Privacy Policy

Effective Date: April 16, 2026
Last Updated: April 16, 2026

This privacy policy ("Privacy Policy") applies to your access and use of our proprietary Agentic Engine web-based platform that provides data analytics relating to computer games ("Platform") and the website located at https://thinkingai.io (the "Site") made available by ThinkingData, Inc. ("ThinkingData," "us" or "our" throughout this Privacy Policy), as well as any of its subdomains and any services, tools or features offered through the Platform or the Site (collectively, the "Services"). This Privacy Policy describes how ThinkingData collects, uses and discloses information that we obtain about you.

By using the Services and/or by clicking a box indicating your acceptance of this Privacy Policy, you agree to the terms of this Privacy Policy, and that your personal information will be handled as described in this Privacy Policy, and consent to the privacy practices described in this Privacy Policy. If you do not agree with our policies and practices as described in this Privacy Policy, do not use the Services.

If the individual accepting this Privacy Policy is accepting on his or her own behalf, such individual shall be referred to throughout this Privacy Policy as "you" or "Customer." If the individual accepting this Agreement is accepting on behalf of a company or other legal entity, such individual hereby represents and warrants that they have the authority to bind such entity to this Privacy Policy, in which case the terms "you" or "Customer" as used throughout this Privacy Policy shall refer to such entity. If the individual accepting this Privacy Policy does not have such authority or does not agree with the terms of this Privacy Policy, such individual must not accept this Privacy Policy and may not use the Services.

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. This Privacy Policy only applies to information collected on or through the Services and is not intended to fully describe the privacy policies of ThinkingData. This Privacy Policy does not apply to information collected offline. It also does not apply to information collected by or provided to any third party, including any web form, application or other content (including advertising) that may link to or be accessible from or through the Services, or any information (including Personal Information as defined below) that a Customer inputs into the Services relating to persons other than Customer and that were collected by Customer, such as game play or game player data ("Game Data"). In such a case, Customer's privacy policy applies to the use of such information and Game Data and any inquiries regarding such information and Game Data should be directed to the Customer.

Applicable Law

This Policy is primarily designed to comply with the following data protection regulations:

The General Data Protection Regulation (GDPR) of the European Union and European Economic Area
The UK General Data Protection Regulation (UK GDPR) for users in the United Kingdom

For users in other regions outside the EU/EEA and UK, we process your personal data in accordance with applicable local data protection and privacy laws. Where specific local requirements apply, we implement appropriate safeguards and compliance measures as required by such laws.

Data Controller

The data controller for personal data collected through our Services is:

ThinkingData, Inc.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection compliance. You may contact our DPO regarding any issues related to the processing of your personal data or to exercise your rights under GDPR:

Data Protection Officer: [Chris Han]
Email: privacy@thinkingai.io

Types of Personal Information; Methods of Collection

We collect several types of information from and about users of the Services directly from you when you provide it to us or third parties authorized to share such information with us, as well as automatically through your use of the Services.

When you use the Services, we may collect or you may provide us with information, including Personal Information. "Personal Information" means information by which you may be personally identified, including your name, e-mail address, mailing address, mobile phone number, and social media profile information. You may directly provide us with your Personal Information in the following ways:

Website Forms. You may provide us with your Personal Information by filling out forms on the Site or a third-party website. Such information you provide may include your name, email address, mailing address and telephone number. Such information may be used to contact you about the Services.
Account Registration. You may provide us with your Personal Information in connection with the account registration process. Such information you provide may include your name, company, title, email address, mailing address, telephone number, social media information, username and password. Such information may be used to establish your account to use the Services.
Email Communications or Newsletters. You may provide us with your name and email address in order to receive newsletters or other communications. We may collect information from you through records and copies of correspondence with you, including email address. You may opt-out of these marketing communications at any time as described below.
Feedback. You may provide us with your Personal Information (including contact information) when you provide feedback about our Services, including during live feedback sessions via video or audio-conferencing platforms, which may be recorded by ThinkingData and you hereby consent to such recording.

