GLIZZY PRIVACY POLICY

Last updated 18 MAY 2026

This Privacy Policy (“Policy”) explains how Matrix Studios Pty Ltd (ABN 72 655 753 058) trading as Glizzy Games (“we”, “us”, “our”) collects, uses, stores and discloses personal information when you use the Glizzy platform (“Glizzy” or the “Platform”). By creating an account or otherwise using Glizzy you agree to this Policy. If you do not agree, do not use the Platform.

 

1 Introduction & Scope

1.1 About Matrix Studios & Glizzy
Glizzy is an online service that facilitates the distribution, purchase and download of indie games (“Content”) from independent creators (“Developers”). Matrix Studios Pty Ltd is headquartered in Adelaide, South Australia.

1.2 Purpose of This Policy
We respect your privacy and are committed to handling personal information transparently and in accordance with this Policy.

1.3 Voluntary Compliance With Privacy Laws
Although our annual turnover is below AUD $3 million (so we are exempt from mandatory coverage under the Privacy Act 1988 (Cth)), we voluntarily comply with the Australian Privacy Principles (“APPs”). Where we handle information about residents of other countries, we also endeavour to meet comparable overseas standards, including the EU/UK General Data Protection Regulation (GDPR).

1.4 Scope
This Policy applies to all websites, desktop applications and related services we provide under the Glizzy name. It does not apply to third-party services we do not control, even if they are linked to or integrated with Glizzy. We are committed to digital accessibility and aim to comply with WCAG 2.1 AA standards. Feedback is welcome at [email protected].

 

2 What Information We Collect

2.1 Account Information
- Email address and display name (required at sign-up)
- Developer legal name (if you register as a Developer, for verification and payouts)
- Optional two-factor-authentication data (phone number or authenticator secret, when 2FA is enabled)

2.2 IP Addresses, Device Information & Hardware ID
- IP address (logged for security, fraud detection and analytics)
- Device data (operating system, browser, screen resolution, etc.)
- Hardware fingerprint (machine ID) generated by Enigma Protector to validate licences and prevent fraud

2.3 Cookies & Analytics
- Session and preference cookies (essential); non-essential cookies can be disabled in your browser
- Google Analytics 4 (IP-anonymised) and, where used, Sentry or Hotjar for error and UX tracking

2.4 User-Generated Content
Reviews, comments, images or other materials you upload to the Platform.

2.5 Location Data & Optional Surveys
- Approximate region (country/state) derived from your IP address
- Survey responses collected only if you choose to participate

2.6 Sensitive Information
We do not intentionally collect sensitive data (e.g., health, race, religion) and request that you do not submit it.

2.7 Support Queries
Information you provide when contacting support is retained so we can respond.

 

3 How We Collect Information

3.1 Direct Collection
- Registration and profile forms
- Reviews, comments and support tickets

3.2 Automated Collection
- Server logs, cookies and analytics scripts

3.3 Third-Party Providers
- Stripe Connect – handles all developer payouts in USD and applies its own exchange rates for currency conversion.
- DigitalOCEAN - primary hosting infrastructure
- Cloudflare R2 - CDN / edge storage
- Twilio SendGrid - transactional e-mail delivery
- Mailchimp - newsletter mailing-list management

3.4 Optional Surveys
Participation is voluntary; data is collected only if you submit it.

 

4 Why & How We Use Your Information

- Operate the Platform (create accounts, authenticate users, deliver Content) - contract
- Process transactions and remit developer payouts in accordance with our Terms of Service (typically 70 % of net revenues, or up to 90 % for direct Glizzy sales) – contract; legitimate interests
- Communicate and support (service emails, security alerts) - legitimate interests; legal obligation
- Analyse and improve the Platform (usage patterns, bug fixes, new features) - legitimate interests
- Secure and prevent fraud (monitor IPs, behaviour, hardware hashes) - legitimate interests; legal obligation
- Investigate suspected fraud, abuse or policy violations - legitimate interests
- Comply with law (tax and accounting records, court orders) - legal obligation
- Send marketing emails (newsletters or promotions) - consent (opt-in)
- All transactions and payouts are denominated in United States Dollars (USD), as stated in our Terms of Service.

