Privacy Policy

1. Introduction

This Privacy Policy describes how Qene Games Inc ("Beemi," "we," "our," or "us") collects, uses, stores, and protects your personal information when you use our services, including the Beemi mobile application ("App"), Studio Dashboard ("Studio"), and related services (collectively, the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Children's Online Privacy Protection Act (COPPA).

2. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Purpose	Legal Basis
Account creation and authentication	Contract - necessary to provide the Service
Service delivery (game hosting, multiplayer)	Contract - performance of our agreement with you
Subscription billing and payments	Contract - processing your transactions
Analytics and service improvements	Legitimate Interest - improving user experience
Security and fraud prevention	Legitimate Interest - protecting our service and users
Marketing communications	Consent - opt-in required
Optional features (AI generation, team collaboration)	Consent - voluntary feature usage
Legal compliance and tax reporting	Legal Obligation - required by law

3. Information We Collect

3.1 Mobile App Users (Players)

A. Account Information

• OAuth Data: Email address, name, profile picture (from Google, Apple, or Facebook)
• User ID: Unique identifier assigned to your account
• Profile: Username, avatar (if you customize)
• Preferences: Language, notification settings, app preferences

B. Usage Data

• Games Played: Which games you access, play duration, completion status
• Session Data: App launch times, session duration, feature usage
• In-App Actions: Buttons clicked, screens viewed, navigation patterns
• Game Performance: Scores, achievements, progress (stored locally in games)

C. Device Information

• Device Type: Phone model, manufacturer
• Operating System: iOS or Android version
• Device Identifiers: Advertising ID (IDFA/GAID), device UUID
• IP Address: For approximate location (country-level) and security
• Network: Connection type (WiFi/cellular), carrier

D. Livestream Integration Data

• Platform Usernames/URLs: Your TikTok, YouTube, or Twitch username when you connect
• Public Interaction Data: Chat messages, gifts, likes (processed in real-time, not stored)
• Connection Status: Whether you're currently connected to a streaming platform

E. Analytics Data

• Amplitude: App usage, feature engagement, user flows
• Firebase Analytics: Crash reports, performance metrics, app stability
• Firebase Crashlytics: Error logs, stack traces for debugging

3.2 Studio Users (Creators)

A. Account Information

• Google OAuth: Email, name, profile picture
• User ID: Unique identifier
• Team Memberships: Teams you belong to, your role in each team
• API Keys: Generated for CLI access (encrypted)

B. Project Data

• Game Files: HTML, CSS, JavaScript code you create
• Assets: Images, fonts, other media you upload
• Metadata: Project names, descriptions, categories, tags
• Version History: All saved versions of your projects
• Publishing Status: Draft, published, archived states

C. AI Interaction Data

• Prompts: Text prompts you provide to AI for game generation
• Generated Code: AI-generated code (before you edit)
• Feedback: Your acceptance/rejection of AI suggestions

D. Usage Data

• Editor Interactions: Features used, time spent in editor
• Project Statistics: Number of projects, total play counts
• Collaboration: Team invitations, member activities

3.3 Automatically Collected Data (All Users)

A. Cookies and Similar Technologies

We use cookies and local storage in the Studio Dashboard. See our Cookie Policy for details.

B. Log Data

• Access Logs: IP address, timestamp, pages accessed
• Error Logs: Technical errors, failed requests
• Performance Metrics: Load times, API response times

C. SDK Telemetry

• Module Usage: Which SDK modules games use (streams, multiplayer)
• SDK Errors: Integration issues, compatibility problems
• Performance: Load times, resource usage

4. How We Use Your Information

4.1 Service Delivery and Operation

• Create and manage your account
• Authenticate and authorize access
• Host and deliver games to players
• Enable multiplayer matchmaking and room creation
• Sync game state across devices
• Process subscription payments (via App Store/Play Store)

4.2 AI Game Generation (Studio Only)

• Process your prompts to generate game code
• Learn from feedback to improve suggestions (aggregated, not personal)
• Provide code completion and debugging assistance

4.3 Multiplayer and Social Features

• Create and manage multiplayer rooms
• Generate shareable join codes
• Facilitate real-time communication between players
• Manage leadership election in multiplayer sessions

