SForest

Privacy Notice

Privacy Notice

Effective Date: April 10, 2026
Jurisdiction: State of Washington, United States
Last Updated: April 10, 2026

1. Introduction

This Privacy Notice ("Notice") describes how Slumbering Forest LLC ("SForest," "we," "us," or "our") collects, uses, discloses, and protects personal information from users, merchants, developers, and other parties ("you" or "users") who access or use the SForest platform ("Platform").

SForest is committed to protecting your privacy and ensuring transparency about our data practices. This Notice applies to all interactions with the Platform, including web stores, merchant dashboards, APIs, and SDK integrations.

For California residents: This Notice includes specific disclosures required under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). See Section 7 below.

2. Data We Collect

2.1 Personal Information

We collect the following personal information directly from you:

Account Registration Information:

  • Full name
  • Email address
  • Phone number
  • Physical address
  • Date of birth (to verify 18+ age requirement)
  • Username and password (encrypted)
  • Company name and business registration information (for Merchants)

Financial Information:

  • Payment method details (processed by third-party payment processors; we do not store full credit card numbers)
  • Billing address
  • Tax identification numbers (for Merchants)
  • Bank account information (for Merchant payouts; processed via payment processors)
  • Transaction history and purchase records

Identification and Compliance Information:

  • Government-issued identification documents (for Merchant KYC/AML verification)
  • Proof of business licenses or gaming licenses
  • Beneficial ownership information (for AML compliance)

Communication Information:

Account Activity Information:

  • Login credentials and authentication logs
  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Account settings and preferences
  • Two-factor authentication data (if enabled)

2.2 Derivative Information

We automatically collect information about your interactions with the Platform:

Usage Data:

  • Pages visited and time spent on each page
  • Features used and functionality accessed
  • API calls and SDK integration patterns
  • Search queries
  • Platform performance metrics
  • Device and browser information

Transaction Data:

  • Digital content purchased
  • Virtual items acquired
  • Games accessed
  • Transaction amounts and timestamps
  • Payment method used (category only, not full payment details)
  • Refund requests and dispute history
  • Chargeback and fraud incident reports

Location Data:

  • IP-derived location (city/state/country level)
  • Merchant business jurisdiction
  • User access location
  • Geolocation data (if you grant permission)

Technical Data:

  • Cookies and similar tracking technologies
  • Web beacons and pixel tags
  • Session identifiers
  • Log files
  • Analytics data

2.3 Financial Information

Direct Collection:

  • Banking details for Merchant payouts
  • Tax withholding information
  • Financial account information for compliance verification

Payment Processor Collection:

  • Payment method information is collected directly by third-party processors (Square, Stripe, etc.)
  • SForest receives only transaction confirmation and settlement data, not full payment credentials
  • Processors are responsible for PCI DSS compliance and cardholder data security

2.4 Special Categories of Data (if applicable)

We do not intentionally collect sensitive personal information such as:

  • Race or ethnicity
  • Religious beliefs
  • Health or medical information
  • Biometric data
  • Sexual orientation or gender identity

However, if you voluntarily provide such information in forum posts, feedback, or communications, we will handle it according to this Notice.

3. How We Use Your Data

3.1 Platform Operations and Service Delivery

We use your information to:

  • Create and maintain your account
  • Process transactions and payments
  • Deliver digital content and services
  • Provide customer support
  • Respond to inquiries and requests
  • Send transactional communications (order confirmations, receipts, account alerts)
  • Verify your identity and age (18+ requirement)
  • Comply with AML/KYC requirements for Merchants

3.2 Product Improvement and Analytics

We use data to:

  • Understand how you use the Platform
  • Optimize Platform features and user experience
  • Conduct analytics and statistical analysis
  • Identify usage trends and patterns
  • Test new features and functionality
  • Improve Platform performance and reliability
  • Develop new products and services

3.3 Marketing and Communications

We use your information to:

  • Send promotional emails (with your consent)
  • Notify you of Platform updates, features, or service changes
  • Conduct surveys and collect feedback
  • Personalize your experience
  • Display targeted advertising
  • Conduct A/B testing on marketing materials

You may opt out of marketing communications at any time by clicking "Unsubscribe" in any marketing email or updating your account preferences.

