Privacy Policy

Last updated: April 6, 2026

This Privacy Policy describes how FORGELAB DIGITAL PRODUCTS, S.L. (hereinafter, "FORGELAB", "the Company", "we", or "us") collects, uses, stores, and protects the personal data of users (hereinafter, "User", "Player", or "you") of the website atseis.comand the atseis (also stylized as @seis) online multiplayer small and medium-sized business simulation game (hereinafter, "the Service").

This policy is drafted in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (General Data Protection Regulation, GDPR/RGPD), Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

1. Data Controller

The entity responsible for the processing of your personal data is:

  • Company name: FORGELAB DIGITAL PRODUCTS, S.L.
  • NIF (Tax ID): B56945764
  • Registered office: Calle Amor de Dios, 1, 3-2, 29012, Malaga, Spain
  • Email: [email protected]
  • Website: atseis.com

2. Data We Collect

FORGELAB collects and processes the minimum amount of personal data necessary to provide the Service. The categories of data collected are as follows:

2.1. Account Data

When you register an account, we collect:

  • Username: A unique identifier chosen by you, visible to other Players within the Game.
  • Email address: Used for account identification and recovery. Not shared with other Players.
  • Password: Stored exclusively in hashed form using the bcrypt algorithm. FORGELAB never stores, accesses, or has the ability to retrieve your plain-text password.

2.2. Waitlist Data

When you join the waitlist, we collect:

  • LinkedIn profile URL: Used to verify identity and coordinate participation in upcoming game rounds. We may send you a LinkedIn connection request for coordination purposes.
  • Email address: Used solely to notify you when the next game round starts.

2.3. Game Data

Through your use of the Service, the following data is generated and stored:

  • Business information: Business name, sector, financial statements, market data, department configurations, and all other data related to your virtual business.
  • Decisions: All operational, tactical, strategic, and directive decisions made within the Game, including timestamps and parameters.
  • Game activity: Login history, game interactions, and participation records.

Game data is inherently part of the Service and is necessary for the Game to function. Certain game data (business name, sector, public financial metrics, leaderboard position) is visible to other Players as an integral part of the multiplayer gameplay experience.

2.4. Technical Data

  • IP address: Processed temporarily for rate limiting and abuse prevention purposes. IP addresses are not stored permanently in our databases and are not associated with User accounts.

2.5. Data We Do NOT Collect

For the avoidance of doubt, FORGELAB does not collect:

  • Payment information (the Service is entirely free).
  • Analytics or tracking data (we do not use Google Analytics or any similar service).
  • Location data beyond what is inherent in an IP address during rate limiting.
  • Data from social media accounts (beyond the LinkedIn URL voluntarily provided for the waitlist).
  • Biometric data, health data, or any special categories of personal data as defined in Article 9 GDPR.

3. Legal Basis for Processing

In accordance with Article 6 of the GDPR, the legal bases for processing your personal data are:

  • Performance of a contract (Art. 6.1.b GDPR): Processing of account data and game data is necessary for the performance of the contract between you and FORGELAB (i.e., providing the Service as described in the Terms of Service).
  • Consent (Art. 6.1.a GDPR): Processing of waitlist data (LinkedIn profile URL and email) is based on your explicit consent, given when you voluntarily submit the waitlist form. You may withdraw your consent at any time by contacting us.
  • Legitimate interest (Art. 6.1.f GDPR): Temporary processing of IP addresses for rate limiting and abuse prevention is based on FORGELAB's legitimate interest in maintaining the security and integrity of the Service.

4. Purpose of Data Processing

Your personal data is processed exclusively for the following purposes:

  • To create, authenticate, and manage your User account.
  • To provide and operate the Game, including running the simulation engine and storing game state.
  • To display game data (business name, public metrics) to other Players as part of gameplay.
  • To notify waitlist subscribers about upcoming game rounds.
  • To prevent abuse, enforce rate limits, and maintain the security of the Service.
  • To comply with applicable legal obligations.

FORGELAB does not process your data for profiling, automated decision-making, advertising, or any purpose other than those listed above.

5. Data Sharing and Third-Party Transfers

FORGELAB does not sell, rent, trade, or otherwise share your personal data with third parties for their own purposes. Specifically:

  • We do not share data with advertising networks.
  • We do not share data with analytics providers.
  • We do not share data with AI service providers (e.g., OpenAI, Anthropic, or similar).
  • We do not share data with payment processors (there are no payments).

