AssetiverseAssetiverseMarketplace For PlayCanvasMarketplace For PlayCanvas
Version: v1.0-2026

Assetiverse Privacy Policy

Effective Date: January 1, 2026

TL;DR (Privacy Summary)

This summary is for convenience only. The full policy below is legally binding.

  • We collect your account info, usage data, and payment details to operate the platform.
  • We don't sell your personal information to third parties.
  • We don't train AI on your content or personal data without explicit consent.
  • We use cookies for essential functions, analytics, and improving your experience.
  • We share data only with service providers (Stripe, Supabase, Vercel) who help run the platform.
  • You can request access to, correction of, or deletion of your personal data.
  • Quebec law applies — we comply with Law 25, PIPEDA, and applicable privacy regulations.
  • Data is stored primarily in Canada and the United States.
  • We notify you within 72 hours of any security breach affecting your data.

1. Introduction

1.1 Who We Are

This Privacy Policy ("Policy") explains how Agence 10-4, a corporation incorporated under the laws of Quebec, Canada, operating the Assetiverse platform ("Assetiverse", "Platform", "we", "us", or "our"), collects, uses, discloses, and protects your personal information.

1.2 Scope

This Policy applies to all users of the Assetiverse platform, including visitors, registered users, buyers, and creators. By using our Platform, you consent to the collection, use, and disclosure of your personal information as described in this Policy.

1.3 Contact Information

Privacy Officer:

Agence 10-4 Email: privacy@assetiverse.com

For all privacy-related inquiries, requests, or complaints, please contact our Privacy Officer at the email address above.

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Name and display name
  • Email address
  • Password (encrypted)
  • Profile picture (optional)
  • Country/region
  • Preferred language

Creator Information (if applicable):

  • Legal name and business name
  • Tax identification information
  • Payment information (processed via Stripe)
  • Bank account details (for payouts)
  • Government-issued identification (for verification)
  • Portfolio links and professional information

Content and Communications:

  • Assets you upload (for creators)
  • Reviews and ratings you submit
  • Messages and support requests
  • Survey responses and feedback

2.2 Information Collected Automatically

Usage Data:

  • Pages visited and features used
  • Search queries
  • Download and purchase history
  • Time spent on the Platform
  • Referral sources

Device and Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Screen resolution

Cookies and Similar Technologies:

  • Session cookies (essential for Platform functionality)
  • Persistent cookies (for preferences and authentication)
  • Analytics cookies (for understanding usage patterns)
  • See Section 7 for detailed cookie information.

2.3 Information from Third Parties

Authentication Providers:

  • If you sign in via Google, GitHub, or other OAuth providers, we receive your name, email, and profile picture from those services.

Payment Processors:

  • Stripe provides us with transaction confirmations and limited payment information necessary for order fulfillment.

3. How We Use Your Information

3.1 To Provide and Improve Our Services

  • Creating and managing your account
  • Processing purchases and payouts
  • Displaying and delivering digital assets
  • Providing customer support
  • Personalizing your experience
  • Improving Platform features and functionality

3.2 For Communications

  • Sending transactional emails (order confirmations, receipts)
  • Sending service announcements and updates
  • Responding to your inquiries and support requests
  • Sending marketing communications (with your consent)

3.3 For Security and Compliance

  • Verifying creator identities
  • Detecting and preventing fraud
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Responding to legal requests and protecting our rights

3.4 For Analytics and Research

  • Understanding how users interact with the Platform
  • Measuring the effectiveness of features
  • Conducting aggregated, anonymized research
  • Improving user experience

3.5 What We Don't Do

  • We do not sell your personal information to third parties.
  • We do not use your content or personal data to train AI/ML models without your explicit written consent.
  • We do not share your information with advertisers for targeted advertising purposes.

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Platform:

Provider Purpose Data Shared
Supabase Database and authentication Account data, usage data
Stripe Payment processing Payment and payout information
Vercel Hosting and CDN Technical data, IP addresses
PostHog Analytics Anonymized usage data
Resend Email delivery Email addresses, transactional content

These providers are contractually obligated to protect your information and may only use it for the purposes we specify.

4.2 Creators and Buyers

  • Buyers can see creator display names, profile pictures, and public portfolio information.
  • Creators can see limited buyer information necessary for support (display name, purchase date).
  • We do not share buyer email addresses or payment details with creators.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Protect the rights, property, or safety of our users or the public

4.4 Business Transfers

If Assetiverse is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

5.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes described in this Policy:

Data Type Retention Period
Account information Until account deletion + 30 days
Transaction records 7 years (tax/legal requirements)
Creator verification documents Duration of creator status + 7 years
Support communications 3 years
Analytics data 26 months (anonymized thereafter)
Server logs 90 days

5.2 Deletion

When you delete your account:

  • Your profile and personal information are deleted within 30 days
  • Transaction records are retained as required by law
  • Content you've purchased remains accessible to you
  • Assets you've sold (as a creator) remain available to existing buyers

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Receive a copy of your data in a portable format
  • Request information about how your data is processed

6.2 Correction

You can update your account information at any time through your account settings. You may also contact us to correct any inaccurate information.

