Legal
Privacy Policy
Last updated: June 22, 2026
1. Who we are
This policy explains how CROSSAPP LP ("PlayAny", "we") collects, uses and protects personal data of users of the PlayAny mobile app. For GDPR purposes, CROSSAPP LP is the data controller. Contact: support@playany.net.
2. Data we collect
- Account data. Email address and a hashed password (or Apple ID identifier) so you can sign in and recover access.
- Connected platforms. OAuth tokens for game stores you link (Steam, Xbox, Epic, GOG). We never see or store your passwords for those services.
- Service activity. Game sessions, stream quality, controller pairing events and basic device info (model, OS version) required to deliver the stream.
- Crash reports and diagnostics. Anonymous error logs and performance metrics used to fix bugs and improve stability.
- Anonymous product analytics. Aggregated, pseudonymised usage events (screens viewed, feature usage) — no advertising profiles, no cross-app tracking.
- Purchases. Receipts and subscription status from the App Store. Payment card data is handled entirely by Apple — we never receive or store it.
3. Why we use it (legal basis)
- To provide the streaming service — performance of a contract (Art. 6(1)(b)).
- To keep the app stable and secure — legitimate interest (Art. 6(1)(f)).
- To process subscriptions and prevent fraud — contract and legal obligation.
- To send service emails — contract; marketing only with your consent (Art. 6(1)(a)).
4. Sharing
We share data only with processors that help us run the Service, under written data processing agreements:
- Cloud and streaming infrastructure providers (EU/EEA regions where available).
- Crash reporting and analytics tools configured to drop IP addresses.
- Apple, for App Store distribution and payments.
We do not sell personal data, do not run third-party ad networks inside the app, and do not use your data for advertising profiling.
5. International transfers
Some processors are based outside the EEA. In those cases we rely on the European Commission's Standard Contractual Clauses and apply additional safeguards where required.
6. Retention
- Account data: while your account exists, plus up to 30 days after deletion.
- Game session logs: up to 90 days, then aggregated.
- Crash and diagnostic data: up to 180 days.
- Invoices and tax records: as required by law (up to 7 years).
7. Your rights (GDPR)
If you are in the EU/EEA or UK, you have the right to:
- access the personal data we hold about you;
- request correction or deletion ("right to be forgotten");
- restrict or object to certain processing;
- receive a copy of your data in a portable format;
- withdraw consent at any time;
- lodge a complaint with your local data protection authority.
To exercise any of these, email support@playany.net. We respond within 30 days.
8. Security
Data in transit is encrypted with TLS. Passwords are stored as salted hashes. Access to production systems is restricted and logged. No method is 100% secure — please use a strong, unique password and enable device-level protections.
9. Children
PlayAny is not directed to children under 13. If we learn we have collected data from a child under 13 without verifiable parental consent, we will delete it promptly.
10. Changes
We may update this policy as the app evolves. Material changes will be announced in the app or by email at least 14 days in advance. The "Last updated" date above always reflects the current version.
11. Contact
Privacy questions or requests: support@playany.net. You can also use the contact page.