Privacy Policy
Last updated: 7 April 2026
This Privacy Policy explains how Nemesis Gaming (“we”, “us”, or “our”), operating the RankMyGame platform at rankmygame.com, collects, uses, shares, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data Controller
The data controller responsible for your personal data is:
Nemesis Gaming
61 Bridge Street
Kington, HR5 3DJ
United Kingdom
Email: [email protected]
2. Information We Collect
We collect and process the following categories of personal data:
Account Data
Username, email address, and password hash. This is the minimum data required to create and maintain your account.
Profile Data
Bio, avatar image, date of birth (if you opt in to age verification), and professional information (such as your role, company, or portfolio links) that you choose to add to your profile.
Content Data
Reviews, votes, guides, tips, forum posts, private messages, streams, clips, collections, and wishlists that you create on the platform.
Transaction Data
Records of purchases, subscriptions, and payouts processed through Stripe, including transaction amounts, dates, and associated account identifiers.
Technical Data
IP address, user agent string, browser type and version, device type, operating system, and screen resolution.
Usage Data
Pages visited, features used, search queries, click patterns, session duration, and referral sources.
Communication Data
Information you provide when you contact us via the contact form or submit support tickets, including the content of your messages and any attachments.
Streaming Application Data
If you apply for streaming privileges, we collect your channel name, subscriber count, country, and timezone.
Social Login Data
If you sign in via Google, Discord, or Steam, we receive profile information (such as your display name, avatar, and email address) from the respective provider as authorised by you during the OAuth flow.
3. Legal Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:
Performance of a Contract (Article 6(1)(b))
Processing your account data, transaction data, and content you post is necessary to provide you with the RankMyGame service under our Terms of Service.
Legitimate Interests (Article 6(1)(f))
We process technical and usage data for the purposes of platform security, fraud prevention, abuse detection, and improving the quality of our service. We have assessed that these interests do not override your fundamental rights and freedoms.
Consent (Article 6(1)(a))
We rely on your explicit consent for marketing emails, analytics cookies, advertising cookies, and session replay recordings. You may withdraw consent at any time (see “Your Rights” below), and withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Legal Obligation (Article 6(1)(c))
We are required to retain certain transaction records for tax purposes in compliance with HMRC requirements (7-year retention). We may also be required to disclose personal data in response to valid requests from law enforcement or regulatory authorities.
4. How We Use Your Information
We use your personal data for the following purposes:
- Providing the service — Creating and managing your account, displaying your content, processing transactions, and enabling platform features. (Legal basis: Contract)
- Security and fraud prevention — Detecting and preventing unauthorised access, spam, abuse, and other malicious activity. (Legal basis: Legitimate interest)
- Platform improvement — Analysing usage patterns to improve features, fix bugs, and optimise performance. (Legal basis: Legitimate interest)
- Communications — Sending transactional emails (e.g. password resets, account notifications) and, where you have opted in, marketing emails about new features or content. (Legal basis: Contract / Consent)
- Analytics — Understanding how users interact with the platform through anonymised and aggregated analytics. (Legal basis: Consent)
- Advertising — Displaying relevant advertisements on the platform. (Legal basis: Consent)
- Error monitoring — Identifying and resolving technical issues through error tracking and, where consented, session replay. (Legal basis: Legitimate interest / Consent)
- Legal compliance — Maintaining records as required by law, including tax records for HMRC. (Legal basis: Legal obligation)
5. Third-Party Recipients
We share personal data with the following third-party service providers who process data on our behalf or as joint controllers. Each provider is bound by a data processing agreement.
| Service | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing, payouts | Transaction data, email | US |
| Cloudflare | CDN, security, image hosting | IP, request data | Global |
| Digital Ocean | Server hosting, file storage | All server-side data | US/EU |
| PostHog | Product analytics, feature flags | Usage data (anonymised) | US |
| Google Analytics | Web analytics | Usage data (anonymised) | US |
| Sentry | Error tracking, session replay | Error data, session data | US |
| Brevo | Transactional & marketing email | Email address, name | EU |
| Mux | Video streaming & playback | Streaming telemetry | US |
| Impact | Affiliate tracking | Referral/click data | US |
| Google / Discord / Steam | Social login (OAuth) | Profile info, email | US |
6. International Data Transfers
Some of our third-party service providers are based outside the United Kingdom. When we transfer personal data to countries that have not been deemed to provide an adequate level of data protection by the UK Secretary of State, we ensure appropriate safeguards are in place.
