← Return to Homepage

Privacy Policy

Effective Date: April 25, 2025

1. Introduction

Pentito is committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR - EU 2016/679). This policy explains what data we collect, why we collect it, and how we handle it.

2. What data we collect and why

We only collect personal data that is necessary for the operation of the game and website. This includes, but is not limited to:

  • Email address and account information (for login and gameplay continuity)
  • IP address and device data (for security and fraud prevention)
  • Gameplay activity and logs (to ensure fairness and prevent abuse)
  • Optional profile information (such as avatar, bio, or preferences) if voluntarily provided.
  • Chat messages and communications within the game (stored only as needed for moderation or abuse prevention)
  • Transaction data via our payment provider Mollie (for processing purchases)

This data is used strictly for functionality, maintenance, anti-cheating systems, and support.

3. Data retention

We only store personal data for as long as it is necessary to provide our service and meet legal obligations. When your data is no longer needed, it will be deleted securely.

4. Third-party services

To operate and protect Pentito, we rely on several trusted external services:

  • Mollie - for secure payment processing
  • Cloudflare - for website security and performance optimization
  • Google reCAPTCHA - to prevent automated abuse and spam
  • Google Analytics - to track anonymized usage patterns and improve functionality

These providers process limited personal data such as IP addresses or device information under their own privacy policies, in compliance with GDPR. We have signed Data Processing Agreements with each third-party provider where required. We do not share or sell your data for marketing purposes.

5. Law enforcement

We may disclose personal data when legally required to do so, such as in response to a valid request from police or other authorities in accordance with applicable Dutch and European laws.

6. Your rights under the GDPR

You have the following rights regarding your personal data:

  • Right to access - You can request a copy of the data we hold about you
  • Right to rectification - You can request corrections to inaccurate data
  • Right to erasure - You can request deletion of your data, under certain conditions
  • Right to restrict processing - You can request temporary limitations on data use
  • Right to object - You can object to data processing based on our legitimate interests

To make a request, email us at [email protected]. We aim to respond within 30 days.

To request full account deletion, submit the Account Deletion Request form (English only).

If you believe your rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

7. Data security

We implement technical and organizational measures to protect your data against unauthorized access, loss, misuse, or alteration. These include encrypted data transfer (SSL), strong password requirements, and limited access to user data based on roles. We also enforce strict confidentiality through non-disclosure agreements (NDAs) with all staff and collaborators. Access to personal data is restricted to essential personnel only, following careful selection procedures. Where possible, personal data is anonymized or masked to prevent unnecessary exposure. While no system is 100% secure, we actively work to maintain strong safeguards.

8. Language and jurisdiction

Pentito operates under Dutch law. The English version of this policy is the only legally binding version. By using the game, you confirm that you understand and accept this policy as written in English.

9. Cookies

We use cookies and similar technologies to ensure the proper functioning of the website and to analyze usage via tools such as Google Analytics. Where required by law, we request your consent before placing non-essential cookies.

  • Essential cookies - for login sessions and preferences
  • Analytics cookies - to track usage via Google Analytics (anonymized IP)
  • Security cookies - used by Cloudflare to prevent abuse and DDoS attacks

10. Legal basis for processing

We process your personal data based on the following legal grounds:

  • Contractual necessity to provide access to your account and game services
  • Legitimate interest for security, anti-cheating, and service improvements
  • Consent for non-essential cookies and optional features
  • Legal obligation to comply with applicable laws and regulations

11. International data transfers

Some of our third-party providers (such as Google and Cloudflare) may process your data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place.

12. Automated decision-making

Pentito may use automated tools to detect cheating or abuse. These systems can result in temporary or permanent restrictions without human intervention. You can request a manual review by contacting us.

13. Changes to this privacy policy

We may update this policy to reflect legal changes or improvements to our services. Significant changes will be announced on our website. Please check this page periodically to stay informed.