Privacy Policy

Last updated 30 April 2026

This policy explains how CLTR DMG AB handles personal data on superstarlegacy.com. We have tried to keep it short and honest. If anything is unclear, write to hello@superstarlegacy.com.

Who is the controller

The data controller is CLTR DMG AB, a Swedish private limited company registered in Stockholm, Sweden and founded in 2024. We make Superstar Legacy, a mobile game that is currently in development and has not yet been released. This policy covers the marketing website only. The mobile game will have its own privacy disclosure at launch.

What we collect

On this website we collect two things and nothing more:

• The email address you enter into the waitlist form, when you voluntarily submit it.
• Technical request metadata that is unavoidable when serving a website: IP address, user agent, timestamps, and the URL requested. This is logged briefly by our hosting provider and CDN for reliability and security.

We do not run Google Analytics, Meta Pixel, advertising trackers, or any third-party retargeting on this site. There are no user accounts and no payments here.

Legal bases (GDPR Article 6)

We process your email on the basis of your consent (Art. 6(1)(a) GDPR), given when you submit the waitlist form. We process technical request metadata on the basis of legitimate interest (Art. 6(1)(f) GDPR) for the purpose of operating a secure and reliable website.

Who processes data on our behalf

We use a small number of service providers, called processors under GDPR. Each is bound by a data processing agreement.

• Specific — our managed hosting platform. Serves the website and stores waitlist submissions.
• Cloudflare — CDN and security layer in front of the site. May process IP addresses for bot mitigation and DDoS protection.

We do not use Google Analytics, Meta / Facebook Pixel, advertising networks, or marketing automation tools on this site.

How long we keep data

We keep your waitlist email until we send you an invite to the game, or until you ask us to delete it — whichever comes first. Technical request logs are retained for a short period (typically up to 30 days) by our hosting provider and CDN for security purposes.

Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected (rectification);
• have your data erased (right to be forgotten);
• restrict how we process your data;
• receive your data in a portable format (data portability);
• object to processing based on legitimate interest;
• withdraw your consent at any time, with no penalty;
• lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY) — imy.se.

To exercise any of these rights, email hello@superstarlegacy.com. We will respond within 30 days.

International transfers

Our processors operate globally distributed infrastructure, which can mean data is processed outside the EU/EEA. Where this happens, we rely on the European Commission's Standard Contractual Clauses and additional safeguards offered by the processor to protect your data.

Children

This website is not directed at children. We do not knowingly collect data from anyone under the age of 16. If you believe a child has submitted their email here, contact us and we will delete it.

Changes to this policy

We may update this policy as the product evolves or the law changes. The “last updated” date at the top will reflect any revision. Material changes will be communicated to waitlist subscribers by email.

Contact

CLTR DMG AB
Stockholm, Sweden
hello@superstarlegacy.com