Skip to main content
MystikGames Independent game developer
Studio Work Principles Fragments Contact

Legal

Privacy notice

How personal information is handled when you use the MystikGames website.

Last updated: 29 June 2026
On this page Who controls your data Information we collect How and why we use it Analytics How long we keep it Your rights

1. Who controls your personal data

MystikGames is the controller responsible for personal information processed through this website. You can contact us about privacy by using the private contact form.

If MystikGames is operated through a registered company, its formal company details must be added to config/site.php before launch and displayed as required by UK company law.

2. Information we collect

Information you choose to provide

When contact handling is enabled, the form may collect your name, email address, organisation, enquiry type, message and any other information you choose to include.

Contact-form storage and delivery

Enquiries may be stored in the private MystikGames backend and may also be sent to MystikGames by email. The website does not add enquiries to a marketing list.

The backend records whether the email notification was sent, the enquiry status, private admin notes and limited technical information used to protect the form from abuse.

Technical information

The web host may create security and access logs containing information such as IP address, browser type, requested page, date and time. These logs are generally required to operate and protect the website.

3. How and why we use personal information

Enquiry information is used to read, assess and respond to your message; maintain appropriate business records; prevent abuse; and protect legal rights.

The expected lawful basis is legitimate interests in operating the studio and responding to genuine enquiries. Where processing is necessary to take steps at your request before entering a contract, that basis may also apply.

We do not use contact details for unrelated marketing unless a separate, valid choice is provided.

4. Website analytics

The website may use internal, first-party analytics to count page views, Signal Fragment views and Signal Fragment clicks. This is used to understand which pages and articles are useful.

The analytics system does not use advertising identifiers, third-party trackers or cross-site profiling. It stores a daily one-way visitor hash derived from technical request information so repeat views can be counted without storing a plain visitor identity.

Analytics records are kept for the configured retention period and then removed.

5. Sharing and international transfers

Personal information may be processed by providers that host or secure the website, database and business email. Their access is limited to what is reasonably necessary to provide those services.

We do not sell personal information. If a provider processes data outside the United Kingdom, the relevant transfer arrangements and safeguards must be reviewed and reflected in this notice.

6. How long we keep information

Routine enquiries should be kept only as long as reasonably necessary to respond and maintain relevant business records. A practical starting period is up to 24 months after the last meaningful contact, unless a longer period is required for an active contract, dispute, legal obligation or security investigation.

Short-lived abuse-prevention records expire after the configured rate-limit window. Analytics records are retained only for the configured analytics window.

7. Your data protection rights

Depending on the circumstances, UK data protection law may give you rights to access, correct, erase or restrict personal information, object to certain processing, and receive portable data. You may also withdraw consent where consent is the basis used.

Use the contact form to make a privacy request. We may need to verify your identity before acting on it.

You can complain to the UK Information Commissioner’s Office if you believe your information has been mishandled. We would appreciate the opportunity to address the issue first.

8. Security

Reasonable technical and organisational measures are used to protect the website, including server-side validation, CSRF protection, rate limiting, admin authentication and restricted upload handling. No internet service is completely risk-free.

9. Changes to this notice

This notice will be updated when the contact system, hosting providers, analytics, mailing tools or other data practices change. The date at the top shows the latest revision.

MystikGames

Independent games shaped by systems, consequence and worlds that refuse to forget.

Signal Fragments Privacy Cookies Terms Accessibility

Based in the United Kingdom.

© 2026 MystikGames.