We use data to:

  • Comply with applicable laws and regulations
  • Enforce these terms and other agreements
  • Investigate fraud, abuse, and violations
  • Protect intellectual property rights
  • Respond to legal requests and subpoenas
  • Implement AML/KYC and sanctions screening
  • Maintain compliance with gaming regulations (for iGaming Merchants)
  • Prevent money laundering and financial crimes
  • Monitor for suspicious transactions and patterns

3.5 Safety and Security

We use information to:

  • Detect and prevent fraud and unauthorized access
  • Identify suspicious account activity
  • Protect against malware and security threats
  • Implement security measures
  • Investigate security incidents
  • Pursue legal remedies for security breaches

3.6 Business Operations

We use data to:

  • Generate business reports and analytics
  • Create anonymized and de-identified datasets
  • Monitor system performance
  • Plan capacity and infrastructure
  • Manage vendor relationships
  • Conduct internal audits

In the United States, we process your personal information based on:

4.1 Contract Performance

  • To perform the terms of service and fulfill your requests
  • To process payments and provide access to digital content
  • To maintain and support your account

4.2 Legitimate Interests

  • To improve Platform functionality and user experience
  • To conduct analytics and understand usage patterns
  • To market our services and conduct surveys
  • To protect against fraud and maintain security
  • To comply with legal and regulatory obligations
  • To enforce our terms and agreements
  • For marketing communications (which require opt-in or consent)
  • For certain tracking technologies (cookies, web beacons)
  • For non-essential data collection beyond service delivery
  • To comply with AML/KYC requirements
  • To respond to law enforcement requests
  • To comply with data retention and reporting requirements
  • To enforce court orders or legal judgments

4.5 Vital Interests

  • To protect your safety and security
  • To prevent fraud and illegal activity

5. Data Sharing and Disclosure

5.1 When We Share Your Data

We share your information in the following circumstances:

Payment Processors:

  • Your payment information is shared with third-party payment processors (Square, Stripe, Citcon, 寻汇, Future, Payssion, etc.) to process transactions
  • Processors handle payment data according to their privacy policies and PCI DSS standards

Service Providers:

  • Cloud infrastructure providers (data hosting and storage)
  • Analytics providers (Google Analytics, Mixpanel, etc.)
  • Email service providers (for transactional and marketing emails)
  • Customer support platforms
  • Fraud detection and prevention services
  • KYC/AML compliance providers

Merchants:

  • Your name, email, and transaction details are shared with Merchants whose products/games you purchase
  • Merchants receive only information necessary to deliver their services
  • Merchants are required to follow their own privacy policies

Business Partners:

  • Affiliated platforms or partners (with your consent or as necessary for service delivery)
  • Strategic partners for product integration or enhancement

Legal and Regulatory Authorities:

  • Law enforcement (with legal process: subpoena, warrant, court order)
  • Regulatory authorities (gaming regulators, financial regulators, tax authorities)
  • Government agencies (national security, sanctions enforcement)
  • Attorneys and courts (in litigation or dispute resolution)

Business Transfers:

  • In the event of merger, acquisition, bankruptcy, or sale of assets
  • Your data may be transferred to the acquiring entity
  • We will provide notice if a material change in data practices results

Anonymized and Aggregated Data:

  • We may share de-identified, anonymized data with third parties for analytics, research, and business intelligence
  • This data cannot be used to identify you

5.2 Data Sharing Restrictions

We do NOT share your information with:

  • Third parties for their marketing purposes (without your consent)
  • Data brokers or data aggregators
  • Unaffiliated companies for their own business purposes
  • Any party that does not agree to maintain confidentiality

5.3 International Data Transfers

If you are outside the United States, your data may be transferred to, processed, and stored in the United States. By using the Platform, you consent to such transfers. US data protection laws may differ from those in your jurisdiction.

6. Cookies, Tracking, and Similar Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device that identify your browser and store preferences or tracking information. We use cookies to enhance user experience and conduct analytics.

