Throwback Game Studios

[email protected]

Privacy & Policy

© 2026 Throwback Game Studios

Privacy Policy

Effective Date: February 10, 2026

Last Updated: February 10, 2026

Throwback Game Studios ("we", "our", or "us") operates D Layer, a multiplayer online role-playing game ("the Game"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you access or use the Game through mobile devices, web browsers, or other platforms.

By downloading, installing, or using the Game, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Game.

1. Information We Collect

1.1 Information You Provide Voluntarily

The Game allows you to play as a guest without creating an account. If you choose to register an account to save your progress across devices, we collect:

  • Email address (only if you choose to register an account)
  • In-game name (IGN) or character name you create
  • Password (stored in encrypted form)
  • Support communications (when you contact us for help)

We do NOT require or collect:

  • Real name or legal identity
  • Precise location or GPS data
  • Contacts or address book
  • Microphone or voice data
  • Camera or photos
  • Files or documents from your device
  • Phone number

1.2 Information Collected Automatically

When you use the Game, we automatically collect certain technical and gameplay information:

  • Device information: Device type, model, operating system version, and app version
  • Gameplay data: Character progression, in-game actions, achievements, inventory, and game state
  • Technical logs: Error reports, crash logs, and performance data
  • IP address: Processed temporarily for security, fraud prevention, and server connection purposes. IP addresses may be included in temporary server logs for security and fraud prevention and are automatically deleted after a limited retention period.
  • Session information: Login timestamps and session duration

1.3 Guest Accounts

If you play as a guest, we generate a unique anonymous identifier tied to your device to maintain your game progress. Guest account data is stored locally on your device and on our servers. Guest progress may be lost if the app is uninstalled or device data is cleared, unless you register an account.

1.4 Information We Do NOT Collect

We do not use third-party analytics SDKs or advertising SDKs. We do not serve advertisements in the Game. We do not collect data for advertising or marketing profiling purposes.

2. How We Use Your Information

We use collected information for the following purposes:

  • Game operation: Provide, maintain, and deliver the Game's core functionality
  • Account management: Create and manage your account, authenticate logins, and sync progress across devices
  • Game state persistence: Save and restore your character, inventory, progression, and achievements
  • Security and integrity: Detect and prevent fraud, cheating, unauthorized access, and abuse
  • Technical support: Respond to your inquiries and resolve issues
  • Game improvement: Fix bugs, improve performance, and balance gameplay systems
  • Communications: Send important service-related notices (e.g., security alerts, policy updates)
  • Legal compliance: Comply with applicable laws and legal obligations

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Game and fulfill our agreement with you
  • Legitimate interests: Processing for security, fraud prevention, game improvement, and service optimization, where these interests are not overridden by your rights
  • Legal obligation: Processing required to comply with applicable laws
  • Consent: Where you have given explicit consent for specific processing activities

4. In-Game Virtual Items and Loot Boxes

The Game features loot boxes and virtual items that can be obtained using in-game currency only. There are currently no real-money purchases or in-app purchases in the Game. All loot boxes and virtual items are earned through gameplay. We do not collect or process any payment information.

Loot box contents are determined by randomized algorithms. Probability rates for item drops may be disclosed within the Game interface.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties.

We do not share personal data for advertising purposes.

We do not engage in cross-app tracking or behavioral advertising.

We may share limited information only in the following circumstances:

  • Service providers: We use trusted hosting and infrastructure providers to operate our backend servers. These providers process data solely on our behalf and under our instructions.
  • Legal requirements: We may disclose information if required by law, court order, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify you of any such change.
  • With your consent: We may share information for other purposes if you provide explicit consent.

All third-party service providers are contractually required to protect your data and comply with applicable privacy laws, including GDPR and LGPD where applicable.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:

  • Active accounts: Account data and gameplay progress are retained while your account is active
  • Inactive accounts: Accounts with no login activity for 24 months may be flagged for deletion. We will attempt to notify registered users before permanent deletion.
  • Guest accounts: Guest data may be deleted after 12 months of inactivity
  • Support communications: Retained for up to 3 years to resolve disputes and improve service
  • Security logs: Retained for up to 90 days for security and fraud prevention purposes
  • Legal obligations: Data may be retained longer if required by law or to defend legal claims

After the applicable retention period, data is securely deleted or anonymized.

7. Account Deletion and Data Removal

You have the right to request deletion of your account and associated personal data at any time directly within the Game via Settings.

