| Language: |
Crosstalk: Privacy Policy
Last Updated: July 2026
Ongakken Corporation OU ("Company") respects the privacy of all users and is committed to protecting personal data. This Privacy Policy explains how the Company collects, uses, discloses, and safeguards information when users access Crosstalk (the "Game") and related services.
This Privacy Policy applies to users in all jurisdictions, including the European Union (GDPR), California (CCPA), and the United States (COPPA). The Company has designed this policy to comply with applicable data protection laws in all regions where the Game is available.
1. Data Controller
The data controller responsible for personal data is:
Ongakken Corporation OU
Kalaranna 8/2-30, 10415, Tallinn, Estonia
Email: support@ongakken.com
For GDPR purposes, the Company is the controller of the personal data it collects, except where data is processed by Valve Corporation (Steam) through Valve-operated services, in which case Valve is the controller for that data.
2. Information the Company Collects
The Company handles user data associated with gameplay and basic device information through its game service servers. This data is stored in encrypted form over the wire and at rest, using post-quantum algorithms wherever possible and reasonable. All other data leaves the user's device only through Valve's Steam infrastructure and/or through channels the user initiates (such as a support email).
2.1 Account Data (via Steam)
When a user plays Crosstalk through Steam, the Game receives certain information from Valve Corporation on the user's device:
- Steam ID: The user's unique 64-bit Steam identifier
- Display Name: The user's public Steam username
- Avatar: The user's Steam profile picture
The Company does not have access to the user's Steam password, email address, payment information, and/or other sensitive account details held by Valve.
2.2 Gameplay Data
During gameplay, the Game processes on the user's device and, where the user connects to the Company's game service servers, transmits to those servers:
- Design and Game State: Board designs, component placements, trace routes, city state, scenario progress, and in-game statistics
- Leaderboard Data: Scores and rankings the user achieves, submitted to Valve's Steam leaderboard infrastructure where offered
- Workshop Interactions: Content the user subscribes to, uploads, and/or downloads via Steam Workshop
2.3 Technical Data
The Game generates and/or collects:
- Device Information: Operating system, hardware specifications, graphics card, available memory; basic device information is transmitted to the Company's game service servers when the user connects
- Connection Data: The IP address used to connect to the Company's game service servers
- Log Data: Local log files including session events, errors, and crash information
Log and crash data remain on the user's device. The Company receives such data only if the user chooses to submit it, either through the built-in bug reporter (see Section 2.8) and/or by attaching log files to a support email.
2.4 Telemetry Data (Opt-In Only)
If the Game offers a telemetry program and the user chooses to participate, the Company additionally collects:
- Detailed Gameplay Analytics: Feature usage frequency, navigation patterns, and gameplay patterns
- Behavioral Data: How the user interacts with menus, tutorials, and game systems
- Session Data: Anonymized gameplay patterns for balancing purposes
Participation in telemetry is entirely voluntary. The user can enable and/or disable telemetry at any time through the Game's settings menu. The Company genuinely appreciates those who help improve Crosstalk.
2.5 Game Progress and Saves
The user's game progress and designs are stored:
- Locally: On the user's device
- Steam Cloud: If the user has Steam Cloud enabled, saves sync across devices via Valve's infrastructure
2.6 Playtest Program Recordings
If the user participates in the Steam Playtest program, as described in Section 6 of the End User License Agreement, the Company may record the user's gameplay sessions. These recordings are retained for promotional purposes as consented to upon enrollment. The user may withdraw this consent at any time as described in EULA Section 6.2.4 and Section 9 of this Privacy Policy.
2.7 Identifiers and Server-Side Retention
Data handled by the Company's game service servers is associated with the following identifiers:
- The user's chosen in-game username
- The user's Steam ID, Steam name, and/or Steam profile overall
- The IP address used to connect
This data is stored in encrypted form at rest, using post-quantum algorithms wherever possible and reasonable, for up to one (1) year after the user's last attempted connection to the game service servers, after which it is deleted and/or anonymized.
2.8 Built-In Bug Reporter (Optional)
The Game includes a built-in bug reporter. The bug reporter is fully optional: it serves as an avenue should the user choose to transmit debugging information to the Company, and transmitting any data through it is entirely at the user's discretion, though greatly appreciated. When the user chooses to send a report, the transmission may include log data, crash information, device information, and any description the user provides. Bug reports are handled as described in Sections 7 and 8.
