GDPR Compliance

Last Updated: April 10, 2026

🇪🇺 EU Data Protection: SandboxSphere is committed to complying with the General Data Protection Regulation (GDPR) for all users in the European Economic Area (EEA). This page explains your rights and how we protect your personal data under GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation that took effect on May 25, 2018. It provides individuals in the EEA with control over their personal data and establishes strict requirements for organizations that handle such data.

Our GDPR Commitment

SandboxSphere is committed to GDPR compliance by:

Processing personal data lawfully, fairly, and transparently
Collecting data only for specified, explicit, and legitimate purposes
Ensuring data accuracy and keeping it up to date
Retaining data only as long as necessary
Implementing appropriate security measures
Respecting individuals' rights under GDPR

Your Rights Under GDPR

As an EEA resident, you have the following rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

You can request limitation of how we use your data.

Right to Data Portability

You can receive your data in a structured, machine-readable format.

Right to Object

You can object to certain types of processing, including direct marketing.

Rights Related to Automated Decisions

You can request human intervention for automated decisions.

Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Email us at [email protected]
Use our Contact Form
Submit a request through your account settings

We will respond to your request within one month. If your request is complex, we may extend this period by two months and will inform you of the extension.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: When you opt-in to marketing communications or certain features
Contract: To provide our services and fulfill our contractual obligations
Legal Obligation: To comply with applicable laws and regulations
Legitimate Interests: For business operations, security, and improvement of services
Vital Interests: To protect life and safety in emergency situations

Data Transfers Outside the EEA

Your data may be transferred to countries outside the EEA. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules for intra-group transfers
Data Processing Agreements with all third-party processors
Compliance with EU-US Data Privacy Framework (where applicable)

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

Email: [email protected]
Address: SandboxSphere Inc., 123 Gaming Street, San Francisco, CA 94102

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your country of residence or work if you believe your GDPR rights have been violated. In Ireland, the supervisory authority is the Data Protection Commission (DPC).

Updates to This Page

We may update this GDPR compliance page periodically to reflect changes in our practices or regulations. We will notify you of significant changes via email or platform announcement.

Additional Information

For more details about how we handle your personal data, please see our:

Privacy Policy
Cookie Policy
Terms of Service