Data Protection Notice

Effective date: October 10, 2025

MAGES Studio Pte Ltd

We ("we", "us") operate VestiaQuest and this website. This notice explains how we collect, use, and protect your personal data in accordance with the Personal Data Protection Act (PDPA).

2. What We Collect

Account & Contact Information

  • Display name
  • Email address (if provided)
  • Phone number (if provided)

Gameplay & Usage Data

  • Session IDs and progress tracking
  • Achievements and in-game actions
  • Crash reports and diagnostics
  • Approximate device information (OS version, model)
  • IP-derived general location data

Support Communications

  • Messages you send us
  • Related metadata and communication history

Minors

If a player is under 13, we request parent/guardian consent; youths 13–17 may consent if the policy is readily understandable.

3. Why We Collect (Purposes)

We collect and process your personal data for the following purposes:

  • To provide and secure the game and related services
  • To analyze user performance and improve gameplay experience
  • To personalize gameplay features and content
  • To maintain and manage user accounts
  • To measure performance and improve features
  • To handle customer support requests
  • To comply with legal requirements and enforce our terms
  • To send updates where you've provided consent

4. Basis of Processing

We primarily rely on consent for processing your personal data. Where permitted by the PDPA (e.g., for security purposes, service provision, research/diagnostics using limited data), we may process data without consent, acting reasonably and notifying you where required.

5. Sharing & Processors

We may use service providers (e.g., cloud hosting, analytics, crash reporting) under contracts that protect personal data and limit use to our instructions. These processors are bound by strict confidentiality and data protection obligations.

6. Retention

We retain personal data only as long as necessary for the purposes above or to meet legal/business requirements, after which we delete or anonymise it in accordance with our data retention policies.

7. Security

Protection Measures

We apply reasonable technical and organisational measures to protect personal data, including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Least-privilege practices
  • Regular security assessments
  • Staff training on data protection

8. Your Choices & Rights

You have the following rights regarding your personal data:

  • Withdraw Consent: You may withdraw consent at any time
  • Access: Request access to your personal data in our possession or control
  • Correction: Request correction of inaccurate personal data
  • Verification: We may require reasonable verification of your identity

To exercise these rights, please contact our Data Protection Officer (DPO).

9. Data Breach Notifications

If a breach that meets PDPA thresholds occurs, we will notify the PDPC within 3 calendar days of assessment and inform affected individuals as soon as practicable.

10. Identification Numbers

We do not collect NRIC/FIN/passport numbers unless required by law or strictly necessary to verify identity to a high degree of accuracy.

12. Contact

Data Protection Officer (DPO)

Dev Bahl
MAGES Studio
dev@magesstudio.com.sg
2 Orchard Link, SCAPE, #05-10, 237978

13. Updates

We may update this Notice from time to time. Material changes will be highlighted on this page and/or in-app to ensure you are aware of any significant updates to our data protection practices.