Privacy Policy

Effective Date: February 1, 2026

Last Updated: February 1, 2026

At Not Yet Yeti ("NYY", "we", "us", or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website or use our B2B gaming platform services.

Key Points:

  • • We only collect data necessary for service delivery
  • • You have full control over your data (access, correction, deletion)
  • • We comply with GDPR, CCPA, and other privacy regulations
  • • We never sell your personal information to third parties

1. Information We Collect

1.1 Information You Provide

  • Contact Information: Name, email, phone number, company name
  • Business Information: Company size, industry, use case details
  • Account Credentials: Username, password (hashed), API keys
  • Communication Data: Support tickets, chat messages, email correspondence

1.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, time spent, click patterns, referral sources
  • Cookies & Tracking: See our Cookie Policy
  • Technical Logs: API calls, error logs, performance metrics

1.3 Information from Third Parties

  • Payment Processors: Transaction data, billing information
  • Analytics Providers: Google Analytics, Hotjar
  • CRM Systems: HubSpot, Salesforce data enrichment

2. How We Use Your Information

Service Delivery

Provide, maintain, and improve our B2B gaming platform, API access, and customer support.

Communication

Send service updates, security alerts, technical notifications, and respond to inquiries.

Analytics & Improvement

Analyze usage patterns, optimize performance, develop new features based on user behavior.

Security & Fraud Prevention

Detect and prevent unauthorized access, abuse, and fraudulent activity.

Compliance & Legal

Meet regulatory requirements (GDPR, UKGC, MGA), enforce terms, respond to legal requests.

Marketing (with consent)

Send promotional content, case studies, product updates. You can opt-out anytime.

3. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Data retained while account is active + 90 days after closure
  • Transaction Records: 7 years (regulatory requirement)
  • Marketing Data: Until opt-out + 30 days
  • Analytics Data: Aggregated/anonymized indefinitely

4. Your Privacy Rights

European Users (GDPR)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion ("right to be forgotten")
  • Right to Data Portability: Receive data in machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Opt-out of marketing, automated decisions
  • Right to Withdraw Consent: Revoke consent at any time

California Users (CCPA)

  • Right to Know: What data we collect and how it's used
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do NOT sell personal data
  • Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights, contact us at [email protected]. We respond to all requests within 30 days.

5. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Access Controls: Role-based permissions, multi-factor authentication
  • Monitoring: 24/7 security monitoring, intrusion detection
  • Audits: Annual third-party security audits, ISO 27001 certified
  • Incident Response: Breach notification within 72 hours (GDPR compliant)

6. International Data Transfers

Our servers are located in the EU (primary) and US (backup). When transferring data outside the EU, we use:

  • • Standard Contractual Clauses (SCCs) approved by EU Commission
  • • Adequate country determinations
  • • Binding Corporate Rules (BCRs) where applicable

7. Children's Privacy

Our services are intended for business use only (B2B). We do not knowingly collect information from individuals under 18. Our gaming content is intended for adults (18+) only and must be integrated by operators with age verification systems.

8. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email to registered users.

9. Contact Us

Data Protection Officer

Email: [email protected]

Mail: Not Yet Yeti, Data Protection Department, [Address TBD]

EU Representative: [Contact details if required under GDPR Article 27]

You also have the right to lodge a complaint with your local supervisory authority (e.g., AEPD in Spain, ICO in UK).