6.2 Types of Cookies We Use

Essential Cookies:

  • Session identifiers (required for account login)
  • Authentication tokens
  • Security cookies (fraud detection, CSRF protection)
  • Load balancing and performance cookies

Performance and Analytics Cookies:

  • Google Analytics (usage patterns, traffic sources)
  • Mixpanel (feature usage, user journey tracking)
  • Hotjar (session recording, heatmaps)
  • CloudFlare analytics

Functional Cookies:

  • Language preferences
  • Account settings
  • Theme preferences (dark mode, etc.)
  • Accessibility settings

Targeting and Advertising Cookies:

  • Google Ads (remarketing)
  • Facebook Pixel (conversion tracking)
  • LinkedIn Ads (B2B targeting)
  • Third-party ad networks

6.3 Third-Party Cookies

Third-party platforms may place cookies through the Platform:

  • Google Analytics: Tracks usage and traffic sources
  • Payment Processors: Track transaction completion
  • Ad Networks: Enable targeted advertising
  • Social Media Platforms: Allow social login and sharing

You can control cookies through:

  • Browser Settings: Most browsers allow you to block or delete cookies
  • Cookie Preference Center: Adjust cookie settings on the Platform
  • Opt-Out Tools: Third-party opt-out services for ad networks
  • Do Not Track: If your browser sends DNT signals, we attempt to honor them

Note: Disabling essential cookies may impair Platform functionality.

6.5 Other Tracking Technologies

We use:

  • Web Beacons: Invisible pixels tracking page visits and email opens
  • Pixel Tags: Similar to beacons; used in emails and marketing
  • Log Files: Server logs recording IP addresses and access patterns
  • Analytics SDKs: Code integrated into Platform measuring user behavior

7. Your Rights and Privacy Controls

7.1 US Consumer Rights (General)

All US residents have the right to:

  • Know what personal information we collect and how it is used
  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Opt out of certain uses (marketing, profiling, analytics)
  • Data portability (receive data in usable format)

7.2 California Consumer Rights (CCPA/CPRA)

California residents have the following rights:

Right to Know:

  • You may request what personal information SForest collects, uses, shares, and sells
  • We will provide this information within 45 days (extendable to 90 days)
  • Requests are free (except for excessive or frivolous requests)

Right to Delete:

  • You may request deletion of personal information collected from you
  • Exceptions include data necessary to complete transactions, prevent fraud, or comply with law
  • Deletion requests must be verified; we may request additional information to confirm your identity

Right to Correct:

  • You may request correction of inaccurate personal information
  • We will make reasonable efforts to correct data within 45 days

Right to Opt Out:

  • You may opt out of the "sale" or "sharing" of personal information (if applicable)
  • You may opt out of targeted advertising
  • You may opt out of automated decision-making and profiling

Right to Limit Use:

  • You may limit our use of your information to purposes necessary to provide services
  • We may still use data for compliance, security, and fraud prevention

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your privacy rights
  • We will not deny services, charge higher prices, or provide worse service based on rights exercise

Exercising California Rights:

  • Submit requests to: [email protected]
  • Include "California Privacy Request" in subject line
  • Provide sufficient information for verification
  • You may designate an authorized agent to submit requests

Minors' Rights (Under 16):

  • SForest does not intentionally collect data from minors
  • If you discover a minor's account, contact [email protected] immediately
  • Minors may request deletion of data collected

7.3 Other State Privacy Laws

Residents of Colorado, Connecticut, Delaware, Indiana, Iowa, Maine, Montana, Nevada, New Hampshire, Tennessee, Utah, and Virginia may have similar rights under their state privacy laws, including:

  • Right to access and portability
  • Right to delete (subject to exceptions)
  • Right to correct inaccurate data
  • Right to opt out of processing for targeted advertising, profiling, and automated decision-making
  • Right to limit use to necessary purposes

We comply with these laws as applicable. To exercise rights, contact [email protected].

7.4 EU/UK Rights (for EU/UK residents)

If you are in the European Union, European Economic Area, or United Kingdom:

  • You have rights under GDPR (EU/EEA) or UK Data Protection Act 2018
  • Rights include access, rectification, erasure, restriction, portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge complaints with regulatory authorities
  • Right to legal remedies

Contact [email protected] for GDPR/UK DPA requests.

7.5 Canadian Rights (for Canadian residents)

If you are in Canada:

  • You have rights under PIPEDA (federal) and provincial privacy laws
  • Right to access your personal information
  • Right to request correction of inaccurate data
  • Right to request deletion (subject to legal holds)
  • Right to opt out of marketing and profiling
  • Right to request information about how data is used

Contact [email protected] for Canadian privacy requests.

