Last updated: May 31, 2026
This policy explains how LobbyGG handles personal data under the GDPR and Italian privacy law. The service is under development: before full monetization, any applicable fiscal and professional/company details will also be published.
The data controller is the operator of the LobbyGG project (privacy reference: Marco C.). For personal-data requests, deletion, export or information, use the Contact Form or email [email protected]. The complete legal identity and address of the controller must be published before commercial launch.
We do not sell your data. We process it to create and manage accounts, provide chat/forum/profiles, protect the community, comply with legal obligations and handle support requests.
Account: username, email, encrypted password, birth date, country, email status, Terms/Privacy acceptance and technical acceptance evidence. Legal basis: contract and accountability obligations.
Life on LobbyGG: chat messages, private messages, forum posts, uploaded images, friendships, followed games/regions, game accounts, social links, notifications and level. Legal basis: service performance.
Invites: Invite code, clicks, associated signups, source, referrer, and technical user-agent. Legal basis: Legitimate interest (growth and abuse prevention).
Technical and Moderation Data: IP address, user-agent, security logs, reports, bans/mutes and audit logs. Legal basis: legitimate interest in security, abuse prevention and community safety.
Internal social/video bot and AI tooling: requests sent to the bot, the operator's Telegram chat ID, scripts, prompts and demo video/audio files may be processed to create LobbyGG social content. They must not include personal data of real users unless an applicable legal basis, notice and consent/necessity requirement is satisfied.
We use necessary technical cookies and, only if enabled and accepted, non-strictly-necessary third-party tools. Preferences are managed through Iubenda.
session token: To keep you logged in (HttpOnly, Secure).
cookie_consent / Iubenda: To remember your cookie choices and let you change them.
Third-party services: Google OAuth, YouTube embeds, Cloudinary, Telegram, GitHub Actions and AI/voiceover providers may involve requests to third parties. Non-technical advertising scripts must remain disabled until covered by consent and this policy.
You can accept, reject or change preferences through the banner or the Cookie Preferences button/link.
You have the right to access, rectify, delete, restrict, object, portability where applicable, and lodge a complaint with the Italian Data Protection Authority.
You can deactivate your account from Settings > Danger Zone. Permanent deletion is scheduled after 30 days, unless legal obligations, security, disputes or legal hold apply. Backups and technical logs follow separate retention periods and are minimized/anonymized where possible.
You can download a copy of your main data from Profile Settings. The export includes profile, consents, friends, forum/chat content, private messages, reports, notifications and available logs.
Unarchived lobby messages are usually retained up to 90 days; private messages deleted by both users are removed after 90 days; inactive accounts may be removed after 2 years; audit logs are minimized after 1 year. Contact requests are retained only as long as needed to handle the request.
To run LobbyGG, we rely on world-leading infrastructure providers. Here is who processes data on our behalf:
Vercel (Frontend): Hosts the website interface. (Servers in EU/Global)
Render (Backend): Hosts the game engine. (Servers in Germany - EU)
Supabase (Database): Stores your data securely. (Servers in Germany - EU)
Cloudflare (DNS & Security): Protects the site from attacks and manages traffic.
Cloudinary (Media): Hosts avatar, chat and forum images.
Brevo (Email): Sends verification and password reset emails.
Telegram Bot API: Receives commands, chat ID and files sent by the social/video bot to the authorized operator.
GitHub Actions: Runs automated workflows to generate demo videos and stores temporary artifacts.
Google Gemini, Groq, Mistral and ElevenLabs: May generate text, scripts or voiceover for internal social/video content. Prompts must not contain unnecessary personal data.
Google/YouTube/Discord/Twitch: Used only if you choose login, social links or embedded content related to those services.
Iubenda: Manages the cookie banner, cookie preferences and privacy tools.