Your data may be disclosed only in the following limited circumstances:

  • Infrastructure providers: Your data is stored on servers provided by our hosting provider (currently Railway). These providers act as data processors under our instructions and are bound by data processing agreements in compliance with Article 28 GDPR.
  • Legal obligations: We may disclose your data if required to do so by law, regulation, legal process, or governmental request.
  • Other Players (game data only): Certain game data (company name, sector, public financial metrics, leaderboard rankings) is visible to other Players as an inherent part of the multiplayer experience. Your email address and password are never shared with other Players.

6. International Data Transfers

Your data may be processed on servers located outside the European Economic Area (EEA), depending on our hosting provider's infrastructure. In such cases, FORGELAB ensures that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, in compliance with Chapter V of the GDPR.

7. Data Storage and Security

Your data is stored and protected as follows:

  • Database: MongoDB, with access restricted to authorized application processes only.
  • Password security: All passwords are hashed using the bcrypt algorithm before storage. Plain-text passwords are never stored or logged.
  • Authentication: User sessions are managed through httpOnly JWT (JSON Web Token) cookies, which cannot be accessed by client-side JavaScript, mitigating cross-site scripting (XSS) risks.
  • Transport security: All data transmitted between the User's browser and our servers is encrypted using HTTPS (TLS).
  • Access control: Access to production databases and servers is restricted to authorized FORGELAB personnel only.
  • Input validation: All user inputs are validated and sanitized to prevent injection attacks.

8. Data Retention

FORGELAB retains your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for as long as your account exists. Deleted permanently when you delete your account through the Settings page.
  • Game data: Retained for the duration of the game world in which it was generated. May be deleted during game resets or when you delete your account, whichever occurs first.
  • Waitlist data: Retained until invitations for the next game round are sent, after which it is deleted. If the User registers an account, the email is associated with the account and subject to account data retention.
  • IP addresses: Processed in memory for rate limiting only. Not stored permanently.

After the retention period, data is permanently deleted from our systems, including backups, within a reasonable timeframe.

9. Your Rights

In accordance with the GDPR (Articles 15-22) and the LOPDGDD, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether your personal data is being processed and, if so, to access that data. You can view your account data and game data directly through the Game interface.
  • Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data. You can update your username and email through the Settings page.
  • Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data. You can delete your account and all associated data through the Settings page. Alternatively, you may contact us to request erasure.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your data under certain circumstances.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your data based on legitimate interest.
  • Right to withdraw consent (Art. 7.3 GDPR): Where processing is based on consent (e.g., waitlist data), you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, you may:

  • Use the self-service options available in the Game interface (Settings page).
  • Send an email to [email protected] with the subject "Data Rights Request", specifying the right you wish to exercise and providing sufficient information to verify your identity.
  • Send a written request to: FORGELAB DIGITAL PRODUCTS, S.L., Calle Amor de Dios, 1, 3-2, 29012, Malaga, Spain.

FORGELAB will respond to your request within one (1) month of receipt, as required by Article 12.3 GDPR. This period may be extended by two (2) further months where necessary, taking into account the complexity and number of requests.

10. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR or applicable Spanish data protection legislation, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Espanola de Proteccion de Datos, AEPD):

  • Website: www.aepd.es
  • Postal address: C/ Jorge Juan, 6, 28001, Madrid, Spain

FORGELAB encourages Users to contact us first at [email protected] so that we may attempt to resolve any concerns before a formal complaint is filed.

11. Cookies

The Website uses a single essential cookie for authentication purposes. For complete information about cookies, please see our Cookie Policy.

12. Data Protection of Minors

The Service is not directed at children under the age of 16. FORGELAB does not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected personal data from a minor under 16, we will take steps to delete such data promptly. If you believe that a minor under 16 has provided us with personal data, please contact us at [email protected].

13. Changes to This Privacy Policy

FORGELAB reserves the right to modify this Privacy Policy at any time. Changes will be posted on this page with an updated "Last updated" date. It is the User's responsibility to review this policy periodically. Continued use of the Service after changes are posted constitutes acceptance of the modified policy. Material changes that significantly affect the processing of personal data will be communicated through the Game interface or by email where feasible.

14. Contact

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, you may contact FORGELAB through the following means:

Terms of ServiceCookie PolicyBack to home