Legal Basis for Processing (GDPR)

Under GDPR, we must have a lawful basis for processing your personal data. We process your personal data based on the following legal grounds:

Contractual Necessity (Article 6(1)(b)): We process personal data necessary for the performance of a contract with you, such as your account information to provide the Services, billing information to process payments, and support communications to respond to your requests.
Consent (Article 6(1)(a)): We process personal data based on your consent for purposes such as sending marketing communications, using non-essential cookies, and certain optional features of the Services. You may withdraw your consent at any time.
Legitimate Interests (Article 6(1)(f)): We process certain personal data based on our legitimate interests, including: improving and optimizing our Services through analytics; ensuring the security and integrity of our systems; preventing fraud and abuse; responding to customer inquiries and providing customer support; and complying with legal obligations. We conduct legitimate interest assessments before processing and ensure your interests and fundamental rights are not overridden.
Legal Obligation (Article 6(1)(c)): We process personal data when necessary to comply with applicable laws and regulations, such as maintaining records for tax purposes, responding to lawful requests from public authorities, and meeting other legal requirements.

Where we rely on consent as the legal basis, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Where we rely on legitimate interests, you have the right to object to such processing as described below.

When you visit the Site, we may automatically receive and record certain information from your computer, web browser and/or mobile device and your interactions with the Site, including without limitation log data, your domain, IP address, or other device address or ID, web browser and/or device type, operating system, hardware and software settings and configurations, the pages you view on the Site, your actions on the Site, and the dates and times that you visit, access, or use the Site ("Automatically Collected Information").

Cookies Information

When you use the Site, we may send one or more cookies (which are small text files containing a string of alphanumeric characters) to your computer or mobile device, to track information about your use of the Site, help analyze our web page flow, customize our content, measure promotional effectiveness, and promote trust and safety. We have restricted the use of non-essential cookies on the Site. You may choose whether to accept, reject or select only certain cookies to be deployed during your use of the Site through the cookie banner on the homepage of the Site.

You are always free to decline our cookies upon visiting the Site, although doing so may interfere with your ability to use the Site or certain features of the Site. To decline the use of cookies on the Site, except for cookies that are necessary to the operation of the Site, please select "Decline All" on the cookie banner on the Site's homepage. You may also customize the use of cookies on the Site by selecting the "Manage Cookies" option on the cookie banner on the Site's homepage.

We generally use the following types of cookies on our Site:

Strictly Necessary Cookies: These cookies are necessary for the Site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Site or Services will not then work.
Functional Cookies: These cookies enable the Site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Site. They help us to know which pages are the most and least popular and see how visitors move around the Site. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our Site, and will not be able to monitor its performance.
Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Uses of Personal Information

We use your information, including Personal Information, for the following purposes:

We use your Personal Information to establish your account to use the Services as well as to establish and maintain the accounts of your authorized users in connection with the Services.
We use information about your use of the Services to understand and analyze the usage trends and preferences of our users, to improve the Services and to improve fraud detection and information security.
We may use your e-mail address or other Personal Information to contact you for administrative purposes such as customer service and/or to send you our newsletters or other promotional materials. Generally, you can opt-out of receiving promotional communications by following unsubscribe links provided in the messages, or by contacting us directly at privacy@thinkingai.io. Although your changes are reflected promptly in active user databases, we may retain all information you submit for a variety of purposes, including backups and archiving, prevention of fraud and abuse and analytics.
We may use information collected from cookies or Automatically Collected Information through the Site to: (a) personalize our Services; (b) better understand how users access and use our Services; (c) monitor and analyze the effectiveness of the Services; (d) monitor aggregate usage metrics such as total number of visitors and pages viewed; and (e) perform research and analytics, including to analyze and report on usage and performance of the Services.
We may use your Personal Information to: (a) detect, investigate, and prevent activities on our Services that conflict with applicable terms of service, including any terms or conditions applicable to the use of the Platform, could be fraudulent or violate copyright or other rules, or that may be otherwise illegal, (b) comply with legal requirements, (c) defend or exercise legal claims, (d) respond to legal process or law enforcement or governmental investigations or requests, and (e) protect our rights and the rights and safety of our users and others.

