Legal
Privacy Policy
Effective 10 May 2026
TurnLoop Games, Inc. (“TurnLoop,” “we,” “us,” or “our”) operates the corporate website at https://turnloop.games (the “Website”). This Privacy Policy explains how we handle personal information in connection with the Website and related email correspondence.
The Website is a pre-launch corporate site for business, platform, vendor, startup-perk, and general corporate purposes. It does not currently provide games, apps, accounts, downloads, newsletters, waitlists, forums, contests, sweepstakes, virtual currency, in-game items, user-generated content, advertising, analytics, or product services. Future consumer products will require separate product-specific legal documents before launch.
Plain English: this policy covers the current corporate website, not a future game.
1. Who we are
The controller responsible for the Website is:
TurnLoop Games, Inc. 251 Little Falls Drive Wilmington, New Castle County Delaware 19808 United States
TurnLoop Games, Inc. is incorporated in the State of Delaware, United States. Date of incorporation: 2026-03-02. Delaware File Number: 10529681. TurnLoop’s registered agent is Corporation Service Company (CSC), at the same address.
Privacy and data-subject requests: privacy@turnloop.games
General/support: support@turnloop.games
Legal notices: legal@turnloop.games
For the EU General Data Protection Regulation (“GDPR”) and UK GDPR, TurnLoop Games, Inc. determines the purposes and means of the limited processing described in this Privacy Policy and is the controller.
2. What the Website does not collect directly
The Website does not collect personal data directly from visitors through forms, accounts, signups, or trackers. It has no forms, no login, no newsletter or waitlist, no job-application flow, no first-party cookies, no analytics tools, no third-party scripts, no advertising pixels, no social-media widgets, and no third-party fonts.
The Website contains mailto: links. If you choose to send us an email, we process the
information in that email as described below.
3. Hosting and network infrastructure
The Website is a static HTML site hosted on Cloudflare Pages. When you request a page, Cloudflare may process standard request metadata such as IP address, user agent, request path, timestamp, TLS information, approximate network location, and security-event information.
This processing is necessary for CDN routing, TLS/HTTPS delivery, DDoS mitigation, bot and abuse prevention, rate-limiting, troubleshooting, and reliability. Cloudflare may also set strictly necessary technical identifiers at the network edge for these purposes.
Cloudflare acts as a service provider or processor for infrastructure functions. Cloudflare may also process some information as an independent controller where its own legal obligations, network-security responsibilities, or service terms require it. TurnLoop does not use Cloudflare Pages to build analytics profiles about Website visitors.
Plain English: Cloudflare needs basic technical request data to deliver and protect the site, but we are not using it as a marketing or analytics system.
4. Email correspondence
If you email support@turnloop.games, privacy@turnloop.games, or legal@turnloop.games, your message is routed through Cloudflare Email Routing and forwarded to a private inbox controlled by TurnLoop Games.
We may process your email address, name, message content, attachments, signature block, email metadata, and any personal information you voluntarily include. We use it to respond, maintain proportionate business records, protect our rights, and comply with law.
Please do not send highly sensitive information, passwords, payment card numbers, government ID numbers, health information, or confidential business information unless we have specifically requested it through an appropriate secure process or have signed a separate agreement with you.
5. How we use personal information
We use the limited personal information described in this Privacy Policy for the following purposes:
- to make the Website available and secure;
- to prevent abuse, spam, fraud, denial-of-service attacks, and unauthorized access;
- to operate TLS, CDN, routing, and email-routing infrastructure;
- to receive, triage, review, and respond to emails you send us;
- to maintain proportionate business, legal, and corporate records;
- to evaluate business, vendor, platform, legal, or startup-perk enquiries you voluntarily send us;
- to comply with applicable laws, lawful requests, and legal obligations; and
- to establish, exercise, or defend legal claims.
We do not use Website visitor data for advertising, interest-based advertising, behavioural profiling, cross-context behavioural advertising, sale, sharing for advertising, or analytics.
6. Legal bases under GDPR and UK GDPR
Where GDPR or UK GDPR applies, we rely on the following legal bases:
- Legitimate interests (GDPR Art. 6(1)(f)): operating a secure corporate Website, preventing abuse, maintaining network security, receiving and responding to correspondence, and keeping proportionate business records. We reduce privacy impact by avoiding analytics, advertising pixels, unnecessary cookies, social widgets, and direct Website data collection.