6.3 Deletion

You have the right to request deletion of your personal information, subject to legal retention requirements. To delete your account, contact us at privacy@assetiverse.com.

6.4 Withdrawal of Consent

Where we process your information based on consent, you may withdraw that consent at any time. This includes:

  • Unsubscribing from marketing emails
  • Adjusting cookie preferences
  • Revoking OAuth access

6.5 Objection and Restriction

You may object to certain processing activities or request that we restrict processing of your information in specific circumstances.

6.6 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer at privacy@assetiverse.com. We will respond to your request within 30 days, as required by applicable law.

6.7 Complaints

If you believe we have violated your privacy rights, you may file a complaint with:

  • Commission d'accès à l'information du Québec (CAI)
  • Office of the Privacy Commissioner of Canada (OPC)

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you use them.

7.2 Types of Cookies We Use

Essential Cookies (Required)

  • Authentication and session management
  • Security features
  • Load balancing
  • These cannot be disabled as they are necessary for the Platform to function.

Functional Cookies

  • Language preferences
  • Display settings
  • Recently viewed items

Analytics Cookies

  • Understanding usage patterns
  • Measuring feature effectiveness
  • Identifying technical issues
  • We use PostHog for privacy-focused analytics.

7.3 Managing Cookies

You can manage cookie preferences through:

  • Your browser settings
  • Our cookie consent banner (shown on first visit)
  • Account privacy settings

Note that disabling certain cookies may affect Platform functionality.

7.4 Do Not Track

We respect "Do Not Track" browser signals. When detected, we limit analytics tracking accordingly.

8. Data Security

8.1 Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication for staff
  • Infrastructure: SOC 2 compliant hosting providers
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular security assessments and penetration testing

8.2 Your Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Enabling two-factor authentication (recommended)
  • Reporting any suspected unauthorized access

8.3 Security Incidents

In the event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of becoming aware of the breach
  • Provide details about the nature of the breach
  • Describe the steps we are taking to address it
  • Offer guidance on protecting yourself

9. International Data Transfers

9.1 Data Location

Your personal information is primarily stored and processed in:

  • Canada (primary data center)
  • United States (backup and CDN services)

9.2 Transfer Safeguards

When we transfer data internationally, we ensure adequate protection through:

  • Contractual clauses with service providers
  • Compliance with applicable data protection laws
  • Selection of providers with appropriate certifications

9.3 Quebec and Canadian Law

As a Quebec-based company, we comply with:

  • Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada's Anti-Spam Legislation (CASL)

10. Children's Privacy

10.1 Age Requirement

The Assetiverse platform is intended for users who are at least eighteen (18) years of age, or the age of legal majority in their jurisdiction. We do not knowingly collect personal information from individuals under 18 years of age.

10.2 Parental Notice

If we become aware that we have collected personal information from an individual under 18, we will take steps to delete that information promptly and terminate the associated account. If you believe we may have collected information from a minor, please contact us at privacy@assetiverse.com.

11. Third-Party Links and Services

11.1 External Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party services you use.

11.2 OAuth and Social Sign-In

When you use OAuth providers (Google, GitHub) to sign in, those providers have their own privacy policies. We only receive the information necessary for authentication.

12. Changes to This Policy

12.1 Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting a notice on the Platform
  • Sending an email to registered users
  • Updating the "Effective Date" at the top of this Policy

12.2 Review

We encourage you to review this Policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated Policy.

12.3 Notice Period

For material changes, we will provide at least 30 days' notice before the changes take effect, except where immediate changes are required by law.

13. Quebec-Specific Rights (Law 25)

13.1 Additional Rights

Under Quebec's Law 25, you have the following additional rights:

  • Right to be informed about automated decision-making affecting you
  • Right to portability of your personal information in a commonly used format
  • Right to be forgotten in search engine results (where applicable)
  • Right to limit the use of your information for purposes other than those for which it was collected

13.2 Privacy by Default

We apply privacy by default settings, meaning:

  • Marketing communications are opt-in
  • Analytics cookies require consent
  • Public profile visibility is limited by default

13.3 Biometric Information

We do not collect biometric information for identification purposes.

13.4 Profiling

We do not engage in profiling that produces legal effects or significantly affects you.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Privacy Officer Agence 10-4 Email: privacy@assetiverse.com

General Inquiries Email: support@assetiverse.com

Security Concerns Email: security@assetiverse.com

We aim to respond to all privacy inquiries within 30 days.

By using the Assetiverse platform, you acknowledge that you have read and understood this Privacy Policy.

Assetiverse is a product of Agence 10-4, a Quebec corporation.