Diglino

Transparent Data Protocol

At Diglino Studio, we build gaming applications that rely on player engagement. To do that effectively, we require a baseline of data. This document outlines exactly what we collect, why we need it, and how we secure it. We treat your data with the same precision we apply to our codebase.

We operate under Polish and EU law (GDPR). No vague clauses, no hidden data brokering. If we don't need it to make the game run, we don't ask for it.

Information We Ingest

We distinguish strictly between account data, gameplay telemetry, and device metrics. All data ingestion endpoints are encrypted in transit (TLS 1.3) and hashed at rest.

Account & Identity

  • Email address (used solely for authentication and receipts)
  • Username (pseudonym, public facing)
  • Encrypted password hash (Argon2id)
  • Billing country (for tax compliance)

Gameplay Telemetry

  • Session duration and timestamps
  • Progression events (levels completed, items collected)
  • In-game economy transactions (virtual currency)
  • Crash logs and error states (anonymized stack traces)

Crucial Note: We do not scan your device filesystem, access your contacts, or track you across other applications.

!

Third-Party Integrations

We utilize strictly necessary processors: Google Play Services (for authentication on Android), Apple Game Center (iOS), and Stripe (payments). Each processor is bound by a Data Processing Agreement (DPA) compliant with EU standards. No data is sold to advertisers.

Purpose & Processing Logic

Every data field we collect maps to a specific function within Diglino Studio applications. We adhere to the principle of "Purpose Limitation"—data collected for one reason cannot be repurposed without explicit consent.

Function Legal Basis
Gameplay Synchronization
Contractual Necessity
Crash Analytics
Legitimate Interest
Marketing Emails
Consent (Opt-in)

Retention Schedule

  • Active Accounts: Until deletion request.
  • Inactive (12mo): Anonymized telemetry only.
  • Logs: Max 30 days (security).

Your Control Panel

Under GDPR, you hold specific rights regarding your digital footprint. We have implemented technical features to exercise these rights directly, where possible.

Operational Trade-offs

Privacy isn't absolute; it's an engineering discipline. To maintain a high-quality gaming experience, we balance strict data protection with server performance and cheat detection. Here is how we resolve those tensions.

1
Telemetry vs. Anonymity
Trade-off: We need detailed logs to fix bugs, but tracking IDs can feel invasive.
Mitigation: We use rotating session IDs (hashes) that rotate every 24 hours and are not linked to your email in analytics dashboards.
2
Social Features vs. Data Minimization
Trade-off: Leaderboards require displaying usernames and scores publicly.
Mitigation: We encourage the use of pseudonyms. We also provide a "Private Mode" that hides your profile from public searches.
3
Security vs. Friction
Trade-off: Storing session tokens securely requires strict expiration policies, which can log players out frequently.
Mitigation: We use "Silent Refresh" tokens that renew session validity without user intervention, balancing security with uptime.

Data Governance Contact

For privacy-specific inquiries or to exercise your rights, contact our designated Data Protection Officer.

  • Email: info@diglino.com
  • Address: ul. Nowy Świat 12, 00-001 Warszawa
  • Phone: +48 22 123 45 67
  • Hours: Mon-Fri: 9:00-18:00
Open Support Ticket

Policy Revisions & Jurisdiction

Notification

We will notify registered users of material changes to this policy via email. Continued use of Diglino Studio services constitutes acceptance of updated terms.

Dispute Resolution

This policy is governed by the laws of Poland. Any disputes regarding data protection should be directed initially to our DPO, and if unresolved, to the Polish Data Protection Authority (UODO).