation requires otherwise. |
| Account / progression data linked to the Game | As long as the account is active, then 12 months after last activity. |
| Support requests | 24 months after the request is handled. |
Data processed by Epic is retained in accordance with Epic's retention policy. Some data may be kept longer in anonymized form for statistical purposes, or where required by law.
8.Your rights
Under the GDPR, you have the following rights over your personal data:
- Right of access — confirm whether your data is processed and obtain a copy.
- Right to rectification — correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — under the conditions provided by law.
- Right to restriction of processing.
- Right to object to processing based on legitimate interest.
- Right to data portability — receive your data in a structured, commonly used format.
- Right to withdraw consent at any time, where processing is based on it.
How to exercise your rights? Send your request by email to contact@glowsoft.fr. We may ask for proof of identity to handle your request securely. We aim to respond within one month.
Some requests (in particular those about data managed by Epic, such as your Epic account) may require you to contact Epic Games directly. We will assist you as far as possible.
9.Cookies and trackers
This website (these legal pages) is a static site that does not use tracking cookies or audience-analytics tools. Only strictly necessary technical elements may load. No consent banner is therefore required as it stands.
If we later add audience-measurement tools or non-essential trackers, a consent banner compliant with CNIL guidance will be implemented and such trackers will only be set with your prior consent.
In the Game, no data is collected through browser cookies; the data described in §2 is processed via Epic Online Services as part of the online service.
10.Security
We implement reasonable technical and organizational measures to protect your data against loss, unauthorized access or disclosure. Network infrastructure and authentication rely on Epic Online Services' security mechanisms. As no system is infallible, we cannot guarantee absolute security.
11.Minors
The Game is not intended for children under the applicable digital age of consent (15 in France). If you are a minor, the consent of a holder of parental authority may be required. If you believe a child has provided us with data without authorization, contact us at contact@glowsoft.fr so that we can delete it.
12.Changes to this policy
We may update this Privacy Policy to reflect legal, technical or service changes. The last-updated date appears at the top of the page. In the event of a material change, we will endeavor to inform you by an appropriate means.
13.Contact
For any question about this policy or your personal data:
Glowsoft SAS — 1 Place d'Armes - 1er étage de l'INKUB, 7 B rue du 13e de Ligne, 58000 Nevers
Email: contact@glowsoft.fr