- Legal obligation (GDPR Art. 6(1)(c)): where we must process or retain information to comply with applicable law, court orders, tax, accounting, corporate, sanctions, or regulatory obligations.
- Legal claims: where processing is necessary to establish, exercise, or defend legal claims. Depending on context, this may be based on legitimate interests or legal obligation.
- Consent (GDPR Art. 6(1)(a)): only where we specifically ask for consent and consent is the appropriate basis for a particular future processing activity. Where consent applies, you may withdraw it at any time, without affecting processing already carried out before withdrawal.
Plain English: our main basis is the legitimate need to run a secure company website and answer emails; we do not rely on consent unless we actually ask for it.
7. Cookies and similar technologies
TurnLoop does not set cookies of its own on the Website. We do not use analytics cookies, advertising cookies, social-media cookies, tracking pixels, local-storage trackers, fingerprinting scripts, heatmaps, session replay, or SDKs on the Website.
Cloudflare may set strictly necessary technical identifiers at the network edge for security, routing, rate-limiting, bot management, TLS, DDoS mitigation, or similar infrastructure functions. These identifiers are not used by TurnLoop for advertising or analytics. Cloudflare’s cookie policy is available at https://www.cloudflare.com/cookie-policy/.
If we add features in the future that use non-essential cookies or similar technologies, we will update this Privacy Policy and the Cookie Notice and provide a consent mechanism where required by law.
8. Disclosure of personal information
We disclose personal information only as needed for the purposes described in this Privacy Policy. Recipients may include:
- hosting, security, email-routing, domain, and infrastructure providers, including Cloudflare;
- private inbox, productivity, storage, or communication providers used to receive and manage email correspondence;
- professional advisers such as attorneys, accountants, auditors, insurers, tax advisers, and corporate service providers;
- government authorities, courts, regulators, law-enforcement bodies, or other parties where legally required or reasonably necessary to protect rights, safety, security, or property; and
- a successor, acquirer, investor, lender, assignee, or adviser in connection with a financing, merger, acquisition, reorganization, sale of assets, due diligence process, insolvency process, or similar corporate transaction, subject to appropriate confidentiality protections.
We do not sell personal information. We do not share personal information for cross-context behavioural advertising. We do not disclose personal information to advertising networks.
9. Notice at Collection for California residents
This section is provided for transparency and, where applicable, to address California notice-at-collection expectations under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”) (Cal. Civ. Code § 1798.100 et seq.). Whether the CCPA/CPRA applies to TurnLoop may depend on statutory thresholds and other facts.
Categories of personal information we may process in connection with the current Website:
- Identifiers: IP address processed by Cloudflare; email address, name, signature block, or contact details if you email us.
- Internet or other electronic network activity information: user agent, request path, timestamp, and security or routing metadata processed by Cloudflare.
- Approximate geolocation: approximate location may be inferred from IP address by infrastructure providers for routing, security, or legal compliance. TurnLoop does not use this to track you.
- Professional or employment-related information: only if you voluntarily include it in an email, such as in a vendor, investor, platform, press, contractor, or partnership enquiry.
- Sensitive personal information: we do not request sensitive personal information through the Website. If you voluntarily include it in an email, we use it only to respond to your message, comply with law, or protect rights, and not to infer characteristics about you.
Sources: you, if you email us; and Cloudflare or other infrastructure providers, for technical request metadata.
Purposes: Website security and delivery, email correspondence, legal compliance, fraud and abuse prevention, business records, and legal claims.
Retention: see Section 14 below.
Sale or sharing: we do not sell personal information and do not share personal information for cross-context behavioural advertising.
10. California privacy rights
If the CCPA/CPRA applies to TurnLoop and to your information, California residents may have the right, subject to verification and legal limits, to know, access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and be free from discrimination for exercising privacy rights.
Because we do not sell personal information, share it for cross-context behavioural advertising, or use sensitive personal information to infer characteristics, those opt-out and limitation rights are unlikely to apply to the current Website.
To exercise rights, email privacy@turnloop.games. We may need to verify your identity by matching information you provide with information we have, such as the email address used in prior correspondence. You may use an authorized agent where permitted by law; we may request proof of authorization and direct identity verification.