How to request account deletion:

  • You can delete your account directly within the Game by navigating to:
  • Settings → "Delete Account"
  • If you are unable to access your account, you may alternatively contact us at [email protected] with the subject line "Account Deletion Request" to request manual assistance.
  • Include your registered email address or in-game name (IGN) to help us locate your account
  • We will verify your identity before processing the request

What happens when you request deletion:

  • Your account and all associated personal data will be permanently anonymized and deactivated within 30 days of verification
  • After anonymization, the account can no longer be used to identify you and cannot be restored
  • All game progress, characters, inventory, achievements and personally identifiable information (such as email address and in-game name) will be irreversibly anonymized and deactivated
  • Certain anonymized or aggregated data may be retained for analytics and game balancing purposes
  • Data required for legal compliance or to defend legal claims may be retained as permitted by law

Guest accounts: Guest data can be deleted by uninstalling the Game and clearing app data from your device. To request server-side deletion of guest data, contact us with your device identifier if known.

We are committed to complying with Google Play and Apple App Store data deletion requirements.

8. Your Privacy Rights

8.1 Rights for All Users

Regardless of your location, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (see Section 7)
  • Withdraw consent: Withdraw any consent you have previously given

8.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you also have the right to:

  • Restriction: Request restriction of processing of your personal data
  • Data portability: Receive your data in a structured, commonly used, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Lodge a complaint: File a complaint with your local data protection authority

8.3 Additional Rights for Brazilian Users (LGPD)

If you are located in Brazil, under the Lei Geral de Proteção de Dados (LGPD), you also have the right to:

  • Confirmation: Confirm whether we process your personal data
  • Anonymization, blocking, or deletion: Request anonymization, blocking, or deletion of unnecessary or excessive data
  • Information about sharing: Know which third parties your data has been shared with
  • Revocation of consent: Revoke consent at any time through a simple procedure
  • Opposition: Oppose processing that violates LGPD provisions

8.4 How to Exercise Your Rights

To exercise any of your privacy rights, contact us at [email protected]. We will respond to your request within 30 days (or sooner if required by law). We may need to verify your identity before processing your request.

9. Children's Privacy

D Layer is intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13.

COPPA Compliance (United States): In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.

GDPR-K (Europe): For users in the EEA, we comply with applicable age requirements which may be 13-16 depending on the member state.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at [email protected]. We will promptly investigate and delete any such information.

If you are under 13, please do not use the Game or provide any personal information to us.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data transmitted between your device and our servers is encrypted using TLS/SSL protocols
  • Password security: Passwords are stored using industry-standard cryptographic hashing algorithms
  • Access controls: Access to personal data is restricted to authorized personnel on a need-to-know basis
  • Infrastructure security: Our servers are hosted in secure data centers with physical and logical security controls
  • Monitoring: We monitor our systems for security incidents and unauthorized access attempts
  • Regular reviews: We periodically review and update our security practices

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

11. International Data Transfers

D Layer is available globally, and your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

If you are located in the EEA, UK, Switzerland, or Brazil, we ensure that any international transfers of your personal data are conducted in compliance with applicable laws through appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally recognized transfer mechanisms

By using the Game, you acknowledge that your data may be transferred to and processed in countries outside your jurisdiction, subject to applicable safeguards.

12. Third-Party Services and Links

The Game may contain links to external websites or services (such as our website or support pages). These third-party services have their own privacy policies, and we are not responsible for their practices. We encourage you to review the privacy policies of any third-party services you visit.

13. Future Features

We may introduce additional features in future updates, such as:

  • Chat functionality: If chat features are added, we will update this Privacy Policy to describe how chat data is collected, used, and moderated
  • In-app purchases: If real-money purchases are introduced, payments will be processed through the Apple App Store or Google Play Store. We will not collect or store your payment details.

Material changes to data collection practices will be communicated to you before implementation.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Game's features.

How we notify you of changes:

  • Material changes will be announced within the Game or via email to registered users
  • The "Last Updated" date at the top of this policy will be revised
  • The updated policy will be posted on our website

We encourage you to review this Privacy Policy periodically. Your continued use of the Game after changes are posted constitutes your acceptance of the revised policy.

15. Data Controller

For the purposes of GDPR, LGPD, and other applicable data protection laws, the data controller responsible for your personal data is:

Throwback Game Studios
Country: Brazil
Email: [email protected]
Website: https://throwback.com.br

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Throwback Game Studios
Email: [email protected]
Website: https://throwback.com.br

For GDPR-related inquiries (EEA, UK, Switzerland users), you may also contact your local data protection authority.

For LGPD-related inquiries (Brazilian users), you may also contact the Autoridade Nacional de Proteção de Dados (ANPD).

We aim to respond to all inquiries within 30 days.