When We Disclose Information

GDPR Processing Principles

In compliance with GDPR Article 5, we adhere to the following data processing principles:

Lawfulness, Fairness, and Transparency: We process your personal data lawfully, fairly, and in a transparent manner, clearly informing you about how we use your data.
Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it further in ways incompatible with those purposes.
Data Minimization: We only collect and process personal data that is adequate, relevant, and limited to what is necessary for our stated purposes.
Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date, and we provide mechanisms for you to correct inaccurate data.
Storage Limitation: We retain personal data only as long as necessary for our stated purposes, taking into account any legal retention requirements and your rights.
Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability: We maintain appropriate documentation and measures to demonstrate our compliance with these principles and GDPR requirements.

We may share your information, including Personal Information, as follows:

We may share your information, including Personal Information, where you have provided consent as described at the time of consent.
We may disclose the Personal Information we collect from you to fulfill the purpose for which you provide it or for any other purpose disclosed by us when you provide the information.
We may disclose the information we collect from you to our affiliates or subsidiaries solely for the purpose of providing the Site and Services to you; however, if we do so, their use and disclosure of your Personal Information will be maintained by such affiliates and subsidiaries in accordance with this Privacy Policy.
We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to take precautions against liability; to protect ThinkingData from fraudulent, abusive, or unlawful uses or activity; to protect the security or integrity of the Services; to investigate and defend ourselves against any third party claims or allegations or to enforce agreements or exercise legal claims; to assist government enforcement agencies; or to comply with state and federal laws, in response to a court order, judicial or other legal process or government subpoena or warrant.
We may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Privacy Policy or any applicable terms of service, including any terms or conditions applicable to the use of the Platform, or as evidence in litigation in which we are involved.
We may disclose the information we collect from you to third party vendors, service providers, contractors, or agents who perform functions on our behalf, including the provision of the Site or Services.
We may disclose the Personal Information we collect from you to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of ThinkingData's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by ThinkingData about our Services or users is among the assets transferred.

We will not sell or share Personal Information with third parties without your consent or disclose your Personal Information to third parties for their Direct Marketing Purposes.

You may decline to share certain information with us, in which case we may not be able to provide to you some of the features and functionalities of the Services.

Data Transfers and Storage

International Data Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you reside. When transferring data outside the European Economic Area or the UK, we ensure appropriate safeguards are in place.

EU-US Data Privacy Framework (with UK and Swiss extensions): ThinkingData, Inc. stores collected user information in HubSpot. HubSpot has achieved compliance through Standard Contractual Clauses (SCCs). These are legal contracts approved by the European Commission, and HubSpot has incorporated them into its standard Data Processing Agreement (DPA). ThinkingData, Inc. is both the data processor and the company responsible for this data handling.

Your Rights

Depending on your location and applicable data protection laws, you may have the following rights:

Rights Under GDPR (EU/EEA/UK)

If you are a resident of the EU/EEA or UK, you may have the following rights with respect to your personal information:

(i) Right to Access: Request access to your personal data and information about how we process it;
(ii) Right to Rectification: Request correction of inaccurate or incomplete personal data;
(iii) Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data in certain circumstances;
(iv) Right to Restriction of Processing: Request restriction of processing in certain circumstances;
(v) Right to Data Portability: Request transfer of your data to another controller in a structured format;
(vi) Right to Object: Object to processing based on legitimate interests or for direct marketing;
(vii) Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Rights in Other Regions

For users in regions outside the EU/EEA and UK, you may have additional or different rights under your local data protection laws. We will process your requests in accordance with the applicable legal framework in your jurisdiction. Please contact us for information about specific rights available to you under your local law.