7.6 Account Settings and Preferences

You can control some data practices through your account:

  • Update account information anytime
  • Adjust marketing communication preferences
  • Modify cookie preferences through our Cookie Preference Center
  • Delete your account (data deletion subject to legal retention requirements)
  • Download your data in portable format

8. Children's Privacy

8.1 Age Restriction

SForest does not knowingly collect personal information from anyone under 18 years of age. The Platform is restricted to users 18+ per our Terms of Service.

8.2 Parental Involvement

If a parent or guardian discovers that a minor has created an account or provided personal information:

  • Contact [email protected] immediately
  • We will investigate and delete the minor's data
  • No further contact will be made to the minor without parental consent

8.3 No Targeted Marketing to Minors

We do not:

  • Deliberately market to children under 18
  • Use behavioral tracking targeting minors
  • Collect data from minors for profiling
  • Sell minors' personal information

9. Data Security

9.1 Security Measures

SForest implements industry-standard security measures to protect your information:

  • Encryption in Transit: HTTPS/TLS encryption for all data transmission
  • Encryption at Rest: AES-256 encryption for stored sensitive data
  • Access Controls: Role-based access; least privilege principle
  • Authentication: Strong password requirements; optional two-factor authentication (2FA)
  • Firewalls and Intrusion Detection: Network-level protection
  • Regular Security Audits: Third-party penetration testing and security assessments
  • Data Minimization: We collect only necessary information
  • Vendor Security: Third-party providers must meet security standards

9.2 Limitations on Security

While we implement comprehensive security measures, no system is completely secure. We cannot guarantee absolute protection against unauthorized access, data breaches, or cyberattacks. You are responsible for maintaining password confidentiality and account security.

9.3 Data Breach Notification

In the event of a confirmed data breach affecting your personal information:

  • We will notify you without unreasonable delay
  • Notification will include details of the breach, affected data, and protective steps taken
  • We will comply with all applicable data breach notification laws
  • We will cooperate with law enforcement and regulatory authorities

10. International Data Transfers

10.1 US Data Storage

Your personal information is collected, processed, and stored primarily in the United States. By using the Platform, you authorize transfer of your data to the US.

10.2 US Privacy Laws vs. EU/International Standards

US data protection laws differ from GDPR, CCPA, and other international laws:

  • The US does not offer equivalent data protection to GDPR
  • US government agencies may access data (with legal process)
  • The US does not restrict data transfers to third countries as GDPR does

10.3 Standard Contractual Clauses

For international transfers, SForest may use:

  • Standard Contractual Clauses (SCCs) per GDPR Article 46
  • Adequacy decisions (where applicable)
  • Your informed consent to transfer

11. Data Retention

11.1 Retention Periods

We retain personal information based on:

Account Data:

  • Retained while your account is active
  • Retained 3 years after account deletion (for compliance and dispute resolution)

Transaction and Financial Data:

  • Retained 7 years (per IRS and state tax requirements)
  • Retained 10 years if you request a dispute or chargeback
  • Longer if required by law or for litigation

Marketing Data:

  • Retained until you unsubscribe or opt out
  • Deleted upon request

Cookies and Tracking Data:

  • Retained per cookie policy (typically 13 months)
  • Essential cookies retained for session duration

Support and Communication Data:

  • Retained 2 years for reference and dispute resolution
  • Deleted upon request (if no pending dispute)

Compliance and Legal Data:

  • Retained as required by law (AML/KYC records: 5 years minimum)
  • Retained for litigation, claims, or regulatory investigations
  • Not deleted while legal proceedings are pending

11.2 Deletion Upon Request

You may request deletion of your personal information subject to:

  • Legal obligations to retain data
  • Ongoing disputes, chargebacks, or investigations
  • Tax and financial record requirements
  • Active litigation or regulatory proceedings

We will delete data within 30 days of your request (unless exceptions apply).

