This Privacy Policy explains how GamersRate ("we", "us", "the site") collects and uses your personal data when you visit, register for, or use the service. It complies with the EU General Data Protection Regulation (GDPR) and equivalent rights elsewhere.
Plain English first; legalese only where strictly necessary. If anything is unclear, write to us at privacy@thatswhatithink.example.
1. Who we are (data controller)
The data controller is the operator of thatswhatithink.example. You can reach us at privacy@thatswhatithink.example for any privacy-related question. (Replace this paragraph with your actual legal entity name, registered address, and contact details before going live.)
2. What we collect
We try to collect only what we need. Specifically:
If you create an account
- Your name (or display name) and email address.
- A hashed password (we never see your password in clear text).
- Optional: an avatar image URL you choose to add.
- Account flags: whether you are a verified game developer, and an admin flag for internal staff.
When you use the site
- Ratings you submit (1–100 per category, per game).
- Reviews you write and any reply a verified developer posts under your review.
- The contents of your lists (wishlist, to-play, playing, completed, dropped).
- Your saved searches, including any filters and whether you opted into notifications.
- Your category weight votes (a number 0–1 per category), if you cast any.
- If you sign up for a playtest: the email you submit (linked to your account if you are logged in).
- If our team grants you developer access to a game: the link between your account and that game.
Technical data
- A session cookie so we know you're logged in across page loads.
- A CSRF token cookie to protect your account from cross-site request forgery.
- Server logs may briefly record your IP address and user agent. These are not used to track you and are rotated.
See our Cookie Policy for the complete list of cookies and similar storage we use.
What we don't collect
- Payment data — the service is free, so we never collect or process any payment information.
- Information from your device beyond what's strictly needed (we don't fingerprint you).
- Data from third parties about you.
3. Why we use your data (legal bases)
| Purpose | Legal basis |
|---|---|
| Run your account, keep you logged in, save your ratings/reviews/lists. | Contract (Art. 6(1)(b) GDPR). |
Show a public profile at /u/{id} with your username and activity you chose to make public. | Contract — you opt in by signing up and posting. |
| Compute weighted scores using your category-weight votes (averaged with everyone else's). | Contract. |
| Send transactional emails (e.g. password reset, saved-search alerts if you opted in). | Contract / consent for marketing-style alerts. |
| Detect and prevent abuse, spam, fraud, and security incidents. | Legitimate interest (Art. 6(1)(f)). |
| Analytics, advertising performance measurement. | Consent via our cookie banner. |
| Comply with legal obligations (responding to lawful requests, tax/accounting). | Legal obligation (Art. 6(1)(c)). |
4. How long we keep your data
- Account data: while your account exists, and for up to 30 days after deletion in backups.
- Ratings, reviews, lists, saved searches, weight votes: deleted when you delete your account or when you remove the individual item.
- Playtest signups: kept until the relevant game is released or you ask us to remove them.
- Server logs: rotated regularly and typically retained no longer than 30 days unless a security incident requires longer.
5. Who we share data with
We do not sell your personal data. We share data only with the following categories of recipients, and only what's necessary:
- Hosting and infrastructure providers that store the database and serve the site.
- Email delivery provider for transactional and (if you opted in) saved-search alert emails.
- Verified developers whose game you have written a review under will see your username and review text (as published on the site) and can publicly reply to it.
- Verified developers running a playtest you signed up for can see the email you submitted, so they can invite you.
- Authorities when we are legally required to disclose information.
6. International transfers
If any of our service providers are located outside the European Economic Area, we use Standard Contractual Clauses or equivalent safeguards to ensure your data has comparable protection.
7. Your rights
If you're in the EU/EEA/UK (and similar rights apply in other places), you have the right to:
- Access your data — see what we hold. You can export your ratings as a CSV at any time from your profile, and email us for the rest.
- Rectify inaccurate data — edit your profile and ratings yourself, or ask us.
- Erase your data ("right to be forgotten"). Email us and we will delete your account and associated personal data within 30 days, except where retention is legally required.
- Restrict or object to certain processing. You can withdraw analytics/marketing consent any time via .
- Data portability — receive your data in a machine-readable format. The CSV export covers ratings; for everything else, just ask.
- Complain to your local data protection authority if you believe we've handled your data unlawfully.
To exercise any of these, email privacy@thatswhatithink.example. We respond within 30 days.
8. Security
Passwords are hashed with bcrypt; sessions are encrypted; the site is served over HTTPS in production. No system is perfectly secure — if you suspect your account has been accessed without permission, change your password and email us immediately.
9. Children
The site is not aimed at children under 16. If you are under 16, please don't create an account. If we discover a child's account, we delete it.
10. Changes to this policy
If we make material changes we will update the "Last updated" date at the top and, when changes affect you significantly, notify you in the site UI or by email.