Privacy Overview

Product Overview

Multiplay provides infrastructure hosting and orchestration services for game developers and publishers, including bare metal server provisioning, cloud services, hybrid cloud deployments, and 24/7 operational support. The platform enables customers to run game servers at scale across a global network of infrastructure providers.

This documentation is intended to assist customers in understanding our data practices and displaying their privacy compliance to their own users and regulators. It is not a substitute for reading the underlying legal documents linked throughout.

Personal Data Collected

Personal data collected through the public portal (websites, contact forms, cookies) is described in the Privacy Statement. The remainder of this section covers data collected through the platform.

Platform Data

The categories of personal data processed through the platform — including customer account information and end user data such as IP addresses and usernames/gamertags — are defined in the Description of Transfer sections of Appendix A to the Data Processing Addendum.

Customers may upload and process additional data through the infrastructure hosting services. Multiplay processes such data strictly on behalf of and in accordance with the customer's instructions. Customers are responsible for ensuring any personal data processed through the platform is handled in accordance with applicable data protection law.

Relationship Under Privacy Laws

Multiplay's services are categorised as either Controller Services or Processor Services. The distinction between the two, and the specific roles and obligations under each applicable jurisdiction, are defined in Sections 3, 5, 6, and 8 of the Data Processing Addendum.

Legal Basis for Processing

For Processor Services, Multiplay does not determine the legal basis for processing. It is the customer's responsibility as the controller to determine the appropriate legal basis under applicable data protection law.

For Controller Services, Multiplay's legal bases for processing are set out in the Privacy Statement.

Consent

Multiplay's infrastructure hosting services do not include a built-in consent management service. If the customer determines they need to obtain consent from their end users, or provide an opt-out mechanism, they must implement this within their own application. The customer's obligations regarding consent and opt-out signal passing are set out in Section 4.5 of the DPA.

Data Subject Requests

Access

For Processor Services, the customer is responsible for actioning data access requests from their end users. Customers may access log data through the platform dashboard or API. Multiplay will provide commercially reasonable assistance as described in Section 6.2 of the DPA.

For Controller Services (account data), data subjects may contact Multiplay directly at privacy@rocketscience.gg.

Deletion

For Processor Services, the customer is responsible for actioning data deletion requests. Multiplay's obligations are set out in Section 6.5 of the DPA.

For Controller Services (account data), data subjects may contact Multiplay directly at privacy@rocketscience.gg.

Sub-Processors

See the Sub-Processors page for the current list and change notification process. The governing terms for sub-processor engagement are set out in Section 6.8 of the DPA.

Data Retention

Retention practices and the criteria used to determine retention periods are set out in Appendix A of the DPA. For Controller Services, see the Privacy Statement.

Data Transfers

Where personal data is transferred across jurisdictions, Multiplay relies on the transfer mechanisms set out in Sections 5.4 and 6.9 of the DPA.

Security

Multiplay implements appropriate technical and organizational measures to protect personal data. The security obligations applicable to Processor Services are defined in Section 6.1.4 of the DPA. The components of our information security program are described in Section 7.6 of the Terms of Service.

Child Privacy

Our policy on the collection of data from minors is set out in the Privacy Statement. If required under applicable laws, the customer must obtain verified parental consent prior to submitting child-user data through the Services.

Customer Privacy Policy Requirements

Customers are required to maintain their own publicly-accessible privacy policy and list Multiplay as a third party that may process data within their application. The specific obligations are set out in Section 4.5 of the DPA.

Data Processing Agreement

The Data Processing Addendum applies to the processing of personal data in connection with the Services. It forms an integral part of the Terms of Service and is automatically accepted upon execution of a Service Order Form.

Contact

For privacy-related inquiries, contact details are provided in the Privacy Statement.