Privacy Policy

Tested.gg ("the Platform") is operated by Geekbux Interactive ("we", "us", "our"), a company registered in Sweden. This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our Platform.

We process your data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish data protection laws.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

The data controller responsible for your personal data is Geekbux Interactive, a company registered in Sweden. You can reach us for data protection inquiries through our Contact page.

When you create an account using Google or Steam sign-in, we receive limited profile information from the OAuth provider: your display name, email address, profile picture URL, and a provider-specific user ID. We do not receive or store your password. Authentication is handled entirely by the OAuth provider. We also store your email verification status as reported by the provider and a timestamp of when you last signed in.

When you submit a review, we store your rating (1-5), optional title, and review body text. Reviews are associated with your account and displayed publicly. Each review tracks helpful votes and report counts for moderation purposes. When you comment on blog posts, we store the comment text and associate it with your account. When you vote a review as helpful, we record that association to prevent duplicate voting.

When you sign in, we create a session record that includes your user agent string (browser and device info), IP address, and a human-readable device name. This data enables the "Active Sessions" feature so you can see and revoke sessions on other devices. Sessions expire after 30 days.

When you click an outbound link to a reviewed site (via our redirect system), we record the target site, the page you clicked from, and a SHA-256 hash of your IP address. We never store raw IP addresses for click tracking - only the irreversible hash.

We store your cookie consent choices and communication preferences. We use cookies and similar technologies as described in our Cookie Policy.

We use your personal data to provide and operate the Platform. This includes creating and managing your account, displaying your reviews and comments, enabling helpful votes, and processing outbound affiliate clicks.

We use an automated trust level system (New, Regular, Trusted) based on your review history to determine whether reviews require manual moderation. Moderators may review flagged content and apply account restrictions (muting or banning) with a recorded reason.

We aggregate anonymized review data and community signals to calculate Trust Scores for listed sites. Individual reviews contribute to aggregate scores, but Trust Scores are never based on a single user's data.

We analyze usage patterns via Cloudflare Web Analytics, a privacy-focused service that does not use cookies and does not collect personal data, to improve functionality, performance, and user experience.

We send essential service notifications such as account security alerts and Terms changes. Marketing communications are only sent with your explicit opt-in consent.

We detect and prevent fake reviews, spam, abuse, and unauthorized access. This includes rate limiting, minimum content length requirements, and automated spam detection.

We fulfill our legal obligations under applicable laws and respond to lawful requests from authorities.

Under the GDPR, we process your personal data on the following legal grounds.

We process data necessary to provide you with the Platform's services under Article 6(1)(b), including account management, review and comment functionality, and session management.

We process data necessary for our legitimate interests under Article 6(1)(f), including Platform security, fraud prevention, content moderation, trust level calculation, and Trust Score calculation. We have balanced these interests against your rights and freedoms.

Where required, we obtain your explicit consent under Article 6(1)(a) before processing. This applies to non-essential cookies, marketing communications, and public profile visibility. You may withdraw consent at any time.

We process data necessary to comply with applicable laws under Article 6(1)(c), such as responding to lawful data requests.

We do not sell your personal data. We never have and never will.

We may share limited data with service providers who are bound by data processing agreements. Cloudflare provides our hosting, CDN, DDoS protection, and database infrastructure. Cloudflare processes requests globally but does not use your data for their own purposes beyond providing the service. Google and Steam process your authentication data according to their own privacy policies during the sign-in flow. We only receive the profile data described above.

Cloudflare Web Analytics processes aggregated, anonymized usage data. It does not use cookies, does not collect personal data, and does not track users across sites.

We may disclose your data if required by law, court order, or to protect the rights, safety, or property of Geekbux Interactive, our users, or the public. If Geekbux Interactive is involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We use cookies and similar technologies to operate the Platform. For a detailed breakdown of each cookie we use, including its purpose and duration, please see our Cookie Policy.

In summary, we use essential cookies for authentication and security, a functional cookie for your language preference, and a marketing cookie for referral tracking. Our analytics do not use cookies.

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy.

Account data is retained for as long as your account is active. We use soft deletion - upon account deletion, your data is marked as deleted and permanently removed within 30 days.

Published reviews and comments remain on the Platform while your account is active. Upon account deletion, reviews are anonymized (author information removed) but content may be retained for Trust Score accuracy. Comments are deleted.

Active sessions, including device info and IP address, are retained for up to 30 days or until revoked. Revoked sessions are cleaned up within 30 days.

Click records with hashed IPs are retained for analytics purposes. Raw IP addresses are never stored for click tracking. Email verification codes expire automatically and are single-use. IP-based security logs for rate limiting and abuse detection are retained for up to 90 days.

You may request deletion of your data at any time (see Your Rights below).

Under the GDPR, you have the following rights regarding your personal data.

You can request a copy of the personal data we hold about you, including your account data, reviews, comments, votes, session history, and consent preferences (Article 15). You can request correction of inaccurate or incomplete data, or update your display name and preferences directly in your account settings (Article 16).

You can request deletion of your personal data (Article 17). We will comply unless we have a legal obligation to retain it. Reviews will be anonymized rather than deleted to maintain Trust Score integrity. You can request your data in a structured, commonly used, machine-readable format (Article 20).

You can request that we restrict processing of your data in certain circumstances (Article 18). You can object to processing based on legitimate interests, and we will cease processing unless we have compelling legitimate grounds (Article 21).

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. You can manage cookie consent via our cookie banner and communication preferences in your account settings.

To exercise any of these rights, contact us at legal@tested.gg or through our Contact page. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.

The Platform is hosted on Cloudflare's global network, which means your data may be processed in countries outside the European Economic Area (EEA). Cloudflare maintains EU-adequate data protection measures and participates in approved transfer mechanisms.

Google and Steam (Valve Corporation) may also process authentication data outside the EEA during the sign-in flow, subject to their own data transfer safeguards.

We ensure that any international transfer of personal data is subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where applicable.

The Platform is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 16, we will take steps to delete that data promptly.

If you believe a child under 16 has provided us with personal data, please contact us at legal@tested.gg or through our Contact page.

We implement appropriate technical and organizational measures to protect your personal data, including:

• OAuth-only authentication - we use Google and Steam OAuth exclusively, so we never store or process user passwords.
• All data is transmitted over HTTPS/TLS.
• Click tracking uses SHA-256 hashed IPs, never raw addresses.
• Authentication tokens are stored in httpOnly cookies, inaccessible to JavaScript.
• Cloudflare provides DDoS mitigation, WAF, and bot management.
• Account deletion is reversible within a grace period before permanent removal.
• Internal access to personal data is restricted to authorized personnel on a need-to-know basis.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach in accordance with GDPR requirements.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date and, where appropriate, notify you via email or a prominent notice on the Platform.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated policy.