J
Junket.gg
// LEGAL · PRIVACY POLICY

Privacy Policy

v2026-05-22 · Last updated 2026-05-22

This Privacy Policy explains how Fullport Ltd. ("we", "us", "our") collects, uses and protects personal data when you use the Junket.gg platform (the "Service"). It is intended to comply with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and the UK Data Protection Act 2018 where applicable.

Data controller

The data controller for personal data processed through the Service is:

Fullport Ltd.
Privacy enquiries: privacy@junket.gg

What data we collect

Account data

  • Email address, hashed password, role (Publisher / Press / Admin), account status (suspended/verified).
  • For OAuth sign-in: Google account identifier and the email associated with it.
  • Terms of Use and Privacy Policy version accepted, with timestamp.

Publisher data

  • Company name, subscription tier, team members and team invites.
  • Games, missions, embargo dates, audit log of key distributions.
  • Encrypted CD keys (AES-256, decrypted only at moment of delivery).

Press data

  • Outlet name, bio, country, content genres, platform links (YouTube, Twitch, Website, Twitter/X).
  • Verified channel identifiers, including Twitch user ID and Kick user ID, follower / viewer statistics where applicable.
  • Submitted coverage URLs, types, sentiments, published dates.

Activity and technical data

  • Key requests, mission applications, messages between users, feedback ratings.
  • Audit log entries (action, target, timestamp).
  • Server logs (IP, user agent, request URL) retained briefly for security and abuse prevention.
  • Session cookie issued by Spring Security to keep you logged in.

We may review messages and related metadata where reasonably necessary for abuse prevention, fraud investigation, legal compliance, security, or enforcement of our Terms.

How we use your data and lawful basis

Purpose Lawful basis (GDPR Art. 6)
Operate your account, deliver keys, process mission applications (b) Performance of contract
Send transactional emails (key delivery, request status, message notifications) (b) Performance of contract
Verify Twitch / Kick / YouTube channels and detect coverage automatically (b) Performance of contract
Maintain audit log of key distributions and compliance records (c) Legal obligation / (f) Legitimate interest in fraud prevention
Suspend abusive accounts, prevent fraud, secure the Service (f) Legitimate interest in protecting users and the Service
Comply with court orders, regulatory requests, applicable law (c) Legal obligation

Who we share data with

We share personal data only with:

  • Publishers — when a Press user submits a key request, the Publisher sees the requester's outlet, bio, country, verified channels and prior coverage.
  • Press — when a Publisher sends a message or approves a request, the Press user sees the Publisher's company name and rep email.
  • Service providers (data processors) — hosting, database, transactional email delivery, OAuth identity providers (Google, Twitch, Kick, YouTube). Each is bound by a data-processing agreement and processes data only on our instructions.
  • Authorities — where required by valid legal process.

International transfers

Some of our service providers may process data outside the EEA / UK (notably US-headquartered providers such as Google, Twitch and Kick). Where this happens we rely on European Commission adequacy decisions where available, or on Standard Contractual Clauses (SCCs) with the provider, supplemented by appropriate technical and organisational measures.

Retention

  • Active accounts — data is retained for as long as your account is active.
  • Closed accounts — profile data is anonymised within 30 days of account closure. Audit log entries linked to your account are retained for up to 24 months for fraud prevention and legal claims, with personal identifiers removed.
  • Server logs — up to 90 days.
  • Backups — encrypted backups are retained on a rolling basis and overwritten within 90 days.
  • Email delivery logs — retained by the email provider per their policy.

Your rights under GDPR

If you are in the EU / EEA / UK, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure of your data ("right to be forgotten") — subject to lawful retention exceptions.
  • Restrict or object to processing based on legitimate interest.
  • Receive your data in a portable, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email privacy@junket.gg. We aim to respond within 30 days. We may ask for proof of identity before acting on a request.

Security

Passwords are hashed with bcrypt. CD key codes are encrypted at rest with AES-256 and decrypted only at delivery. OAuth refresh tokens for Kick user-grant flows are not persisted. Sessions are protected by Spring Security and CSRF tokens. We use TLS in transit. Access to production systems is restricted and audited.

No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a high risk to your rights, we will notify you and the relevant supervisory authority within the timeframes required by GDPR Articles 33-34.

Fraud prevention and platform integrity

  • We may use automated and manual systems to detect fraud, account farming, artificial engagement, embargo abuse, resale activity and other conduct that may harm the integrity of the Service or its users.
  • This may include analysis of account activity, connected platforms, historical participation, engagement patterns, mission completion history and technical signals associated with use of the Service.
  • Where automated systems materially affect access to rewards, missions, verification status or account standing, users may contact us to request human review.

Automated decision-making

Mission proof verification (e.g. checking peak Twitch / Kick concurrent viewers, YouTube views) is automated. Approval thresholds are disclosed in the mission specification. You can contact us to obtain human review of any automated decision that materially affects you.

Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has registered, contact us and we will delete the account.

Changes to this Policy

We may update this Policy. Material changes will be highlighted and we will require you to re-accept on next login. The version you accepted is recorded against your account.

Contact

Privacy enquiries: privacy@junket.gg.