Data Processing Agreement
Last Updated: June 9, 2026. This Data Processing Agreement ("DPA") forms part of the agreement between Real Dudes LLC ("BlackGuard", "Processor") and the server operator ("Controller") who deploys BlackGuard's services on their game server. It governs how BlackGuard processes personal data on the Controller's behalf in accordance with the UK GDPR, EU GDPR, and applicable data protection legislation.
1. Definitions
- "Controller" — the game server operator who deploys the BlackGuard software and determines the purposes and means of processing player data.
- "Processor" — Real Dudes LLC / BlackGuard, acting on the Controller's instructions to provide anti-cheat detection services.
- "Data Subjects" — players who connect to the Controller's game server.
- "Personal Data" — any information relating to an identified or identifiable natural person, including IP addresses, hardware identifiers (HWIDs), and gameplay telemetry.
- "Services" — the BlackGuard anti-cheat detection platform, including the in-game resource, dashboard, and supporting infrastructure.
2. Roles and Responsibilities
The Controller determines why and how player personal data is collected and processed on their server. BlackGuard acts solely as a Processor and processes personal data only on the documented instructions of the Controller (i.e., providing the Services as described in the subscription agreement).
The Controller is responsible for ensuring they have a lawful basis for processing player data and for informing players that BlackGuard's software is active on their server.
3. Categories of Personal Data Processed
In providing the Services, BlackGuard may process the following categories of personal data on the Controller's behalf:
- IP addresses and connection metadata.
- Hardware identifiers (HWID, system fingerprint data).
- In-game behavioural telemetry (movement, positional data, action timing) used for detection analysis.
- Session logs (connection times, session duration, server ID).
- Detection event records and associated risk scores.
- Game-render screenshots captured when a player is flagged by behavioural analysis, for the purpose of detecting unauthorised visual tools or performance-assist software. Screenshots capture only the game window/render output — never the player's desktop, other applications, browser windows, or personal files. These images are processed by automated systems and retained for a maximum of 14 days before permanent deletion.
BlackGuard does not process payment data, government identifiers, health data, or any special categories of personal data as defined under GDPR Article 9.
4. Purpose and Legal Basis for Processing
BlackGuard processes personal data solely to provide the anti-cheat detection, session monitoring, and ban management features that comprise the Services. Processing is carried out only on the Controller's instructions. BlackGuard will not process personal data for any other purpose without the Controller's prior written consent, except where required by law.
5. Sub-Processors
BlackGuard uses the following third-party sub-processors to deliver the Services. By entering into this DPA, the Controller provides general authorisation for the use of these sub-processors:
- Supabase Inc. — database and authentication infrastructure. Data is stored in encrypted, access-controlled environments. Supabase operates under its own Privacy Policy and DPA.
BlackGuard will notify the Controller of any intended addition or replacement of sub-processors, giving the Controller the opportunity to object on reasonable data-protection grounds.
6. Security Measures
BlackGuard implements and maintains appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include:
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Access controls and least-privilege principles for all staff.
- Regular security reviews and vulnerability assessments.
- Hashing and pseudonymisation of hardware identifiers before storage.
7. Data Subject Rights
Where a player (Data Subject) exercises a right under applicable data protection law — such as the right of access, erasure, rectification, or restriction — the Controller is responsible for responding to that request. BlackGuard will assist the Controller by providing the technical means to retrieve, correct, or delete data held in connection with a specific player identifier, upon reasonable written request.
Requests should be submitted to support@blackguardac.com.
8. Data Retention and Deletion
Personal data processed by BlackGuard on the Controller's behalf is retained for the duration of the active subscription or as required by the Controller's instructions. Upon termination of the subscription, BlackGuard will, at the Controller's election, delete or return all personal data within 30 days, unless retention is required by applicable law.
9. International Data Transfers
Personal data may be transferred to and processed in countries outside the UK/EEA as part of our infrastructure (including Supabase). All such transfers are carried out in accordance with applicable data transfer requirements, including Standard Contractual Clauses where applicable.
10. Data Breach Notification
In the event BlackGuard becomes aware of a personal data breach affecting data processed under this DPA, BlackGuard will notify the Controller without undue delay and in any event within 72 hours of becoming aware, providing sufficient information to allow the Controller to meet their own notification obligations under GDPR.
11. Audit Rights
BlackGuard will make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA and will permit and contribute to audits conducted by the Controller or a mandated third-party auditor, subject to reasonable advance notice and reasonable confidentiality protections.
12. Governing Law
This DPA is governed by the laws of England and Wales, consistent with the Terms of Service. Nothing in this DPA limits mandatory data protection rights under the EU GDPR where applicable to Controllers in the European Economic Area.
13. Contact
For questions about this DPA, data processing practices, or to submit a data subject request, contact Real Dudes LLC / BlackGuard at support@blackguardac.com.
This DPA is a template and is provided for informational purposes. Server operators with specific compliance requirements are advised to seek independent legal advice.