Skip to content
indielist (beta)

Privacy Policy

Effective:
May 31, 2026
Last updated:
June 5, 2026

indielist ("indielist", "we", "us", or "our") operates the website at indielist.games and its subdomains (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it.

We act as the data controller for personal data processed through the Service. If you have questions, contact us through our contact page.

1. Data we collect

Information you give us. When you create an account, subscribe to a paid plan, submit a listing, or contact us, we collect the data you provide: your email address, display name, billing details (processed by our payment provider — we do not store full card numbers), and the contents of any submission or message.

Information collected automatically. When you use the Service we collect standard log and device data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps. We use privacy-respecting analytics to understand aggregate usage; see our Cookie Policy for the cookies and similar technologies involved.

Public ecosystem data. The directory itself is built from publicly available facts about games, studios, and publishers (titles, descriptions, release dates, prices, review counts, and similar). This is not personal data about Service users; it is catalog content sourced from public APIs and pages in line with their terms.

2. How we use your data

We process personal data to:

  • provide and maintain the Service, including your account and any paid features;
  • process payments and manage subscriptions;
  • respond to your messages, submissions, and support requests;
  • send service and transactional emails (and, where you have opted in, product updates — you can unsubscribe at any time);
  • measure and improve performance, fix bugs, and develop new features;
  • detect, prevent, and address fraud, abuse, and security incidents;
  • comply with legal obligations.

3. Legal bases (GDPR)

Where the EU/UK General Data Protection Regulation applies, we rely on these legal bases:

  • Contract — to provide the Service and your subscription.
  • Legitimate interests — to secure, analyze, and improve the Service, balanced against your rights.
  • Consent — for non-essential cookies and optional marketing email; you may withdraw consent at any time.
  • Legal obligation — to meet tax, accounting, and other statutory duties.

4. Sharing your data

We do not sell your personal data. We share it only with:

  • Service providers (processors) who run infrastructure, payments, email, and analytics on our behalf, under contract and only as needed;
  • Authorities, when required by law or to protect rights, safety, and the integrity of the Service;
  • A successor, in connection with a merger, acquisition, or asset sale, subject to this Policy.

5. Affiliate links and monetization

The Service contains affiliate links and paid placements. When you click certain outbound links (for example, to a storefront) we may earn a commission at no extra cost to you, and "Featured" listings are clearly labeled as paid. These relationships do not change the facts we publish or the sales estimates we compute. See our Terms of Service for the full disclosure.

6. International transfers

We may process data in countries other than yours. Where we transfer personal data out of the EU/UK, we use appropriate safeguards such as Standard Contractual Clauses.

7. Data retention

We keep personal data only as long as needed for the purposes above: account data for the life of your account plus a reasonable wind-down period, billing records for the period required by law, and logs for a limited time for security and debugging.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing based on legitimate interests. EU/UK residents may lodge a complaint with their data protection authority.

California residents (CCPA/CPRA). You have the right to know what personal information we collect, to request deletion, and to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law. We will not discriminate against you for exercising your rights.

To exercise any right, contact us via the contact page. We will verify your request and respond within the timeframe required by applicable law.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

10. Security

We use technical and organizational measures appropriate to the risk, including encryption in transit and access controls. No method of transmission or storage is perfectly secure, but we work to protect your data and to notify you of incidents where required.

11. Changes to this Policy

We may update this Policy from time to time. When we make material changes we will update the "Last updated" date below and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance.

12. Contact

Questions about this Policy or your data? Reach us through the contact page.