 

5 Disclosure of Personal Information

5.1 Service Providers
Stripe, Twilio SendGrid, Mailchimp, DigitalOcean and Cloudflare R2, all under confidentiality agreements.

5.2 Developers
When you purchase a game we share only non-identifying purchase information (transaction ID, entitlement confirmation). Your email or IP is not shared unless you expressly request developer support.

5.3 Internal Personnel
Authorised staff and contractors may access data for support, administration or enforcement.

5.4 Legal Obligations & Enforcement
We may disclose information if required by law or to protect rights, safety or property.

5.5 Business Transfers
Personal information may transfer if we merge, are acquired or sell assets.

5.6 With Your Consent
Additional sharing occurs only if you explicitly agree (e.g., a co-sponsored promotion).

5.7 Aggregated or De-Identified Data
We may publish statistics that cannot reasonably identify individuals.

5.8 No Sale of Personal Information
We do not sell or rent your personal data to third-party marketers.

 

6 International Transfers

6.1 Data Hosting
Our infrastructure and service providers may process data outside Australia (e.g., United States, EU, Asia-Pacific).

6.2 Cross-Border Safeguards
We rely on standard contractual clauses or equivalent safeguards to ensure overseas handling comparable to the APPs and GDPR.

6.3 Consent to Transfer
By using Glizzy you consent to these cross-border transfers.

 

7 Data Security & Retention

7.1 Security Measures
- HTTPS/TLS encryption in transit
- Encrypted data at rest on digitalocean-managed servers
- Role-based access controls and multi-factor authentication for staff
- Regular security reviews and penetration tests
While we use industry-standard safeguards, no online service can guarantee absolute security. We therefore cannot warrant or guarantee that your data will always be secure.

7.2 Retention Periods
- User accounts - retained until deletion request or termination, subject to legal requirements
- Transaction records - kept for at least 5 years for tax and accounting
- Encrypted backups - automatically rotated and deleted within 90 days

7.3 Notifiable Data Breaches
If a breach is likely to result in serious harm, we will notify affected users and the OAIC under the Notifiable Data Breaches scheme.

7.4 Your Responsibility
Keep your credentials secure; contact us immediately if you suspect unauthorised access.

 

8 Access & Correction

- Email [email protected] with the subject “Data Access Request” or “Data Correction Request”. We may verify your identity.
- We may refuse access in circumstances permitted by law (e.g., where granting access would unreasonably affect another person’s privacy). If we refuse, we will explain our reasons in writing.
- We aim to respond within 30 days. Requests are free unless manifestly unfounded or excessive (fee notified first).
- You can update basic account details (email, display name) in your Glizzy profile settings.

 

9 Children’s Privacy

- Under 13 - not permitted to use Glizzy
- Ages 13–14 - guardian must create and manage the account and accept the Terms and this Policy on their behalf
- 15+ - may create an account independently

Parents should monitor purchases and content suitability. If you believe a child under 13 has provided personal data, email [email protected] and we will delete it.

Games on Glizzy may carry age-classification ratings. Parents and guardians are expected to monitor their child’s usage and purchases and ensure content is age-appropriate. Parents or guardians can contact us at the email above to review, correct or delete personal information collected from their child.

 

10 Complaints & Contact

Email: [email protected]
Post: Matrix Studios - Privacy Officer
Suite 2/316 Wakefield Street, Adelaide SA 5000, Australia

We aim to respond within 30 days. If unsatisfied, you may lodge a complaint with the OAIC (www.oaic.gov.au).

 

11 Changes to This Policy

We may update this Policy periodically. The “Last Updated” date reflects the latest revision. Material changes will be announced via email or an in-app notice. Continued use of Glizzy after the effective date signifies acceptance.

 

12 Contact Information

Email: [email protected]