1. Information We Collect

We only gather data that helps us deliver better service to you. Nothing more, nothing less. Here's what we typically need:

Personal Information You Provide

When you reach out to us or sign up for our services, we'll ask for basic contact details. This usually includes your name, email address, phone number, and company name if you're representing an organization. We might also collect payment information when processing transactions, though this goes through secure third-party processors.

Technical and Usage Data

Our website automatically collects certain technical information to function properly. Your IP address, browser type, device information, and operating system help us ensure compatibility. We also track which pages you visit and how long you spend there. This isn't about surveillance—it's about understanding what works and what doesn't on our site.

Game Testing Data

Here's where things get specific to what we do. When you submit games for AR/VR testing, we collect gameplay footage, performance metrics, frame rate data, hardware specifications, and user interaction patterns. We also gather feedback and notes from our testing sessions. All of this belongs to you—we're just analyzing it temporarily.

Data Category	Examples	Purpose
Contact Information	Name, email, phone	Communication and service delivery
Technical Data	IP address, browser type, device specs	Site functionality and compatibility
Testing Metrics	Performance data, gameplay recordings	Analysis and optimization recommendations
Payment Details	Billing address, transaction records	Processing payments securely

2. How We Use Your Information

We're pretty straightforward about this. Your data serves specific purposes, and we don't stretch those boundaries. Here's the breakdown:

• Service Delivery: We use your information to perform the testing and optimization work you hired us for. That means analyzing gameplay, identifying issues, and preparing detailed reports.
• Communication: Your contact details help us send updates, answer questions, and share test results. We'll also reach out about upcoming deadlines or clarifications we need.
• Improvement and Development: Anonymous, aggregated data helps us refine our testing methods and develop better tools. Your individual project data stays separate from this.
• Legal Compliance: Sometimes we're required to maintain records for accounting, tax, or regulatory purposes. This is standard business practice in Slovenia and the EU.
• Security and Fraud Prevention: We monitor for suspicious activity to protect both your data and our systems from unauthorized access.

3. Legal Basis for Processing (GDPR)

Under EU law, we need a valid reason to process your data. Here are the legal grounds we rely on:

• Contractual Necessity: When you engage our services, we need your information to fulfill our agreement with you. Can't deliver test results without knowing where to send them.
• Legitimate Interests: We process certain data to run our business effectively, like analyzing website traffic or improving our testing procedures. These interests don't override your privacy rights.
• Legal Obligation: Some data processing is required by Slovenian and EU law, particularly around financial records and business documentation.
• Consent: In specific cases, like marketing communications, we'll ask for your explicit permission before proceeding.

4. Data Sharing and Third Parties

We keep your information in-house as much as possible. But there are a few situations where we work with external partners:

Service Providers

We use trusted third-party services for specific functions. Payment processors handle transactions securely. Cloud storage providers (with servers in the EU) host project files. Email services deliver our communications. These companies only access the data they need to perform their specific function, and they're contractually bound to protect it.

Legal Requirements

If required by law, court order, or government investigation, we may need to disclose certain information. This is rare, but we're obligated to comply with legal processes in Slovenia and the EU.

Business Transfers

In the unlikely event that Zylontext is acquired or merged with another company, your data would transfer as part of that transaction. You'd be notified beforehand, and the new entity would be required to honor this privacy policy.

5. Your Rights Under GDPR

You have significant control over your personal information. Here's what you can do:

Access and Portability

You can request a copy of all personal data we hold about you. We'll provide it in a structured, commonly used format within 30 days. If you want to transfer this data to another service provider, we'll help make that happen.

Correction and Updating

Found an error in your information? Let us know, and we'll fix it promptly. You can update most details through your account dashboard or by contacting us directly.

Deletion (Right to be Forgotten)

You can request deletion of your personal data at any time. We'll comply unless we have a legitimate reason to retain it, like completing an ongoing project or fulfilling legal obligations. Once a project is complete and payment is settled, we're usually happy to delete everything upon request.

