Privacy Policy
Pulsewave by Grindare Studio
Last updated: 7 May 2026
1. Who we are
Pulsewave is operated by Grindare Studio Ltd, a private limited company registered in England and Wales (CRN 16941033), with registered office at Brookfield Court, Selby Road, Garforth, Leeds, England, LS25 1NB, United Kingdom.
For privacy questions, requests, or complaints, contact: patrykmajecki30@gmail.com.
2. What data we collect
2.1 Account & gameplay data
When you sign in to Pulsewave, your Steam account proves your identity to our servers. We then store a small set of game-specific data tied to your Steam ID:
| Data | Purpose |
|---|---|
| Steam ID | Your account identifier across our backend. |
| Display nickname | Shown to other players in lobbies and post-match screens. You set it; you can change it. |
| Match stats | Kills, deaths, wins, losses, mode, difficulty, duration, MMR. Used for matchmaking, leaderboards, and progression. |
| Progression | Level, XP, allocated skill tree nodes, currency balances (PULSE/SURGE), unlocked cosmetics. |
| Match logs | Per-match server-side audit log (timestamp, mode, score, anti-cheat events) kept for fairness investigations. |
2.2 Network data
To route you to the best multiplayer server we briefly process your IP address. We do not store it long-term — we keep it only for the duration of a match plus a short rolling window for abuse detection (typically <48h). Anti-cheat events that reference an IP are kept hashed.
2.3 Purchase data
If you buy a Battle Pass or in-game currency bundle through Steam, the actual payment is handled entirely by Valve. We never see or store your card, bank, or full billing details. We receive only a transaction confirmation and the entitlement attached to your Steam ID.
2.4 Website cookies
The pulsewavegame.com website itself is largely static. The page is delivered through Cloudflare, which sets a small number of strictly necessary cookies for security and traffic routing. We do not run analytics, advertising, or tracking pixels on the public site at this time. If we add analytics later, this policy will be updated and a cookie banner will be shown to visitors in the EU/UK before any non-essential cookie is set.
3. How we use your data
- Run the game. Matchmake you, sync your progress between sessions and devices, post your score to leaderboards.
- Keep matches fair. Detect cheating, abuse, exploits. Sanction accounts that violate the terms of service.
- Process purchases. Verify and apply Steam-issued entitlements (Battle Pass, currency bundles, cosmetics).
- Talk to you when you ask. Reply to your support emails.
- Stay legal. Comply with applicable laws (e.g. tax, fraud prevention).
We do not use your data for advertising profiling, sell it to data brokers, or share it with third parties for their own marketing.
4. Legal basis (UK GDPR / EU GDPR)
- Contract — most processing exists because you asked us to provide the game. We can't run multiplayer without storing some account state.
- Legitimate interests — fraud prevention, anti-cheat, abuse moderation, system security. These interests are balanced against your rights; we minimise what we collect and how long we keep it.
- Legal obligation — financial records related to purchases must be kept for tax/audit periods set by UK law.
- Consent — for any optional analytics or marketing we may add later, we'll ask first.
5. Where your data is stored
All Grindare Studio backend data is stored in the European Union, on infrastructure operated by Hetzner Online GmbH (Germany / Finland). Data is encrypted in transit (TLS) and at rest. Steam-side data (your Steam ID, friends list, Steam Cloud saves) is handled by Valve under Steam's privacy policy.
If you are based outside the EU/UK and your data crosses borders to reach our servers, we rely on the legal mechanisms recognised by UK GDPR (e.g. adequacy decisions, standard contractual clauses).
6. Who we share data with
| Recipient | What & why |
|---|---|
| Valve / Steam | Authentication, in-app purchases, Steam Cloud, leaderboards, achievements. Governed by Valve's privacy policy. |
| Hetzner Online GmbH | Hosting (game backend, database). Acts as a data processor. |
| Cloudflare | CDN and DDoS protection for pulsewavegame.com. |
| Other players | Your nickname, level, and match stats are visible to opponents and on leaderboards. Your Steam ID is not displayed publicly by us. |
We do not sell, rent, or trade your personal data. We may disclose data if compelled by a valid legal request (e.g. court order) and will push back on overbroad requests.
7. How long we keep it
- Account & progression data — for as long as your account is active. If you stop playing, we keep it so you can come back later. You can ask us to delete it sooner.
- Match logs — up to 12 months, then deleted or aggregated into anonymous statistics.
- Anti-cheat / abuse events — up to 24 months from last sanction, in case of repeat behaviour.
- Purchase records — minimum 6 years (UK tax law).
- Network logs (IP) — typically <48 hours, longer only for active investigations.
8. Your rights
If you are in the UK, EU, or another jurisdiction with similar laws, you have the right to:
- Access a copy of the data we hold about you.
- Correct data that is wrong (e.g. a wrong nickname after a Steam name change).
- Delete your account and the personal data attached to it ("right to be forgotten"). Some records — like financial records or anti-cheat logs of confirmed bans — are kept for legally required periods.
- Export your data in a machine-readable format.
- Object to certain processing based on legitimate interests.
- Withdraw consent at any time for processing that relies on consent.
- Complain to your local data protection authority. In the UK that's the Information Commissioner's Office (ICO).
To exercise any of these rights, email patrykmajecki30@gmail.com from the email address linked to your Steam account, or include enough detail for us to verify ownership. We respond within 30 days.
9. Children
Pulsewave is not directed at children under 13 (or under the equivalent minimum age in your country). We do not knowingly collect data from children. Steam itself enforces age requirements for account creation. If you believe a child has signed up and we hold their data, contact us and we will delete the account.
10. Security
We use modern, standard security practices: TLS for data in transit, encrypted backups, server hardening, principle of least privilege for staff access, and regular review of dependencies for known vulnerabilities. No system is perfectly secure — if a breach affects you we will notify you and the relevant authorities as required by law.
11. Changes to this policy
If we change this policy materially we will update the "Last updated" date at the top and, where the change is significant, notify you in-game or by email. Routine clarifications and typo fixes won't trigger a notification.
12. Contact
Privacy questions, access requests, deletion requests:
patrykmajecki30@gmail.com
General support:
patrykmajecki30@gmail.com