← Return to Homepage

Privacy Policy

Effective Date: April 10, 2026

1. Introduction

Pentito is committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR - EU 2016/679). This policy explains what data we collect, why we collect it, and how we handle it.

2. Data controller and privacy contact

The data controller (controller) for processing your personal data in connection with Pentito is Pentito (pentito.game).

For privacy-related questions, requests, or concerns, contact us at [email protected]. This is also the point of contact for the Data Protection Officer (DPO), if appointed.

3. What data we collect and why

We only collect personal data that is necessary for the operation of the game and website. This includes, but is not limited to:

  • Email address and account information (for login and gameplay continuity)
  • IP address and device data (for security and fraud prevention)
  • Gameplay activity and logs (to ensure fairness and prevent abuse)
  • Optional profile information (such as avatar, bio, or preferences) if voluntarily provided.
  • Chat messages and communications within the game (stored only as needed for moderation or abuse prevention)
  • Transaction data via our payment provider Stripe (for processing purchases)
  • Third-party account identifiers (Discord and/or Telegram) if you choose to connect them for notifications

This data is used strictly for functionality, maintenance, anti-cheating systems, and support.

4. Children and minors

Pentito is not intended for individuals under 16 years old. We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will take reasonable steps to delete the data and may suspend or terminate the associated account.

5. Data retention

We only store personal data for as long as it is necessary to provide our service and meet legal obligations. When your data is no longer needed, it will be deleted securely.

Retention periods depend on the type of data and the reason we process it. Typical retention periods are:

  • Account and profile data - for as long as your account remains active; deleted after an account deletion request, except where retention is required for legal claims or compliance
  • Gameplay logs and anti-cheat / security logs (e.g., IP address, device signals, fraud indicators) - typically up to 12 months, and longer where necessary to investigate abuse, enforce bans, or establish or defend legal claims
  • Chat and moderation records - typically up to 6 months, and longer where required for ongoing investigations or enforcement
  • Support communications - typically up to 24 months
  • Payment records - transaction references required for financial administration and legal compliance are retained as required by law (often up to 7 years); payment card details are handled by Stripe and are not stored by Pentito
  • Analytics data - retained according to our analytics provider settings (typically up to 14 months) and processed in aggregated form

6. Third-party services

To operate and protect Pentito, we rely on several trusted external services:

  • Stripe - for secure payment processing
  • Discord - optional integration for notifications (you can enable or remove this connection at any time)
  • Telegram - optional integration for notifications (you can enable or remove this connection at any time)
  • Cloudflare - for website security and performance optimization
  • Google reCAPTCHA - to prevent automated abuse and spam
  • Google Analytics - to track anonymized usage patterns and improve functionality
  • New Relic - for server performance monitoring and diagnostics
  • Brevo - for sending transactional emails (e.g., account-related messages)

These providers process limited personal data such as IP addresses or device information under their own privacy policies, in compliance with GDPR. We have signed Data Processing Agreements with each third-party provider where required. We do not share or sell your data for marketing purposes.

7. Law enforcement

We may disclose personal data when legally required to do so, such as in response to a valid request from police or other authorities in accordance with applicable Dutch and European laws.

8. Your rights under the GDPR

You have the following rights regarding your personal data:

  • Right to access - You can request a copy of the data we hold about you
  • Right to rectification - You can request corrections to inaccurate data
  • Right to erasure - You can request deletion of your data, under certain conditions
  • Right to restrict processing - You can request temporary limitations on data use
  • Right to object - You can object to data processing based on our legitimate interests

To make a request, email us at [email protected]. We aim to respond within 30 days.

To request full account deletion, submit the Account Deletion Request form (English only).

If you believe your rights have been violated, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Data security

We implement technical and organizational measures to protect your data against unauthorized access, loss, misuse, or alteration. These include encrypted data transfer (SSL), strong password requirements, and limited access to user data based on roles. We also enforce strict confidentiality through non-disclosure agreements (NDAs) with all staff and collaborators. Access to personal data is restricted to essential personnel only, following careful selection procedures. Where possible, personal data is anonymized or masked to prevent unnecessary exposure. While no system is 100% secure, we actively work to maintain strong safeguards.

10. Language and jurisdiction

Pentito operates under Dutch law. The English version of this policy is the only legally binding version. By using the game, you confirm that you understand and accept this policy as written in English.

11. Cookies

We use cookies and similar technologies to ensure the proper functioning of the website and to analyze usage via tools such as Google Analytics. Where required by law, we request your consent before placing non-essential cookies.

  • Essential cookies - for login sessions and preferences
  • Analytics cookies - to track usage via Google Analytics (anonymized IP)
  • Security cookies - used by Cloudflare to prevent abuse and DDoS attacks

12. Legal basis for processing

We process your personal data based on the following legal grounds under the GDPR:

  • Contractual necessity (Article 6(1)(b)) to provide access to your account and game services
  • Legitimate interest (Article 6(1)(f)) for security, anti-cheating, fraud prevention, and service improvements
  • Consent (Article 6(1)(a)) for non-essential cookies and optional features you choose to enable
  • Legal obligation (Article 6(1)(c)) to comply with applicable laws and enforce legal rights

Depending on the context, the following lawful bases generally apply per category:

  • Account registration, authentication, core gameplay - contractual necessity
  • Security monitoring, anti-cheat, abuse prevention - legitimate interest; in some cases legal obligation or establishment/defense of legal claims
  • Payments and purchase administration - contractual necessity; legal obligation for required record-keeping
  • Discord/Telegram notifications - consent (you can disconnect at any time)
  • Transactional emails (e.g., account emails) - contractual necessity
  • Analytics cookies - consent where required by law

13. International data transfers

Some of our third-party providers (such as Google and Cloudflare) may process your data outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place.

14. Automated decision-making

Pentito may use automated tools to detect cheating or abuse. These systems can result in temporary or permanent restrictions without human intervention. You can request a manual review by contacting us.

15. Changes to this privacy policy

We may update this policy to reflect legal changes or improvements to our services. Significant changes will be announced on our website. Please check this page periodically to stay informed.