Privacy isn't a policy we wrote. It's the architecture we build.

Name: Datreno
Address: ul. Nowy Świat 1, 00-001 Warszawa, Poland
Telephone: +48 22 123 45 67

At Datreno, we treat user data with the same precision we apply to game engine profiling. Every data point has a purpose, a lifetime, and a clear boundary. This document isn't a legal shield; it's a technical specification of our data handling protocols. Our goal is to give you control, clarity, and a predictable experience when you integrate our SDK or visit our web properties.

We operate under Polish and EU data protection laws, governed by the General Data Protection Regulation (GDPR). We are committed to the principles of data minimization, purpose limitation, and storage limitation. If you're a technical lead evaluating our stack, this page outlines the specific data flows, retention schedules, and user controls at your disposal.

Schematic showing simplified data flow from user device to anonymized storage. — Fig. 1: Core Data Flow Architecture

What We Collect: The Technical Specification

Data collection is always event-driven. We don't sample. We don't profile. The table below breaks down the data points by context. Each item includes the legal basis for processing and our retention policy.

Context

Data Points (Minimized)

Retention

SDK Integration

Anonymized Event IDs (UUID v4)
Device Model (e.g., 'Pixel 6')
OS Version (e.g., 'Android 13')
Session Duration (in seconds)
Frame Rate Troughs (error metrics)

30 Days

Website / Contact

Form Inputs (Name, Email, Message)
IP Address (anonymized to /24 subnet)
Cookie Consent State
Pages Visited (anonymous session)

2 Years / Indefinite*

Billing / Subscription

Legal Business Name
VAT ID (where required)
Payment Processor Token (not card data)
Account Tier / Active Subscription

7 Years (Tax Law)

* Indefinite retention applies only to aggregate, anonymized performance metrics used for SDK improvement. No personal identifiers are kept indefinitely.

Common Integration Pitfalls & Your Rights

We've documented common mistakes developers make when handling data subject requests. See how we structure responses to avoid these traps.

1

The "Forever Hold" Mistake

Mistake: Keeping raw, identifiable error logs with user device identifiers "just in case."

Our Fix: We automatically purge raw device IDs after 30 days. Only anonymized event IDs remain for trend analysis.

2

The "Invisible Profiling" Assumption

Mistake: Assuming GDPR allows "soft profiling" based on session length without explicit consent.

Our Fix: Our analytics module is event-driven only. We do not build user profiles. Data is processed per-session for performance reporting.

3

The "User is Powerless" Narrative

Scenario: A Polish indie studio founder requests full data deletion. Many SDKs stall, citing "system logs."

Our Process: Use the dedicated endpoint. We trigger a secure script that scrubs the UID from live and backup systems, then provides a SHA-256 hash of the deletion receipt.

$ curl -X DELETE https://api.datreno.com/v1/user/data
-H "Authorization: Bearer "
-d '{"confirm":"yes,I_understand"}'

Response:
{ "status": "deleted", "hash": "a3f...b1c" }

Accountability & Contact

For all data protection inquiries, including requests to access, correct, delete, or port your data, please contact our Data Protection Officer.

Data Protection Officer

Datreno Sp. z o.o.

ul. Nowy Świat 1, 00-001 Warszawa

Poland

Email: dpo@datreno.com

Phone: +48 22 123 45 67

Office Hours: Mon-Fri, 9:00 - 18:00 (CET)

Report a Privacy Concern

If you believe your data has been processed in a way that violates this policy, please use our secure reporting form. All reports are logged and reviewed by our privacy team within 72 hours.