4.4 Analytics and Improvements

• Understand how users interact with the Service
• Identify popular features and games
• Detect and fix bugs and performance issues
• Optimize user experience and interface design
• Conduct A/B testing for new features

4.5 Communication

• Transactional: Account notifications, security alerts, service updates (no opt-out)
• Marketing: Newsletters, feature announcements, tips (opt-in required, easy unsubscribe)
• Support: Respond to your inquiries and help requests

4.6 Security and Fraud Prevention

• Detect and prevent unauthorized access
• Identify suspicious activities and abuse
• Enforce our Terms of Service
• Investigate violations and respond to reports

4.7 Legal Compliance

• Respond to legal requests and court orders
• Comply with tax reporting obligations
• Enforce intellectual property rights
• Protect our legal rights and interests

5. Information Sharing and Disclosure

5.1 Service Providers (Data Processors)

We share data with trusted third-party service providers who assist in operating our Service:

Service Provider	Purpose	Data Shared
Google Cloud Platform	Hosting, storage, databases	All user data (encrypted)
Firebase (Google)	Authentication, analytics, storage	Account info, usage data
Amplitude	Analytics and insights	Usage data, device info (anonymized)
Agora	Livestream technology	Connection metadata (no video/audio)
OpenAI / Anthropic	AI code generation (Studio only)	Prompts, project context
Apple / Google	Payment processing	Purchase data, subscription status

All service providers are bound by data processing agreements and required to protect your data in accordance with applicable laws.

5.2 Third-Party Platforms (User-Initiated)

When you connect to streaming platforms:

• TikTok Live: Your username, public interaction data
• YouTube Live: Channel information, live chat events
• Twitch: Username, stream metadata

You control these integrations and can disconnect at any time. These platforms have their own privacy policies that govern their data practices.

5.3 Legal Requirements

We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect the rights, property, or safety of Beemi, our users, or the public
• Investigate fraud, security, or technical issues
• Respond to claims of rights infringement

5.4 Business Transfers

If Beemi is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy:

• Your information may be transferred to the successor entity
• We will provide notice before your data is transferred and becomes subject to a different privacy policy
• The new entity must honor the commitments made in this Privacy Policy

5.5 With Your Consent

We will share information for any other purposes only with your explicit, informed consent.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you personally:

• Industry trends and benchmarks
• Platform statistics and metrics
• Research and development insights

6. International Data Transfers

6.1 Data Storage Locations

Your data is stored in:

• United States: Google Cloud Platform (primary)
• European Union: Google Cloud Platform (for EU users)

6.2 EU to US Transfers (GDPR Compliance)

When transferring personal data from the EU to the United States, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
• Google Cloud's GDPR Compliance: As our infrastructure provider
• Adequate Safeguards: Technical and organizational measures to protect data

6.3 Your Rights Regarding International Transfers

You have the right to:

• Obtain information about safeguards we use for international transfers
• Request copies of our Standard Contractual Clauses
• Object to transfers if you believe adequate protection is not in place

7. Your Privacy Rights

7.1 Rights for All Users

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Deletion: Request deletion of your account and data
• Right to Data Portability: Export your data in a machine-readable format
• Right to Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU Users)

7.3 CCPA Rights (California Residents)

California residents have the right to:

• Know: What personal information we collect, use, disclose, and sell
• Delete: Request deletion of your personal information
• Opt-Out of Sale: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

7.4 How to Exercise Your Rights

Self-Service Options:

• Account Settings: Update profile information, preferences
• Export Data: Settings → Privacy → Download My Data
• Delete Account: Settings → Privacy → Delete Account
• Unsubscribe: Click "Unsubscribe" in any marketing email

Contact Us:

• Email: dpo@qenetech.com
• Subject Line: "Privacy Rights Request - [Your Request Type]"
• Include: Your email address, specific request, verification info

Response Time: We will respond to verified requests within 30 days (45 days for complex requests with notice).

8. Data Retention

8.1 Active Accounts

We retain your personal data for as long as your account is active and you continue to use the Service.

8.2 Deleted Accounts

After you delete your account:

• Immediate: Account access terminated
• 30 days: Grace period for accidental deletion recovery
• 90 days: Data purged from live systems
• Backup retention: Data removed from backups within 6 months

8.3 Legal Holds

Data subject to legal proceedings, investigations, or regulatory requirements will be retained as required by law, even after account deletion.