3. How the Company Collects Information
Collection Method
Data Types
User Control
From Steam (on-device)
Account data
Managed via Steam settings
Automatically during gameplay
Design/game state, device information, IP address
Necessary for game function and online services
User-initiated submission (built-in bug reporter, support email)
Bug reports, log files, crash information
Fully optional; sent only at the user's discretion
With user consent
Telemetry data
Opt-in; toggle in settings
Playtest enrollment
Gameplay recordings
Consent given upon enrollment
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, the Company processes personal data on the following legal bases:
4.1 Contract Performance (Article 6(1)(b) GDPR)
Processing necessary to provide the Game and Services the user requested:
- Account authentication via Steam
- Online game services provided through the Company's game service servers
- Leaderboard functionality
- Steam Cloud saves
- Steam Workshop functionality
4.2 Legitimate Interests (Article 6(1)(f) GDPR)
Processing necessary for the Company's legitimate business interests, balanced against user rights:
- Fraud prevention and anti-cheat measures
- Security monitoring and abuse prevention
- Game balancing and improvement based on aggregated data
- Bug fixing based on user-submitted reports
4.3 Consent (Article 6(1)(a) GDPR)
Processing based on the user's explicit consent:
- Telemetry data collection (opt-in)
- Bug report transmission via the built-in bug reporter (at the user's discretion)
- Playtest recordings for promotional use
The user may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
4.4 Legal Obligation (Article 6(1)(c) GDPR)
Processing necessary to comply with legal obligations:
- Tax reporting for prize winnings
- Responding to lawful government requests
5. How the Company Uses Information
The Company uses collected information to:
Purpose
Data Used
Provide the Game
Account data, game state (on-device)
Provide online game services
Gameplay data, device information, identifiers (Section 2.7)
Maintain leaderboards
Steam ID, scores, rankings
Improve game quality
User-submitted reports, telemetry (if opted in)
Prevent cheating
Gameplay patterns, technical data
Customer support
Account data, information the user provides
Promotional materials
Playtest recordings (with consent)
Legal compliance
As required by law
The Company does NOT use user data for:
- Targeted advertising
- Selling to data brokers
- Profiling for purposes unrelated to the Game
6. Data Sharing
6.1 Valve Corporation (Steam)
The Game operates through Steam, and Valve processes data according to their own privacy policy. Data shared through Steam includes:
- Achievement and stats data
- Leaderboard scores
- Workshop content metadata
Valve-Operated Services: Certain services are provided directly by Valve, and data processing for these services is governed by Valve's Privacy Policy, not this Privacy Policy:
- Steam Cloud: Cloud save data
- Steam Workshop: Workshop content hosting and distribution
- Authentication: Steam account services
- Purchases and Refunds: Steam store transactions
For data processed by Valve through these services, refer to Valve's Privacy Policy.
Valve's Privacy Policy: https://store.steampowered.com/privacy_agreement/
6.2 No Sale of Personal Data
The Company does not sell personal data. The Company does not share personal data with third parties for any marketing purposes, whether such third party's own marketing, joint marketing, and/or any other marketing purpose.
6.3 Legal Disclosures
The Company may disclose user information if required by law, court order, and/or governmental authority, and/or if the Company believes disclosure is necessary to:
- Protect the Company's rights, property, and/or safety
- Prevent fraud and/or abuse
- Comply with legal process
7. International Data Transfers
7.1 Company Servers
Data the Company holds (including game service server data, support correspondence, user-submitted reports, telemetry if opted in, and Playtest recordings) is processed within the European Union. User data is processed exclusively at the Falkenstein data center (Germany) and/or the Helsinki data center (Finland).
7.2 Valve Infrastructure
Steam Cloud, Steam Workshop, leaderboards, and authentication are operated by Valve Corporation globally. For data processed by Valve, refer to Valve's Privacy Policy and their data processing practices.
7.3 Safeguards
For any transfers of personal data outside the EEA, the Company ensures appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs)
- Data processing agreements
- Technical security measures
8. Data Retention
The Company retains user data according to the following schedule:
Data Type
Retention Period
Gameplay data and device information (game service servers)
Up to 1 year after the last attempted connection
Support correspondence
2 years from last contact
Leaderboard entries
Indefinite (public scores)
Anonymized/aggregated gameplay statistics
Indefinite
User-submitted bug reports and crash/log data
90 days
Telemetry data
2 years, then anonymized
Playtest recordings
Until consent withdrawal (per EULA Section 6.2.4)
Steam Cloud saves
User-controlled via Steam
Game progress (local)
Until the user deletes it
After the retention period, personal data is either deleted and/or anonymized so it can no longer be associated with the user.
8.1 Anonymization
When the Company anonymizes data, the Company removes and/or irreversibly alters all identifiers so the data cannot reasonably be linked back to the user. Anonymized data is no longer considered personal data and may be retained indefinitely for research, analytics, and game improvement.
8.2 Account Deletion
If the user requests deletion of data and/or deletes the user's Steam account, the Company shall delete personal data within 30 days, except:
- Leaderboard entries (which display username only)
- Anonymized and/or aggregated data
- Data the Company is legally required to retain
- Playtest recordings already incorporated into published promotional materials (per EULA Section 6.2.4)
9. User Rights
9.1 Rights for EU/EEA/UK Users (GDPR)
If the user is located in the European Economic Area, United Kingdom, and/or Switzerland, the user has the following rights:
Right
Description
Access
Request a copy of personal data
Rectification
Request correction of inaccurate data
Erasure
Request deletion of data ("right to be forgotten")
Restriction
Request limited processing of data
Portability
Receive data in a structured, machine-readable format
Objection
Object to processing based on legitimate interests
Withdraw Consent
Withdraw consent for consent-based processing
Complaint
Lodge a complaint with a supervisory authority
To exercise these rights, contact the Company at support@ongakken.com. The Company shall respond within 30 days.