These safeguards include the UK International Data Transfer Agreement (UK IDTA), the UK Addendum to the EU Standard Contractual Clauses, or reliance on an adequacy decision where one exists. You may request a copy of the relevant safeguard by contacting us at [email protected].
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specific retention periods are as follows:
- Active accounts — Personal data is retained for as long as your account remains active.
- Account deletion — When you request account deletion, there is a 30-day grace period during which you can cancel the request. After this period, your personal data is permanently deleted. Content you have posted (reviews, forum posts, etc.) is anonymised rather than deleted, to preserve the integrity of the platform.
- Tax records — Transaction data related to purchases, subscriptions, and payouts is retained for 7 years as required by HMRC.
- Server logs — Technical and access logs are retained for 90 days, then automatically purged.
- Analytics data — Anonymised analytics data is retained for up to 26 months.
- Error tracking — Sentry error and session replay data is retained for 90 days.
8. Your Rights Under the UK GDPR
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of Access — You have the right to request a copy of the personal data we hold about you. You can use the data export tool in your account settings, or contact us directly.
- Right to Rectification — You have the right to request correction of inaccurate personal data. You can update most information directly through your profile settings, or contact us for data you cannot edit yourself.
- Right to Erasure — You have the right to request deletion of your personal data. You can initiate this through account deletion. A 30-day grace period applies. Note that we may need to retain certain data where we have a legal obligation to do so.
- Right to Data Portability — You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV). Use the privacy settings page to download your data.
- Right to Restrict Processing — You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of your data.
- Right to Object — You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
- Right to Withdraw Consent — Where we process your data based on consent, you may withdraw that consent at any time. You can manage your marketing preferences via your email preferences, and manage cookie consent via the cookie banner.
- Rights Related to Automated Decision-Making — We do not make any decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.
To exercise any of these rights, contact us at [email protected] or use the self-service tools linked above. We will respond to your request within 30 days. In exceptional circumstances, we may extend this period by a further 60 days, in which case we will inform you of the extension and the reasons for it.
If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
9. Children's Privacy
RankMyGame is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. Where age verification is used, we verify that users meet our minimum age requirement. If we become aware that we have collected personal data from a child under 13 without appropriate parental consent, we will take steps to delete that data as soon as reasonably practicable. If you believe a child under 13 has provided us with personal data, please contact us at [email protected].
10. Cookies
We use cookies and similar technologies to operate the platform, remember your preferences, analyse usage, and deliver advertising. Strictly necessary cookies are set without consent as they are essential for the site to function. All other cookies (analytics, advertising, session replay) require your consent, which you can manage via the cookie banner.
For full details on the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.
11. Your Rights Under California Law (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Categories of personal information we collect: Identifiers (name, email, IP address), commercial information (purchase history), internet or electronic network activity (browsing history, search queries), and geolocation data (derived from IP address).
- Right to Know — You can request details about what personal information we collect and how we use it.
- Right to Delete — You can request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sharing — We do not sell your personal information. However, our use of advertising cookies (Impact) may constitute “sharing” under CPRA. You can opt out by rejecting advertising cookies via the Cookie Settings link in our footer.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise these rights, contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (using the address associated with your account) and update the “Last updated” date at the top of this page. We encourage you to review this page periodically. Your continued use of the platform after changes are posted constitutes your acknowledgement of the updated policy.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Nemesis Gaming
61 Bridge Street
Kington, HR5 3DJ
United Kingdom
Email: [email protected]