8.4 Retention Periods by Data Type

Data Type	Retention Period
Account information	Duration of service + 90 days
Payment records	7 years (tax compliance)
Support inquiries	3 years after resolution
Analytics data	Aggregated: indefinitely; Personal: 26 months
Crash logs	90 days
IP logs	180 days
Studio projects (published)	Until unpublished + 30 days

9. Children's Privacy (COPPA Compliance)

9.1 Parental Notice

If we discover that we have inadvertently collected personal information from a child under 13:

• We will delete the information immediately
• We will notify the parent/guardian if we have contact information
• The child's account will be terminated

9.2 Parental Rights

Parents or guardians who believe their child under 13 has provided information to us should contact: privacy@qenetech.com

9.3 Special Protections for Teens (13-18)

For users between 13 and 18:

• We limit data collection to essential service functions
• We do not use personal data for targeted advertising
• Parents can request account deletion on behalf of their teens

10. Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies in the Studio Dashboard. For detailed information, see our Cookie Policy.

10.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and service operation (no consent needed)
• Analytics Cookies: Understand usage patterns (requires consent)
• Functional Cookies: Remember your preferences (requires consent)

10.2 Your Cookie Choices

• Cookie Banner: Manage preferences on first visit to Studio
• Settings: Update cookie preferences anytime in Studio settings
• Browser Controls: Configure browser to block or delete cookies

10.3 Mobile App Tracking

The mobile app uses device identifiers (IDFA/GAID) for analytics, not for advertising. You can:

• iOS: Settings → Privacy → Tracking → Disable "Allow Apps to Request to Track"
• Android: Settings → Google → Ads → Opt out of Ads Personalization

11. Security Measures

11.1 Technical Safeguards

• Encryption in Transit: All data transmitted using TLS 1.3
• Encryption at Rest: Data stored with AES-256 encryption (Google Cloud, Firebase)
• Database Security: Encrypted connections, role-based access control
• API Security: JWT tokens, rate limiting, input validation

11.2 Organizational Measures

• Access Controls: Least privilege principle, need-to-know basis
• Authentication: Multi-factor authentication for internal systems
• Audit Logs: Monitoring of data access and changes
• Employee Training: Regular privacy and security training

11.3 Security Audits

• Regular vulnerability assessments
• Third-party security reviews
• Penetration testing (annual)
• Code security reviews

11.4 Incident Response

In the event of a data breach:

• Immediate investigation and containment
• Notification to affected users within 72 hours (GDPR requirement)
• Notification to relevant authorities as required by law
• Detailed incident report and remediation plan

12. AI and Automated Decision-Making

12.1 AI Usage in Studio

We use artificial intelligence for:

• Code Generation: Transforming natural language prompts into game code
• Code Suggestions: Autocomplete and error detection
• Content Recommendations: Suggesting game templates and assets

12.2 No Automated Decisions Affecting Rights

We do not use automated decision-making (including profiling) to make decisions that significantly affect your legal rights or have similarly significant effects on you.

12.3 Human Review Available

You always have control over AI-generated content:

• Review and edit all AI suggestions before publishing
• Reject or modify AI-generated code
• Request human support for technical issues

12.4 AI Model Training

We may use aggregated, anonymized usage data to improve AI features, but:

• Your personal information is not used to train third-party AI models
• Your project content is not shared with other users
• You can opt out of analytics that inform AI improvements

13. Changes to This Privacy Policy

13.1 Notification of Material Changes

We may update this Privacy Policy from time to time. For material changes, we will:

• Update the "Effective Date" and "Version" at the top
• Send email notification to registered users
• Display prominent notice in the App and Studio for 30 days
• Provide 30 days before changes take effect (when legally required)

13.2 Your Acceptance

Continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree, please stop using the Service and delete your account.

13.3 Previous Versions

Previous versions of this Privacy Policy are available upon request by contacting privacy@qenetech.com.

14. Contact Information

15. Supervisory Authority (EU Users)

If you are located in the European Union and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:

• Find Your DPA: European Data Protection Board - Member List
• EU General Contact: European Data Protection Supervisor (EDPS)

However, we encourage you to contact us first at dpo@qenetech.com so we can address your concerns directly.