GameLayer is a gamification-as-a-service API that lets developers add missions, achievements, and loyalty mechanics to their apps and websites.

Product managers, developers, and marketers who want to boost engagement and retention through gamification.

Does GameLayer integrate easily with existing apps?

Yes. GameLayer offers a REST API that can be integrated in minutes using simple JSON endpoints.

GameLayer Privacy Policy

Last updated: 01.12.25

Company: GameLayer Oy (Company ID 2503589-1)

Country: Finland

Email: legal@gamelayer.co

1. Introduction

GameLayer Oy ("GameLayer", "we", "us", or "our") respects your privacy and is committed to protecting personal data.

GameLayer provides a gamification software platform and APIs that are designed to operate using pseudonymous identifiers. In typical implementations, GameLayer does not require or process directly identifiable personal data about end users.

This Privacy Policy explains how we process personal data when required in connection with our websites, Services, and customer relationships.

2. Roles and Responsibilities

Customers act as Data Controllers in respect of any personal data they choose to process using the Services.
GameLayer acts as a Data Processor only where personal data is processed on behalf of a Customer.

Customers determine what data is sent to the Services and are responsible for ensuring they have a lawful basis to do so.

3. Personal Data We Process

3.1 Customer Account Data

We may process limited personal data relating to Customer representatives, such as:

Name
Business email address
Company and role
Billing and contact details

3.2 End User Data

In typical use, end users are represented by unique, pseudonymous identifiers that are not associated with real-world identities.

Where configured by a Customer, GameLayer may process:

Pseudonymous user IDs
Usage, event, and progression data
Technical metadata (e.g. IP address, device type)

GameLayer does not require names, email addresses, or other direct identifiers to provide the Services.

4. Purposes of Processing

We process personal data only as necessary to:

Provide and operate the Services
Manage customer accounts and billing
Provide customer support
Maintain security and prevent abuse
Comply with legal obligations

5. Legal Bases (GDPR)

Where applicable, processing is based on:

Performance of a contract
Legitimate interests (service operation and improvement)
Legal obligations
Consent, where required by law

6. Sub-processors

GameLayer uses trusted third-party service providers (such as hosting, analytics, and support tools) to operate the Services.

All sub-processors are bound by contractual data protection obligations consistent with applicable law.

7. International Transfers

Personal data may be processed outside the EU/EEA. Where this occurs, GameLayer applies appropriate safeguards, including Standard Contractual Clauses where required.

8. Data Retention

Personal data is retained only for as long as necessary for the purposes described in this Policy or as required by law.

Customer Data is deleted or anonymised following termination of the Services, subject to legal retention obligations.

9. Security

GameLayer implements appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, and logical data separation.

10. Your Rights

Where applicable, individuals have rights to:

Access their personal data
Request correction or deletion
Object to or restrict processing
Request data portability

Requests should be directed to the relevant Customer or to legal@gamelayer.co where appropriate.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date indicates when changes were made.

12. Contact

GameLayer Oy
Company ID: 2503589-1
Finland
Email: legal@gamelayer.co