Privacy Policy

This Privacy Policy explains how Cookedasset ("we", "us", or "our") collects, uses, stores, and shares information when you use our applications and games on the Meta Quest platform (each, an "App"). By using an App, you agree to the practices described in this Policy.

1. Information we collect

We deliberately collect as little information as possible. The categories below describe everything our Apps can read or store about you.

We do not collect: real name, email address, phone number, postal address, payment information, precise location, contacts, microphone audio, camera frames, facial geometry, eye-tracking data, body-tracking data, room-scan data, or any other biometric or sensitive personal information.

2. How we use information

We use the information described above only for the following purposes:

• Creating your in-game account. Your Meta User ID is the unique identifier we store on our servers; your Meta username is stored as your display name so other players can see who you are.
• Saving your progress. So you can quit the App and come back without losing what you've earned or unlocked.
• Multiplayer and social features. Showing your username on leaderboards, in lobbies, and during matches with other players.
• Service operation. Authenticating that you actually own the App on the Meta Quest store, preventing cheating, and enforcing our Terms of Service.
• Diagnostics. Fixing bugs and improving stability based on anonymous crash reports.

We do not use your information for advertising, advertising profiling, sale to data brokers, or any purpose unrelated to operating the App.

3. Meta Quest Platform SDK

Our Apps integrate the Meta Quest Platform SDK (sometimes called the "Oculus Platform SDK"). This is the standard library Meta provides to developers to authenticate the player and enable platform features such as entitlements, leaderboards, achievements, and friends.

When you launch one of our Apps:

1. The App asks the Meta Quest Platform SDK to confirm you own the App (an "entitlement check").
2. The App requests your Meta User ID and Meta username via the SDK's User API.
3. The App sends those two values to our backend servers, which create or look up your in-game account.

Information you provide to Meta (your real name, email, payment method, account settings, headset telemetry, etc.) is handled by Meta under Meta's own privacy policy, not ours. We never see that information. To learn how Meta handles your data, see Meta's Privacy Policy and Supplemental Meta Platforms Technologies Privacy Policy.

4. Legal basis for processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for processing your information depends on the purpose:

• Contractual necessity. Creating your in-game account, saving progress, and providing multiplayer features are necessary to deliver the App you've chosen to use.
• Legitimate interests. Diagnostics, anti-cheat, and security are processed under our legitimate interest in running a working, fair, and safe service.
• Legal obligation. Where we must retain or disclose information to comply with applicable law.

5. Sharing and disclosure

We share information only in these limited situations:

• Service providers. Cloud hosting (for storing your in-game account and progress) and crash-reporting tools. These providers are contractually bound to use the data only to operate our service.
• Other players. Your Meta username is visible to other players in social and multiplayer features of the App. Your Meta User ID is not displayed.
• Meta. Some platform features (leaderboards, achievements, friends) operate through Meta's own services; data flows through Meta as required by the Platform SDK.
• Legal compliance. If required by valid legal process, or to protect the rights, property, or safety of Cookedasset, our users, or others.
• Business transfers. If Cookedasset is involved in a merger, acquisition, or sale of assets, your information may transfer as part of that transaction; we will notify users before any such transfer takes effect.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

6. Data retention

We keep your in-game account (Meta User ID, username, gameplay state) for as long as the account is active. If you ask us to delete your account, we will delete or irreversibly anonymize the associated data within 30 days, except where applicable law requires longer retention. Anonymous diagnostic logs are retained for up to 180 days and then deleted. See Section 9.1 for how to request deletion.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information: encryption in transit (TLS), encryption at rest where supported by our cloud provider, access controls, and the principle of least privilege. No system is perfectly secure, so we cannot guarantee absolute security, but we work continuously to protect your data.

8. Children's privacy

Our Apps follow Meta's age requirements for the Meta Quest platform. Meta requires users to meet the minimum age set for their region (currently 10 years old, with parent-managed accounts for users 10–12). We rely on Meta's age verification at the platform level.

We do not knowingly collect personal information directly from children in a way that would violate the United States Children's Online Privacy Protection Act ("COPPA") or comparable laws. If a parent or guardian believes that a child has provided personal information to us outside Meta's parent-managed account flow, please contact us at [email protected] and we will delete it.

9. Your rights and choices

Depending on where you live, you may have rights to:

• Access the personal information we hold about you.
• Correct information that is inaccurate. (Your Meta username is managed by you through Meta — changing it there will update what we display.)
• Delete your in-game account and associated data.
• Object to or restrict certain processing.
• Port your data in a machine-readable format.
• Withdraw consent, where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email [email protected] from the contact method associated with your Meta account, or from any address that allows us to verify your identity. We will respond within the timeframe required by applicable law (typically 30 days).

9.1 How to request deletion of your data

Any user, regardless of where they live, can ask us to delete the data we have collected or stored about them. You do not need to still have the App installed to make this request.

• How to ask. Email [email protected] with the subject line "Data deletion request." Send it from the contact method associated with your Meta account, or include your Meta username so we can verify the request is from you.
• What we delete. Your in-game account and the data tied to it: Meta User ID, Meta username, gameplay progress, in-game stats, settings, and preferences described in Section 1.
• Timeline. We will confirm receipt within 7 days and complete deletion or irreversible anonymization within 30 days.
• No fee. Deletion is free. We will never charge you, require a purchase, or condition deletion on anything else.

We may decline or delay a deletion request only in the following narrow cases, and we will tell you which one applies:

• We cannot reasonably verify that the request is from you or your authorized agent.
• Applicable law requires us to retain the data (for example, tax, accounting, or other legal-retention obligations).
• The data is needed to complete an active fraud, cheating, abuse, or safety investigation, or to establish, exercise, or defend a legal claim.
• Retention is necessary to enforce a ban or other account action under our Terms of Service.

Where an exception applies to only part of your data, we will delete everything else and explain what was kept and why. When the basis for retention ends, the remaining data is deleted.

10. International data transfers

Cookedasset operates internationally. Your information may be transferred to, stored, and processed in countries other than the one you live in, including the United States. Where required by law, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses for these transfers.

11. California residents (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. These include the rights to know, delete, correct, and limit the use of sensitive personal information, and the right not to be discriminated against for exercising your rights.

We do not sell or share personal information as those terms are defined under the CCPA/CPRA. The categories of personal information we collect and the purposes for collection are described in Section 1 and Section 2 above.

12. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we will provide additional notice (such as an in-App notice on next launch). Continued use of the App after an updated Policy takes effect constitutes acceptance of the changes.

13. Contact us

Questions, requests, or concerns about this Policy can be sent to:

Cookedasset
Email (privacy): [email protected]
Email (general): [email protected]