GDPR Compliance
Last updated: March 1, 2026
1. Overview
Argento Simulations LLC is committed to protecting the privacy and personal data of all users, including those in the European Economic Area (EEA) and the United Kingdom. This page outlines how we comply with the General Data Protection Regulation (GDPR) and related data protection laws.
While Argento Simulations LLC is registered and operates in Austin, Texas, United States, we recognize and respect the data protection rights of users worldwide.
2. Data Controller
Argento Simulations LLC acts as the data controller for personal data collected through the Argentoverse platform. For inquiries:
Argento Simulations LLC5900 Balcones Drive, Austin, TX 78731
Email: service@argentosims.com
3. Legal Bases for Processing
We process personal data under the following legal bases as defined by GDPR Article 6:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract performance (Art. 6(1)(b)) |
| Payment processing | Contract performance (Art. 6(1)(b)) |
| In-game social features (chat, friends, trading) | Contract performance (Art. 6(1)(b)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and analytics | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance and record keeping | Legal obligation (Art. 6(1)(c)) |
4. Your GDPR Rights
If you are in the EEA or UK, you have the following rights under GDPR:
4.1 Right of Access (Art. 15)
You have the right to obtain a copy of your personal data. Use the Export Your Data feature on the Security page to download your data in JSON format.
4.2 Right to Rectification (Art. 16)
You can update your personal information at any time through your Account Settings.
4.3 Right to Erasure (Art. 17)
You can request deletion of your account and all associated personal data through the Delete Account option on the Security page. Upon deletion:
- Your account and profile are permanently removed from AWS Cognito
- Your user data is deleted from all DynamoDB tables
- Your preferences and settings are erased
- Chat messages are anonymized or deleted
- Transaction records may be retained as required by law (see Section 6)
4.4 Right to Data Portability (Art. 20)
You can export your data in a structured, commonly used, machine-readable format (JSON) via the Security page.
4.5 Right to Restriction of Processing (Art. 18)
You may request that we restrict processing of your data in certain circumstances. Contact us at service@argentosims.com.
4.6 Right to Object (Art. 21)
You have the right to object to processing based on legitimate interest. Contact us and we will review your request.
4.7 Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
5. Data Protection Measures
We implement appropriate technical and organizational measures to ensure data security:
- Encryption: TLS/SSL for all data in transit; encryption at rest for DynamoDB and S3 storage
- Access Control: Role-based access control (RBAC) with four privilege levels
- Authentication: AWS Cognito with JWT tokens and optional TOTP-based MFA
- Session Security: httpOnly, secure cookies with automatic expiration
- Rate Limiting: API endpoint rate limiting to prevent abuse
- Audit Logging: Administrative actions are logged for accountability
- Data Minimization: We collect only what is necessary for the Services
6. Data Retention Periods
| Data Type | Retention Period | Justification |
|---|---|---|
| Account information | Until deletion requested | Contract performance |
| Chat messages | 90 days (TTL) | Service operation |
| Login history | 90 days (TTL) | Security monitoring |
| Activity feed | 90 days (TTL) | Service operation |
| Trade history | 1 year | Dispute resolution |
| Payment records | 7 years | Legal obligation (tax law) |
| Support tickets | 2 years after resolution | Customer support quality |
7. International Data Transfers
Personal data is stored and processed in the United States (AWS us-east-2, Ohio region). For transfers from the EEA/UK to the US, we rely on:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- AWS's compliance with applicable data protection frameworks
8. Sub-Processors
We use the following sub-processors who may process personal data:
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, authentication, database | United States (us-east-2) |
| Stripe | Payment processing | United States |
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected users without undue delay if the breach is likely to result in a high risk
- Document all breaches and corrective actions taken
10. Supervisory Authority
If you are in the EEA, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.
11. Contact Us
For GDPR-related inquiries or to exercise your data protection rights:
Argento Simulations LLC — Data Protection5900 Balcones Drive, Austin, TX 78731
Email: service@argentosims.com
We aim to respond to all data protection requests within 30 days.