11. GDPR and UK GDPR rights
If GDPR or UK GDPR applies to you, you may have the following rights, subject to legal limits:
- access: to obtain confirmation and a copy of personal data we process about you;
- rectification: to correct inaccurate or incomplete personal data;
- erasure: to request deletion of personal data in certain circumstances;
- restriction: to restrict processing in certain circumstances;
- portability: to receive personal data you provided to us in a structured, commonly used, machine-readable format where the right applies;
- objection: to object to processing based on legitimate interests;
- withdrawal of consent: to withdraw consent where processing is based on consent; and
- complaint: to lodge a complaint with a supervisory authority.
For UK users, the lead supervisory authority is the Information Commissioner’s Office (ICO). EU users may contact the data protection authority in their EU Member State.
To exercise rights, email privacy@turnloop.games. We generally respond within one month where GDPR or UK GDPR applies, unless a lawful extension applies.
12. EU and UK representative status
TurnLoop Games, Inc. is not established in the European Union or the United Kingdom. For the current Website alone, TurnLoop does not consider an EU or UK representative appointment required under GDPR Article 27 or UK GDPR Article 27 because the Website does not offer consumer products or services to individuals in the EU or UK, does not monitor individuals’ behaviour, does not operate accounts, does not conduct advertising or analytics, and does not collect personal data directly from visitors.
We will reassess this position before any material Website change or product launch that involves offering services to individuals in the EU or UK, monitoring behaviour, operating accounts, using analytics or advertising, or collecting personal data directly.
Plain English: the current static Website does not have an EU or UK representative, and this must be reviewed before any game, waitlist, account, analytics, or advertising feature goes live for EU or UK users.
13. Children’s privacy
The Website is not directed to children. It is a corporate information page for business, platform, vendor, legal, and general enquiries. We do not knowingly collect personal information from children through the Website.
If we learn that a child has provided personal information through Website-related email without appropriate consent, we will use the information only to respond appropriately, delete it where required, and avoid further communication unless a parent or guardian is involved.
Future TurnLoop consumer products will require a separate child-safety and privacy review before launch, including COPPA, GDPR/UK GDPR age-of-consent rules, platform child-safety rules, age gates, parental consent, ads/analytics, social features, account deletion, and in-app purchases.
If you believe a child provided personal information to us through the Website, contact privacy@turnloop.games.
14. Retention
We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.
- Website request metadata: retained by Cloudflare according to Cloudflare’s systems, settings, and TurnLoop’s account configuration. Any hosting or security logs available to TurnLoop are retained only as long as reasonably needed for security, troubleshooting, legal compliance, and business-record purposes.
- Email correspondence: retained as needed to respond, manage the business relationship, maintain records, comply with law, and protect rights.
- Legal, tax, accounting, and corporate records: retained as long as necessary for legal obligations, governance, disputes, or claims.
- Backups: information may remain in backups until overwritten or deleted according to the applicable provider’s backup cycle.
When information is no longer needed, we delete, anonymize, or isolate it from further active use, unless retention is legally required.
15. International transfers
TurnLoop Games, Inc. is incorporated in Delaware, United States. Personal information may be processed in the United States, the European Union, the United Kingdom, or other locations where our infrastructure, email, or professional service providers operate.
Where GDPR or UK GDPR applies and data is transferred to a country without an adequacy decision, we will rely on appropriate safeguards where required, such as Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful mechanism.
16. Security
We use reasonable administrative, technical, and organizational measures appropriate for the current Website, including HTTPS/TLS, Cloudflare network security, a static architecture, minimal data collection, no third-party trackers, and restricted access to business email inboxes.
No website, email system, or internet transmission is completely secure. You should not send passwords, government ID numbers, payment card numbers, health information, or other sensitive information to us by email unless specifically requested through a secure process.
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date above. For material changes, we may provide additional notice on the Website or by other appropriate means, depending on the nature of the change and the information available to us.
Changes apply when posted, unless the updated policy states a later effective date.
18. Contact us
For privacy questions or data-subject requests, contact:
TurnLoop Games, Inc. 251 Little Falls Drive Wilmington, New Castle County Delaware 19808 United States