Privacy
Policy
We try to be honest and plain about how we handle data. This Privacy Policy explains what information SigChain Guard collects, why we collect it, and how we protect it. If something is unclear, email us at support@sigchainguard.com and we will explain it.
Overview
SigChain Guard ("SCG," "we," "us," or "our") is an independently built security SDK platform for Unity VR game developers. This Privacy Policy applies to our website at sigchainguard.com, our developer dashboard, and our SDK and API services (collectively the "Service").
SCG is currently operated as a sole proprietorship. We take data minimization seriously — we collect only what is necessary to provide the Service and nothing more. We do not sell data. We do not run ads. We do not build profiles on end users.
There are two categories of people whose data we may handle: Developers who sign up and use our platform directly, and End Players whose devices are validated through a developer's game that uses our SDK.
What We Collect
From Developers (you, if you have an account):
| Data | Why We Collect It | How It's Stored |
|---|---|---|
| Email address | Account login, notifications, 2FA codes | Plain text — required to contact you |
| Password | Account authentication | Bcrypt hashed — never stored in plain form |
| APK certificate fingerprint | Verify you own your registered app | SHA-256 hash |
| Package name | Identify your registered game | Plain text |
| Game name | Display in your dashboard | Plain text |
| Payment information | Subscription billing | Handled entirely by Lemon Squeezy — we never see or store raw card details |
| Session cookies | Keep you logged into the dashboard | Encrypted session token — see Cookies section |
From End Players (players of games that use our SDK):
| Data | Why We Collect It | How It's Stored |
|---|---|---|
| Hardware ID (HWID) | Identify and ban cheating devices | SHA-256 hashed — one-way, not reversible, not personally identifiable |
| Device model | Device profiling for validation context | Plain text string |
| Validation result | Pass/fail record per session | Enum value + timestamp |
| Boot state signals | Detect rooted or modified devices | Boolean flags |
| SDK version | Enforce minimum version requirements | Version string |
What we do not collect from end players: Names, email addresses, account credentials, location data, IP addresses, browsing history, or any content from within the game itself. End player HWIDs are hashed and cannot be used to identify a real person.
How We Use It
We use the data we collect for the following purposes only:
We do not use your data or your players' data for advertising, marketing to third parties, AI model training, or any purpose not listed above.
Third-Party Services
We use the following third-party services to operate SCG. Each has access only to the data necessary for their specific function.
We do not sell or share your data with any third party beyond the services listed above. If we add a new third-party service that handles personal data, we will update this policy and notify you.
Cookies
We use cookies on our website and developer dashboard for the following purposes:
| Cookie | Purpose | Duration |
|---|---|---|
| Session token | Keeps you logged into the dashboard so you do not have to sign in on every visit | Until you log out or session expires |
| CSRF token | Security — prevents cross-site request forgery attacks on your account | Per session |
| Preference cookies | Remember dashboard UI preferences if any | 30 days |
We do not use advertising cookies, third-party tracking cookies, or analytics cookies. We do not use Google Analytics or any similar tracking service.
You can disable cookies in your browser settings, but doing so will prevent you from staying logged into the dashboard and may affect functionality.
Data Retention
We retain data for as long as your account is active and for 7 days after termination or cancellation, after which all data is permanently deleted. Specific retention periods:
Data deletion is permanent. Once your account data is deleted after the 7-day grace period, it cannot be recovered. We recommend exporting any data you need before cancelling your subscription.
Security
We implement industry-standard technical and organizational measures to protect your data:
No system is 100% secure. In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of it, as required by applicable law, and will provide information about what was affected and what steps we are taking.
Children & Minors
SigChain Guard is a developer tool. Our direct users — developers who create accounts and integrate our SDK — must be at least 11 years old. Users between 11 and 17 must have parental or guardian consent as described in our Terms of Service.
Regarding end players of games using our SDK: Our SDK collects only hashed hardware identifiers and device signals from players — it does not collect names, ages, email addresses, or any personally identifiable information. Because we do not collect personal information that would allow us to identify whether an end player is a minor, COPPA's verifiable parental consent requirements do not apply to our end player data collection.
Game developers who integrate SCG are responsible for their own compliance with applicable laws regarding minors in their games, including COPPA in the United States and similar regulations in other jurisdictions.
If you believe we have inadvertently collected personal information from a child under 13 through our developer platform, please contact us immediately at support@sigchainguard.com and we will delete it promptly.
GDPR — Rights of EU Residents
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and equivalent legislation. Our lawful basis for processing your personal data is performance of a contract (providing the Service you subscribed to) and legitimate interests (security and fraud prevention).
To exercise any of these rights, contact us at support@sigchainguard.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Data transfers: Our services are hosted in the United States. If you are in the EEA, your data is transferred to and processed in the US. We rely on standard contractual clauses and the data protection commitments of our service providers to ensure appropriate safeguards for such transfers.
CCPA — Rights of California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.
To exercise your California privacy rights, contact us at support@sigchainguard.com with the subject line "California Privacy Request." We will respond within 45 days as required by law.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post a notice in your dashboard at least 30 days before the changes take effect.
The "Last Updated" date at the top of this page reflects when the policy was most recently changed. We encourage you to review this policy periodically.
Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.
Contact
If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern, contact us at:
SigChain Guard
Email: support@sigchainguard.com
Website: sigchainguard.com
We try to respond to all privacy-related inquiries within 5 business days. For GDPR and CCPA requests we will respond within the legally required timeframes.