9.2 Rights for California Residents (CCPA)
If the user is a California resident, the user has the following rights under the California Consumer Privacy Act:
Right
Description
Know
Request disclosure of personal information collected, used, and shared
Delete
Request deletion of personal information
Opt-Out of Sale
The Company does not sell personal information
Non-Discrimination
The Company shall not discriminate against users for exercising rights
To exercise these rights, contact the Company at support@ongakken.com.
Verification: The Company may need to verify the user's identity before processing requests. The Company shall use the user's Steam ID and associated email for verification.
9.3 Rights for Other Jurisdictions
Depending on the user's location, the user may have similar rights under local data protection laws. Contact the Company to inquire about specific rights.
10. Children's Privacy (COPPA Compliance)
10.1 Age Restriction
Crosstalk is not intended for children under the age of 13. The Company does not knowingly collect personal information from children under 13 years of age.
10.2 No Knowing Collection
The Company does not knowingly:
- Request and/or collect personal information from children under 13
- Allow children under 13 to register and/or use the Game
- Target marketing and/or advertising to children under 13
10.3 Parental Notice
If a parent and/or guardian believes their child under 13 has provided personal information to the Company, they should contact the Company immediately at support@ongakken.com. The Company shall:
- Verify the claim
- Delete the child's personal information promptly
- Terminate any associated account access
10.4 Age Verification
The Company relies on Steam's age verification mechanisms. By using the Game, the user certifies that the user is at least 13 years of age.
11. Security Measures
The Company implements appropriate technical and organizational measures to protect personal data, including:
11.1 Technical Measures
- Encryption: Data handled by the Company's game service servers is encrypted over the wire and at rest, using post-quantum algorithms wherever possible and reasonable
- Minimal Collection: The Company collects only the data needed to provide the Game and its online services
11.2 Organizational Measures
- Limited Access: Only authorized personnel can access personal data
- Incident Response: Procedures for detecting and responding to data breaches
11.3 Breach Notification
In the event of a personal data breach that poses a risk to user rights, the Company shall:
- Notify the relevant supervisory authority within 72 hours (GDPR requirement)
- Notify affected users without undue delay if the breach poses a high risk
- Document the breach and remediation steps
12. Third-Party Links and Services
The Game may contain links to third-party websites and/or services (e.g., Steam Community, Workshop). The Company is not responsible for the privacy practices of these third parties. Users are encouraged to review their privacy policies before providing any personal information.
13. Changes to This Privacy Policy
The Company may update this Privacy Policy from time to time. Changes shall be effective when posted, and the Company shall update the "Last Updated" date at the top.
For material changes, the Company shall provide notice through:
- In-game notification
- Steam announcement
- Email (if the Company has the user's email address)
The user's continued use of the Game after changes constitutes acceptance of the updated Privacy Policy.
14. Contact the Company
If users have questions, concerns, and/or requests regarding this Privacy Policy and/or personal data, contact the Company:
Ongakken Corporation OU
Kalaranna 8/2-30, 10415, Tallinn, Estonia
Email: support@ongakken.com
14.1 EU Representative
For users in the European Union, the Company's representative for GDPR purposes can be contacted at:
Ongakken Corporation OU
Kalaranna 8/2-30, 10415, Tallinn, Estonia
Email: support@ongakken.com
14.2 Supervisory Authority
If the user is in the EU and believes the Company has not adequately addressed concerns, the user has the right to lodge a complaint with the local data protection supervisory authority.
For Estonia: Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Website: https://www.aki.ee/
15. Additional Information for Specific Features
15.1 Steam Workshop
- Content the user uploads is governed by Steam's Workshop terms, policies, and guidelines
- Workshop Content shall comply with Valve's Steam Workshop policies and shall not contain material illegal in any jurisdiction where Steam Workshop is served
- The Company defers to Valve's policies regarding Workshop content compliance
- The Company receives metadata about subscriptions and uploads
- User-generated content is subject to the EULA licensing terms (see EULA Sections 4.6A, 4.7, 4.8, and 4.9)
- The user bears sole responsibility for Workshop Content they upload
15.2 Leaderboards
- Leaderboard entries are public
- The user's Steam display name and score are visible to all users
- Users cannot opt out of leaderboard display while participating in ranked play
15.3 Esports and Tournaments
- Official competitions may require additional data (real name, age verification, tax information for prizes)
- Tournament participation is governed by separate Competition Rules
- Match recordings from official tournaments may be used for broadcast and promotional purposes
This Privacy Policy is effective as of July 2026.
Crosstalk is a trademark of Ongakken Corporation OU. All rights reserved.