Privacy
Policy

*Data provided by Alpha Vantage

Privacy Notice

Effective Date: May 12, 2025

GDEV Inc. ("GDEV", "we", "us") is the holding company of the GDEV Group—an international group of gamedevelopment studios and technology companies operating in several jurisdictions worldwide.

Unless stated otherwise, GDEV Inc. is the data controller for processing described in this Policy. Subsidiary entities may act as joint controllers or processors pursuant to internal intercompany agreements compliant with GDPR Article 26/28. Where local laws impose stricter obligations, each subsidiary applies additional controls documented in local privacy addenda.

Our address: 55 Griva Digeni Str., 3101 Limassol, Cyprus.
Email: privacy@gdev.inc.

This comprehensive Privacy Policy (the “Policy”) describes how we collect, use, share, store and otherwise process personal data when you:

visit www.gdev.inc or any subdomain that links to this Policy (the “Site”);
sign up for newsletters, investor notifications or participate in surveys hosted by us;
apply for a job or engage with our recruitment team;
represent a vendor, publisher, platform, or other business partner in communication with us;
contact us by email, phone, social media or other channels;
interact with any online content or services we place on thirdparty pages (e.g. embedded forms).

PERSONAL DATA WE COLLECT

1. Website Visitors

Device & log data: IP address, useragent, operating system, language, referring/exit pages, pages viewed, date/time stamps.
Analytics data: anonymised or pseudonymised identifiers (e.g. Google Analytics Client ID) and aggregated event data.
Cookies & local storage.
Contact form data / investor enquiries: name, email, company, message contents.

2. Newsletter or Investor Update Subscribers

Email, name (optional), preferred language, engagement metrics (opens, clicks).

3. Job Applicants

Identification & contact details, CV, cover letter, test results, interview notes, references.
Work authorization, salary expectations, professional certificates.
Optional specialcategory data (e.g. disability information for accommodation) processed only with explicit consent or as required by employment law.

4. Business Partners & Vendors

Name, role, work contact details, KYC data, bank/payment details (if sole trader), copies of ID where required by law.
Contractual correspondence and performance records.

5. Social Media Interactions / Events

Public profile handle, any direct messages, content you tag us in, event attendee lists.

HOW WE USE PERSONAL DATA

Purpose	Example Activities	Legal Basis*
Operate & secure the Site	deliver content, loadbalancing, detect fraud, maintain logs	Legitimate interest (Art. 6(1)(f))
Analytics & performance	measure page views, improve UX, audience geostats	Consent (cookies) or Legitimate interest (aggregated)
Respond to enquiries	investor relations, press requests, support emails	Contractual necessity (Art. 6(1)(b)) or Legitimate interest
Send newsletters	deliver subscribed communications, record optouts	Consent (Art. 6(1)(a)); Legitimate interest for suppression list
Recruitment	screen CVs, schedule interviews, assess fit, make offers	Contractual necessity (Art. 6(1)(b)); Legitimate interest (talent pipeline)
Business partner management	negotiate & perform contracts, pay invoices, due diligence	Contractual necessity; Legal obligation (tax, AML)
Compliance & legal defense	comply with subpoenas, defend claims, protect rights	Legal obligation (Art. 6(1)(c)); Legitimate interest

*For processing of specialcategory data we rely on Art. 9(2)(a) (explicit consent) or Art. 9(2)(b) (employment & social security law obligations), whichever applies.

We never engage in automated decisionmaking that produces legal or similarly significant effects without human review (Art. 22 GDPR).

LEGAL BASES UNDER GDPR

We rely primarily on:

Contractual necessity – when processing is required to provide a service you request (e.g. evaluate a job application, reply to your message).
Legitimate interests – such as running a secure website, maintaining business records, recruiting efficiently, and marketing to existing subscribers, balanced against your interests and rights.
Consent – for email marketing (where not covered by soft optin) and nonessential cookies. You may withdraw consent at any time.
Legal obligations – fulfilling tax, accounting or employment laws, responding to lawful requests.

COOKIES & SIMILAR TECHNOLOGIES

We use cookies, SDKs, pixels and local storage to:

keep the Site reliable and secure;
remember preferences (e.g. language);
perform audience measurement;
deliver and measure marketing campaigns.

You can control cookies via your browser settings or our Cookie Banner shown on first visit. For full details see our separate Cookie Policy.

SHARING & DISCLOSURE OF PERSONAL DATA

We do not sell or rent your personal data. We share it only:

Within the GDEV Group – under intragroup data sharing agreements incorporating Standard Contractual Clauses.
With trusted service providers acting as processors under Art. 28 GDPR, e.g.:

hosting & CDN providers;
analytics & A/B testing tools;
email delivery & CRM systems;
recruiting platforms, backgroundcheck agencies;
professional advisers (lawyers, auditors, insurers).

Legal and compliance – governmental authorities, regulators, courts where we believe disclosure is required by law or needed to protect rights, property or safety.
Corporate transactions – to a buyer or investor in case of merger, acquisition or asset sale (under confidentiality safeguards).

All processors are bound by contract to keep your data confidential and secure and may use it only on our instructions.

DATA RETENTION

Data category	Retention policy
Site logs & analytics IDs	26 months then aggregated or deleted
Contact / enquiry emails	3 years after last correspondence
Newsletter subscription data	Until you unsubscribe; suppression list retained 3 years (legitimate interest)
Job applicant data	Up to 2 years after closure of all vacancies relevant to your profile, or immediate deletion upon objection; if hired, data moves to HR file
Business contracts & KYC records	Contract term + 7 years (legal obligation in most jurisdictions)
Litigation hold	Retained as long as necessary to establish, exercise or defend legal claims

After expiry we delete or anonymise data. Backups are overwritten within 30–90 days.

