Skip to main content
Appcharge is fully committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy of all players (end-users) and partners. As a Merchant of Record in financial transactions, Appcharge integrates data protection into its financial operations to ensure personal data is handled lawfully, transparently, and securely at every step. Appcharge continuously monitors and improves its compliance program to ensure compliance with the latest regulations. We work closely with external compliance and legal experts to ensure complete alignment with GDPR and other data privacy laws. Appcharge partners with reputable auditors (such as EY and Hub Security) who review our systems annually and verify that we meet all GDPR requirements for any significant change. To safeguard personal data, Appcharge has implemented robust measures, including strong data encryption and consent management systems. These measures ensure that any personal information we collect from players (for example, during account creation or checkout) is securely stored and used only with appropriate consent or legal basis. We also conduct regular internal and external audits of our data practices to maintain continuous alignment with GDPR standards. Under GDPR, individuals have strong rights over their personal data. One key right is the Right to Erasure (the “right to be forgotten”), which allows a person to request deletion of their personal data held by an organization. Appcharge fully respects and upholds these data subject rights. We inform players of their privacy rights – including the right to request data deletion – in our Privacy Policy, which is readily accessible during the checkout process and provided again on purchase receipts. This ensures that every player knows how their data is used and how they can exercise their GDPR rights. When a player wishes to exercise their right to erasure, Appcharge provides clear and convenient channels to do so. We facilitate deletion requests without undue delay, as required by law. Our internal processes are designed to streamline the handling of such requests while maintaining compliance with any necessary legal or financial record-keeping obligations.

Process for Data Deletion Requests (GDPR Article 17)

If a player (end-user) wants their personal data removed from Appcharge’s systems, we have the following data deletion request process in place, consistent with GDPR requirements:
  • Direct Requests by Players: Players can contact Appcharge directly via our dedicated privacy email: privacy@appcharge.com to request deletion of their personal data. For security, the player should include information necessary to identify their account (such as their player ID or the email used for Appcharge services) and a clear statement that they wish to have their data erased. Upon receiving a deletion request, Appcharge will verify the requester’s identity and entitlement to the data (to prevent unauthorized deletions), then proceed to erase or anonymize the player’s personal data in our records. We will also respond to the player, confirming that data deletion has been completed or providing information if specific data must be retained for legal reasons.
  • Requests via Game Publishers: Appcharge also recognizes that players might submit data privacy requests to the game publisher (our partner) rather than directly to us. To accommodate this, we enable our publishers to forward player deletion requests to Appcharge on the player’s behalf. The publisher should open a support ticket with Appcharge, providing the relevant player identifiers and details of the request. Once notified, Appcharge will treat this request with the same urgency as a direct request – our team will perform the necessary deletions of the player’s data from Appcharge systems. After completion, we report back to the publisher, confirming that the player’s data has been deleted, so the publisher can, in turn, inform the player.
  • Timely Response: Appcharge is committed to handling GDPR erasure requests swiftly. We aim to complete data deletion within five working days of receiving a valid request (whether directly from a player or via a publisher). This SLA is well within the GDPR’s required timeframe (GDPR allows up to 1 month for the fulfillment of erasure requests). Players will be notified once their request has been fulfilled, and all corresponding personal data (subject to the exceptions noted below) will be purged from our active systems.

GDPR Compliance in Financial Operations and Data Retention

As a payments service, Appcharge must balance GDPR obligations with specific financial and legal requirements. We only collect and process personal data that is necessary for providing our services (for example, billing information for transactions), in line with the GDPR’s principle of data minimization. If a player’s personal data is no longer needed for these purposes or if the player withdraws consent, we will delete the data upon request in accordance with GDPR. It is important to note that in some cases, Appcharge may be legally required to retain specific transactional data even after a deletion request—for example, to comply with financial regulations, tax laws, fraud-prevention laws, or record-keeping laws that mandate retention of payment records for a set period. In such cases, we will retain only the data that is strictly necessary and for the minimum duration required by law. Any data kept for legal compliance will remain securely protected and will not be used for any other purpose beyond fulfilling those obligations. Apart from such exceptions, all personal information that can be deleted will be thoroughly erased from our systems as part of the erasure process. Appcharge’s approach ensures that GDPR compliance is integrated with our financial operations. We uphold players’ privacy rights without compromising the integrity of financial records or our ability to meet legal duties. By doing so, Appcharge maintains trust with both players and publishers: personal data is handled with care, deletion requests are honored promptly, and necessary safeguards are observed. This operational philosophy reflects our dual commitment to user privacy and to running a compliant, reliable financial service for the gaming community.