GDPR and Privacy Compliance
FirstLook is designed to be GDPR and privacy compliant. Since our core functionality is to collect and process data from players, we have incorporated several processes and features to help you adhere to GDPR and other privacy regulations.
FirstLook as a Data Processor
The data you collect from players belongs to you. We do not sell your data to third parties and do not use personal data for any purpose other than providing you with the FirstLook service. In the context of GDPR, we act as a “data processor” or “subprocessor,” meaning we process data on your behalf. It is your responsibility to ensure compliance when using FirstLook or processing personal data.
We follow your instructions and provide you with the tools to process data in a compliant manner.
Data Processing Agreement
As part of our standard terms of service, we enter into a Data Processing Addendum (DPA) with you when you use FirstLook. This DPA outlines the responsibilities of both parties when processing personal data. It details the scope of the data we process, the purposes and legal basis for processing, and the security measures we have in place, forming the legal basis of our relationship regarding personal data processing.
You can find the DPA here.
Compliance Features
You may need to respond to data subject requests, manage data retention, and offer players the option to opt out of email marketing. We have built several features to assist you in meeting these requirements.
Privacy-Friendly Analytics
The built-in analytics we provide are privacy-friendly. We do not use cookies to track players’ browsing activity, which means we do not need to display a cookie consent banner—a common source of friction. Learn more.
Opt-Out of Email Marketing
When sending email announcements to players, each email will include a link to unsubscribe. Players can manage their email preferences in their Dashboard.
They will still receive important emails from you, such as playtest invites or login links.
Privacy Policies
You will need to have your own privacy policy that describes why and how you process personal data.
You can inform players about this policy and require their consent during sign-up using our Clickthrough Agreements Feature. If you do not have a place to host your policy, you can use our Static Pages feature to publish it on your FirstLook instance.
Retention Policies
You can configure how long we retain data for each player after they leave your game or you remove their account. Additionally, you can set certain data to be retained for the duration of your contract with us. For example, you may have a legal requirement to keep a record of names and emails that signed a Non-Disclosure Agreement.
Regardless of your retention policy, you can fully wipe a player’s data from FirstLook at any time. We will also delete all player data when you stop using FirstLook.
Account Removal Requests
If players request account removal, you can do so by clicking the “Delete Account” button on the player’s profile page. A confirmation dialog will present you with options:
- Wipe all data instantly – This will delete all personal data associated with that player from FirstLook immediately, bypassing your configured retention policy.
- Take Action on Discord – You can kick or ban a player from your Discord server.
Deleting a player’s account will block it, and you will still be able to view their record in your Dashboard. Once a player’s data is wiped (either instantly or after the retention period), all personal information will be removed from the database. The audit log, associated keys, and other metadata will remain for your records.
You can view all deleted players in the Dashboard by filtering on the “Deleted” status.
Data Export Requests
You can export one or more players’ data from FirstLook at any time. This will download a CSV file containing all the personal data we have stored for that player. To export a single player’s data, enter their email address in the search bar and click the “Export” button.
Minimum Age Verification
To ensure you’re not unintentionally collecting data from children, we have offer Eligibility Requirements, which allows you to specify the minimum age required to participate in your playtest.
Players are asked to provide their date of birth during the signup flow. If they are under the minimum age, they will not be able to sign up to your playtest.