PROVISION OF DATA TO THIRD PARTIES

GDEV is an international game development company with operations around the world. When you use the GDEV Services, your personal information may be processed anywhere we or our partners do business, including the United States, provided that adequate technical and organizational measures are in place to ensure the security of your personal information.

To provide the Services, we may provide the Data to suppliers or agents working on our behalf. We do not sell your personal data to third parties. We may disclose the Data to third parties that provide a service to us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of third parties:

a) technical and customer support providers who assist us in the provision of the Services,

b) third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on behalf of GDEV;

c) analytical services that help us develop and improve the Project;

d) providers that help us generate and collate reviews in relation to our offers and Services;

e) advertising and promotional agencies and those organizations or online platforms selected by us to carry out marketing campaigns on our behalf and to advertise their own products or services that may be of interest to you; and/or

f) professional advisers such as solicitors, accountants, tax advisors, auditors, and insurance brokers;

g) service providers that assist us in providing our services.

We may share your personal data with our affiliates and partners in the EU / EEA and outside the EU / EEA. If the transfer of data outside the EU / EEA is not regulated by an EU Commission sufficiency decision, we base on the legal guarantees set out in Article 46 et al. Seqq. GDPR. This mainly includes EU Commission-approved Standard Contractual Clauses, which we have strengthened with additional security measures such as additional individual risk assessment, additional contractual guarantees, and technical guarantees, including additional encryption or pseudonymization, to enable international transfers with GDEV affiliates and partners outside the EU/EEA.

Learn more about the EU Commission's approved Standard Contractual Clauses.

We may share personal data with external providers or service providers or providers whom we engage to perform services or functions on our behalf and in accordance with our instructions.

If these providers are established within the EU, we ensure that they are contractually bound to comply with EU data protection regulations. We also guarantee in our contracts with these organizations that they only process personal data in accordance with our instructions and provide consistent services and protect the integrity and confidentiality of your personal data entrusted to them. We may also disclose personal information to our advisers, consultants, law enforcement and other government agencies (such as tax and social security authorities), police, prosecutors, and courts. All these recipients are themselves responsible for complying with EU data protection regulations.

Some of the suppliers we work with are located outside the European Economic Area. If the EU Commission has not recognized them as providing adequate protection of personal data, we rely on the legal guarantees described above.

The companies specified in the list may access and process your data in accordance with their own privacy policies, being an equivalent Data Controller. We encourage you to review their privacy policies to learn more about how they process data.

We may disclose your personal data as permitted by law to investigate, prevent, or act regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Policies and (or) Terms of Use or other agreements, or as required by law.

Please feel free to contact us for additional information on third country data transfers as well as our safeguards and supplementary security measures.

DATA SECURITY AND PROTECTION

GDEV respects the confidentiality of your data and strives to ensure the highest level of protection. Despite the measures we are taking to protect your information, any measures that we apply will not have any effect if you neglect the data security.

The project implemented reliable means of protection to ensure the security of your data. We do everything possible for your safety when using the Project and are constantly improving our information protection methods. As some means of protecting information from unauthorized access, alteration, disclosure or destruction, we use the following methods:

data encryption during storage and transmission;
we carry out two-stage user authentication when requesting an action with the Data;
we improve the techniques and methods of collecting, storing and processing the Data;
access to the Data, in encrypted and impersonal form, have only authorized employees, consultants or interested groups of people who need access to this information to perform their duties;
all persons having access to the Data are briefed on working with data, their knowledge and skills are systematically being checked.

In spite of all measures taken by us, your careful attitude to the Account and access to it has a great importance in the safety of your Data. To prevent unauthorized access to your Data and Account, we strongly recommend you not to share access to the account to any third parties and to comply with the rules of the project and use of the Services. In case of your violation of the Terms of Use of the Services, we will not be able to guarantee the security of your Data.

YOUR RIGHTS & CHOICES

Depending on where you live, you may have the right to:

Access the personal data we hold about you (Art. 15 GDPR);
Correct inaccurate or incomplete data (Art. 16);
Delete data in certain circumstances ("right to be forgotten", Art. 17);
Restrict processing (Art. 18);
Object to processing based on legitimate interests or direct marketing (Art. 21);
Data portability – receive data you provided in a machinereadable format (Art. 20);
Withdraw consent at any time when processing relies on consent (Art. 7(3));
Complain to a supervisory authority. In the EEA you may contact the authority of your habitual residence or place of work; our lead authority is the Office of the Commissioner for Personal Data Protection, Cyprus.

We will not discriminate against you for exercising your rights. To make a request, email privacy@gdev.inc.

Optout & Unsubscribe Mechanisms

Emails: Click the “unsubscribe” link in any marketing email or reply with “unsubscribe”.
Newsletter account: Use preference centre link (if provided).
Recruitment data: Email privacy@gdev.inc with subject “Applicant Data Deletion”. We will confirm and erase your data within 30 days unless retention is legally required.
Cookies: Adjust browser settings or reject nonessential cookies via our banner.

Children’s Privacy

Our Site is intended for individuals aged 16 or older. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Policy to reflect legal, technical or business developments. The “Effective Date” at the top indicates when it was last revised. Material changes will be notified via the Site or, where appropriate, by email. Continued use of the Site after the update signifies acknowledgement of the revised terms.

Contact Us

GDEV Privacy Office
55 Griva Digeni Str., 3101 Limassol, Cyprus
Email: privacy@gdev.inc

PrivacyPolicy

Privacy
Policy