Objection and Restriction

You can object to certain types of data processing, particularly for marketing purposes. You can also ask us to restrict processing temporarily while we resolve any concerns you've raised.

Withdraw Consent

Where we've asked for consent, you can withdraw it at any time. This won't affect any processing we've already done with your permission, but it stops future processing.

To exercise any of these rights, email us at support@zylontext.com with your request. We'll respond within one month, though complex requests might take a bit longer.

6. Data Security Measures

We take security seriously because your projects often represent years of development work. Here's how we protect everything:

• Encryption: All data transmitted to and from our servers uses TLS encryption. Stored data is encrypted at rest using industry-standard protocols.
• Access Controls: Only authorized team members can access project data, and only when necessary for their specific role. We maintain detailed access logs.
• Secure Infrastructure: Our servers are hosted in EU-based data centers with physical security, redundancy, and regular backups. We don't use shared hosting or consumer-grade services.
• Regular Audits: We conduct security reviews quarterly and engage external experts annually to test our systems.
• Employee Training: Our team receives ongoing training on data protection, confidentiality, and security best practices.

No system is completely invulnerable, but we maintain multiple layers of protection. In the unlikely event of a data breach affecting your information, we'll notify you within 72 hours and explain what happened and what we're doing about it.

7. Data Retention Periods

We don't keep your data indefinitely. Here's our retention schedule:

Active Projects

While we're working together, we maintain all project data, communications, and test results. This ensures continuity and allows us to reference earlier findings.

Completed Projects

After project completion, we retain data for 90 days in case you need to reference results or request additional analysis. After that, we archive essential documentation and delete raw testing data unless you've requested extended storage.

Financial Records

Slovenian law requires us to keep accounting and tax-related records for seven years. This includes invoices, payment records, and basic contract information. We store these separately from project data.

Marketing Data

If you've subscribed to updates or newsletters, we keep your contact information until you unsubscribe. After that, it's deleted within 30 days.

You can request early deletion of your data at any time by contacting us. We'll accommodate this unless legal requirements prevent us from doing so.

8. Cookies and Tracking Technologies

Our website uses cookies to function properly and improve your experience. Here's what we use and why:

Essential Cookies

These are necessary for the site to work. They handle things like maintaining your session, remembering your preferences, and ensuring security. You can't disable these without breaking core functionality.

Analytics Cookies

We use privacy-focused analytics to understand how visitors use our site. This helps us identify confusing navigation, slow-loading pages, or broken links. The data is anonymized and aggregated—we don't track individual users across sessions.

Managing Cookies

You can control cookie preferences through your browser settings. Most browsers let you block or delete cookies entirely, though this might affect site functionality. We don't use third-party advertising cookies or tracking pixels.

9. International Data Transfers

We primarily operate within the European Union, so your data stays within EU borders where GDPR protections apply. Our servers are located in Slovenia and Germany.

If we ever need to transfer data outside the EU—which is rare—we'll use approved mechanisms like Standard Contractual Clauses or ensure the recipient country has adequate data protection laws recognized by the European Commission.

Some third-party services we use (like certain cloud providers) might have international operations, but we only work with companies that comply with GDPR requirements for international transfers.

10. Children's Privacy

Our services are aimed at game developers and businesses. We don't knowingly collect information from anyone under 16 years old. If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we'll delete it.

11. Changes to This Policy

We update this privacy policy occasionally to reflect changes in our practices, legal requirements, or services. When we make significant changes, we'll notify active clients by email and update the "Last Updated" date at the top of this page.

Minor clarifications or formatting changes won't trigger notifications, but we'll always maintain a clear record of what's changed and when. Continued use of our services after changes take effect means you accept the updated policy.

12. Supervisory Authority

As a company based in Slovenia, we're regulated by the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec). If you have concerns about how we handle your data and can't resolve them with us directly, you have the right to lodge a complaint with this authority.

Their contact information: Dunajska cesta 22, 1000 Ljubljana, Slovenia | Phone: +386 1 230 97 30 | Email: gp.ip@ip-rs.si