Privacy Policy
This policy covers the shared infrastructure operated by Gak Dev Pty Ltd: the analytics pipeline (eve.gak.dev) and error reporting proxy (err.gak.dev). Product-specific policies link here for infrastructure details. See also: Loafstead privacy policy.
Who we are
Gak Dev Pty Ltd (ABN 25 642 946 763) is the data controller for the shared infrastructure described in this policy. We are based in Tasmania, Australia.
Gak Dev Pty Ltd handles personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).
Privacy contact: [email protected]
What we collect
Our products can optionally send gameplay analytics events (opt-in, off by default) and crash reports (opt-in, off by default). Neither is collected without your consent.
Analytics events may include:
- A random install ID (generated locally, not linked to your name or account)
- Event name and client-side timestamp
- App version, operating system, and build channel
- A cryptographic attestation confirming the event came from the app
- A daily-rotated hash of your IP address (used only for rate-limiting and abuse detection)
Crash reports may include app version, OS, stack trace, and game state. They do not include screen contents, window titles, or raw IP addresses.
What we do not collect
- Screen contents, window titles, or what apps you have open
- Your name, email address, or any account information
- Raw IP addresses (analytics stores only a daily-rotated hash; crash reports explicitly exclude IP)
- Keyboard input or mouse movements
We do not sell, share, or trade personal information with any third party for marketing or any purpose other than the sub-processor services listed below.
California residents: we do not sell or share personal information.
Pseudonymous data
Analytics data is pseudonymous: a random install ID links your events across sessions. This ID is not tied to your name, account, or hardware. You can reset it at any time from within the app, and you can request deletion by email.
Retention
We keep analytics events no longer than 90 days. Cloudflare Analytics Engine enforces this automatically and we do not re-ingest or archive to extend it. If this ever changes, we will update this page first.
Crash report data is automatically deleted after 90 days from our self-hosted GlitchTip instance.
IP addresses
Your IP address is seen by Cloudflare at the edge solely for rate-limiting and abuse detection within a single UTC day. We store only a daily-rotated hash. It cannot link your sessions across days, and we never write your raw IP to the analytics dataset.
For crash reports, the server receives your IP as part of the HTTPS connection. This IP appears in server access logs but is not embedded in the crash report file and is not stored alongside crash data.
Sub-processors
Analytics events are processed by Cloudflare, Inc. (United States) via Cloudflare Analytics Engine and Cloudflare Workers. Data may be processed at Cloudflare edge regions in the US, EU, and APAC.
The transfer from Gak Dev Pty Ltd (AU) to Cloudflare, Inc. (US) is covered by the Cloudflare Customer DPA, which provides contractual protections satisfying Australian Privacy Principle 8 for cross-border disclosure. For EU users, the same DPA incorporates Standard Contractual Clauses under GDPR.
See Cloudflare's sub-processor list for Cloudflare's own downstream processors.
Crash reports are stored on a self-hosted GlitchTip instance in Tasmania, Australia. No crash data is sent to any third-party cloud service.
Deletion requests
To request deletion of analytics data, email [email protected]. We will stop collecting your data within 7 days of your email. Existing events age out automatically within 90 days.
EU users: we will confirm full deletion within 30 days of your request, as required by GDPR Article 17.
To request deletion of crash report data, email [email protected] with the approximate crash timestamp. We will locate and delete the report and confirm by reply.
Children
Our products are not directed at children under 13. We do not knowingly collect analytics or crash data from children under 13. If you are a parent or guardian and believe your child has submitted data, contact [email protected] and we will delete it.
Your rights
You have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Withdraw consent at any time (via in-app Settings)
- Lodge a complaint with a supervisory authority
Contact: [email protected]
Australia: Office of the Australian Information Commissioner (OAIC), oaic.gov.au. EU/EEA: your national supervisory authority, edpb.europa.eu.
Legal details
Data controller: Gak Dev Pty Ltd (ABN 25 642 946 763)
PO Box 2119, Lower Sandy Bay, Tasmania 7005, Australia
[email protected]
Lawful basis for analytics: your consent (GDPR Article 6(1)(a)).
Lawful basis for crash reports: your consent (GDPR Article 6(1)(a)).
We do not use your data for automated decision-making or profiling.
Last updated: 19 April 2026.