Data Handling & Security#
Important:
We do not provide legal advice. This page is designed to help game developers gain a better understanding of managing their players' rights when working with Second Stage. You should consult your legal counsel before making decisions about how your company complies with the evolving landscape of consumer privacy.
Second Stage is committed to providing our partners with the highest level of transparency and governance. TRACKS is designed to be a "privacy-first" marketing intelligence platform, enabling you to optimize your strategies while adhering to strict data protection standards like the GDPR.
TRACKS, in its standard configuration, operates on principles that support a consent-free model for basic attribution, relying instead on legitimate business interests and strict data minimization.
Roles under GDPR#
The architecture of TRACKS is unique in that it places the customer in full control of the data processing environment.
- You are the Sole Controller: Because the software operates entirely on your own infrastructure and you determine the means of processing, you are the sole "Controller" under the GDPR.
- We are the Software Provider: Second Stage GmbH does not process end-user data on its own servers and is therefore not classified as a "Processor" or "Controller" of your user data. We simply provide the code that runs in your environment.
Lawful Basis for Processing#
TRACKS is built to enable data processing under Article 6(1)(f) GDPR (Legitimate Interest).
- Legitimate Interest: TRACKS is designed to help you measure campaign success, analyze product performance, and optimize marketing spend. Independent legal analysis confirms that this constitutes a legitimate business interest. Because the data is pseudonymized, short-lived, and does not use persistent trackers, this interest typically outweighs the impact on user privacy.
- No Consent Required (Standard): Consequently, you generally do not need to obtain explicit end-user consent (e.g., via a cookie banner) for standard attribution functions, provided you inform users in your privacy policy.
Exception: Postback Functionality
If you choose to activate the Postback function to send conversion signals back to third-party advertising channels, you must obtain explicit user consent (Art. 6(1)(a) GDPR) before doing so. This is typically handled through GA4 consent mechanisms on the landing page.
Data Minimization & Retention#
TRACKS adheres to the principle of data minimization by collecting only what is technically necessary and deleting it as soon as possible.
| Feature | Description |
|---|---|
| No Cookies | TRACKS does not set cookies, use LocalStorage, or place any persistent identifiers on the client device. |
| Hashed IP Addresses | IP addresses are never stored in plain text. They are cryptographically salted and hashed immediately upon receipt. |
| Salt Rotation | The "salt" used for hashing is rotated regularly, preventing long-term re-identification or cross-referencing of users. |
| 30-Day Log Retention | The raw logs used for attribution (collect_logs and measure_logs) are automatically deleted after 30 days. |
| Encryption | All data is encrypted during transmission (TLS) and at rest on your servers. |
Infrastructure & Control#
For the highest level of security and transparency, TRACKS operates on a scalable, auto-managed cloud infrastructure built like an on-premise solution.
- Your Cloud Environment: Our deployment method uses your own configured Google Cloud project. Services include Cloud Storage, Cloud Run, Pub/Sub, and Cloud Functions.
- Full Control: You decide the server location (e.g., EU-only data centers), access rights, and security configurations.
- No External Transfer: Personal data is sent directly to your server endpoints. TRACKS does not collect or mirror this data on Second Stage servers.
PII & Global Compliance (CCPA, CPRA)#
The "privacy-by-design" architecture of TRACKS also supports compliance with US frameworks regarding Personally Identifiable Information (PII).
- No Sensitive PII: TRACKS does not collect sensitive PII such as names, emails, phone numbers, or physical addresses.
- De-identification: By hashing IP addresses and avoiding persistent storage, TRACKS reduces the risk associated with PII storage, supporting compliance with data minimization principles found in the CCPA and CPRA.
Right to Forget#
To support your obligations under the GDPR, TRACKS includes a specific "Right to Forget" API.
This feature allows you to permanently delete all records associated with a specific user_id or hash upon a user's request. This ensures that you can fully comply with Data Subject Access Requests (DSARs) without manual database intervention.
For integration instructions, please refer to the GDPR API Documentation.
Privacy Policy Disclosures#
To ensure transparency, you should disclose the use of TRACKS in your privacy policy to inform your users about the data processing.
Example Policy Text
Please note that this text is provided as an example only and should be reviewed by your legal team.
Note on the use of the TRACKS analysis software
1. Scope of personal data processing We use the TRACKS analysis software from Second Stage GmbH, Roedernstr. 5, 13053 Berlin, on our website and game to evaluate page views and the use of our website and game. The API endpoints used for this purpose process, among other things, the URL accessed, referrer information, UTM parameters, the user agent used, and event data from our product (e.g., “first_game_open”). In addition, the IP address is processed exclusively in pseudonymized form (salt hash); complete IP addresses are not stored. No cookies, local storage elements, or other persistent identifiers are used.
2. Legal basis for the processing of personal data Processing is carried out on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in evaluating the use of our website and our product range, measuring the effectiveness of our campaigns, and optimizing our services from a technical perspective. Due to the exclusively pseudonymous processing, the short storage period, and the absence of tracking technologies, we believe that there are no interests of the data subjects that are worthy of protection.
3. Recipients Processing takes place entirely on servers controlled by us. No personal data is passed on to the software provider or other third parties, unless we ourselves use contract processors.
4. Purpose of data processing The data is processed for the purpose of analyzing the use of our website and our products, optimizing our offering, and to evaluate the effectiveness of our marketing and sales channels. In addition, the pseudonymous linking of website visits and product usage events enables better technical control and error analysis of our offering.
5. Duration of storage The data is stored pseudonymously and automatically deleted after 30 days at the latest.