How to Exercise Rights

You can make a request to exercise any rights you may have with respect to your personal information by emailing us at privacy@thinkingai.io. As required and to the extent permitted under applicable law, we take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide information sufficient to allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative and to describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. However, we may use automated processing for purposes such as: analyzing usage patterns to improve our Services; detecting fraudulent activity or security threats; and generating aggregated analytics reports. These automated processes do not make decisions that significantly affect your legal rights or access to Services.

If we implement any automated decision-making systems in the future that produce legal or similarly significant effects, we will: provide you with meaningful information about the logic involved; allow you to express your point of view and contest the decision; and enable human review of the decision. We will update this Privacy Policy to reflect such changes.

Data Breach Notification

Under GDPR, we are required to notify the relevant supervisory authority without undue delay (and where feasible, within 72 hours) of becoming aware of a personal data breach that is likely to result in a risk to your rights and freedoms. Where the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you directly without undue delay, providing: the nature of the breach; the name and contact details of our data protection officer or other contact point; the likely consequences of the breach; and the measures we are taking or propose to address the breach, including measures to mitigate its possible adverse effects.

You have the right to lodge a complaint with a relevant supervisory authority if you believe your data protection rights have been violated:

For EU/EEA residents: The data protection authority in your member state of habitual residence, place of work, or where the alleged infringement occurred.
For UK residents: The Information Commissioner's Office (ICO).
For residents of other regions: You may have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction as provided by local data protection law.

Data Security

We have implemented measures designed to protect your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration and destruction; however, no security measures are perfect or impenetrable, so we cannot ensure or warrant the security of any information you transmit to us through the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered or destroyed by breach of any of our safeguards. We are not responsible for circumvention of any privacy settings or security measures contained in the Services.

Data Retention

Under GDPR, personal data must be kept no longer than necessary for the purposes for which it is processed. We retain your personal information based on the following criteria:

Account Information: Retained for the duration of your account plus 3 years after account closure for legitimate business purposes including dispute resolution and compliance.
Transaction and Billing Records: Retained for 7 years to comply with tax and financial reporting obligations.
Support Communications: Retained for 3 years to maintain service quality and resolve potential disputes.
Marketing Communications: If you unsubscribe from marketing communications, we retain your consent records for 3 years to demonstrate compliance with consent requirements.
Automatically Collected Information and Cookies: Session cookies expire when you close your browser. Persistent cookies have varying retention periods up to 2 years, depending on their purpose. Log data is retained for 1 year for security and analytics purposes.

When the retention period expires, we will securely delete or anonymize your personal data in accordance with our data destruction procedures. We may retain certain data in anonymized or aggregated form for statistical analysis and service improvement, where such data no longer identifies you individually.

We retain personal information as long as it is reasonably necessary and relevant for our operations or for providing Services, and/or to comply with the law, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, or enforce any applicable terms of service or other agreements.

Children's Privacy

The Services are not intended for children under 16 years of age. We do not knowingly collect information from persons under 16 years of age, and no part of the Services are directed to persons under 16 years of age. If you are under 16 years of age, do not use or access the Services at any time or in any manner. If we learn that information has been collected through the Services from persons under 16 years of age and without verifiable parental consent, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided us with information, please alert us at privacy@thinkingai.io to request that we delete the information from our systems.

Changes to Our Privacy Policy

This Privacy Policy is current as of the "Last Updated" date set forth above. We may change this Privacy Policy from time to time, so please be sure to check back periodically. If we make any changes to this Privacy Policy that materially affect our practices with regard to the Personal Information we have previously collected from you, we will post a banner notification on the Site's main webpage and will update the "Last Updated" date to reflect these changes. If you continue to use the Services after we have made changes to the Privacy Policy, you are deemed to have accepted such changes. If you do not agree to such changes, you should discontinue use of our Services.

Our Contact Information

Please contact us with any questions or comments about this Privacy Policy, your Personal Information, our use and disclosure practices, your communication preferences or your consent choices by e-mail at privacy@thinkingai.io.

ThinkingData, Inc.
Data Protection Officer (if applicable): [Chris Han, privacy@thinkingai.io]