The Platform may contain links to third-party websites and services. This Privacy Notice applies only to SForest services. Third-party sites have their own privacy policies:

  • SForest is not responsible for third-party data practices
  • We recommend reviewing third-party privacy policies before sharing information
  • Links do not constitute endorsement of third-party practices

13. Privacy for Merchants and Developers

13.1 Merchant-Specific Data Practices

Merchants receive:

  • User contact information (for account verification and support)
  • Transaction details and purchase records
  • Payment information category (card type, last 4 digits, not full payment data)
  • Refund and dispute history

Merchants are required to:

  • Maintain confidentiality of User data
  • Use data only for service delivery
  • Comply with applicable privacy laws
  • Not resell or share User data

13.2 Data Processing Agreement

Merchants who process User personal information are subject to SForest's Data Processing Agreement (https://sforest.io/legal/data-processing-agreement).

14. Contact Information and Requests

14.1 Privacy Inquiries

For questions about this Privacy Notice or our data practices:

Slumbering Forest LLC
Privacy Officer
Email: [email protected]
Website: https://sforest.io

Mailing Address:
1420 5TH AVE STE 2200
SEATTLE, WA 98101-1346

14.2 Privacy Requests

To exercise privacy rights (access, deletion, correction, opt-out):

  • Email: [email protected]
  • Subject: "Privacy Request - [Your Request Type]"
  • Include: Your full name, account email, and specific request details
  • Provide sufficient information for identity verification

14.3 Authorized Agents

You may authorize another person or legal representative to submit requests on your behalf. Authorized agents must:

  • Provide proof of authorization (power of attorney, signed letter)
  • Verify the consumer's identity independently
  • Submit requests with both their and the consumer's information

15. Regulatory Compliance

15.1 AML/KYC Compliance

For Merchants offering real-money gaming or financial services:

  • We collect identification information to comply with anti-money laundering (AML) laws
  • Know Your Customer (KYC) verification is conducted by third-party compliance providers
  • Data is retained for 5 years per regulatory requirements
  • Information may be shared with FinCEN, state gaming boards, and regulatory authorities

15.2 Export Controls and Sanctions

  • We conduct sanctions screening for all users and transactions
  • Data may be shared with OFAC (Office of Foreign Assets Control)
  • We comply with US export control regulations
  • Users from sanctioned countries or persons on sanctions lists are prohibited

15.3 Gaming Regulations

For Merchants offering real-money gaming:

  • We collect and verify gaming licenses and certifications
  • Data may be shared with state and federal gaming regulators
  • We maintain records of gaming compliance for 10 years
  • Responsible gaming data is collected and maintained per regulations

16. Updates to This Privacy Notice

16.1 Changes to Privacy Practices

SForest may update this Privacy Notice at any time. Changes will be posted on the Platform with an updated "Last Updated" date.

16.2 Material Changes

For material changes affecting your rights or data use:

  • We will notify you via email to your registered address
  • We will provide 30 days' notice before changes take effect
  • Continued use of the Platform after the effective date constitutes acceptance

16.3 Your Right to Reject Changes

If you do not agree with changes to this Privacy Notice:

  • You may request deletion of your account
  • We will delete your data per retention requirements
  • Your privacy rights remain governed by the Privacy Notice in effect at the time we collected your data

17. Supplemental Information by State

17.1 California-Specific Disclosures (CCPA/CPRA)

Categories of Personal Information Collected:

  • Identifiers (name, email, username, phone, address, IP address)
  • Commercial information (transaction history, purchase records)
  • Biometric information (if voluntarily provided; not intentionally collected)
  • Internet activity (cookies, browsing history, interactions)
  • Geolocation data (IP-derived, not GPS)
  • Sensory information (communications, support tickets)
  • Professional/employment information (for Merchants)
  • Education information (if voluntarily provided)
  • Inferences (profiling, preferences, behavior predictions)

CCPA "Sale" and "Sharing" Disclosures:

  • SForest does not "sell" personal information as defined by CCPA
  • SForest may "share" personal information for cross-context behavioral advertising (Google Ads, Facebook Pixel)
  • You may opt out of targeted advertising via Do Not Sell My Personal Information link on the Platform

Service Provider Designation:

  • Payment processors and analytics providers are "service providers" under CCPA
  • These vendors are contractually restricted from using data for purposes other than providing services

17.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Other State Laws

For residents of Virginia, Colorado, Connecticut, Delaware, Indiana, Iowa, Maine, Montana, Nevada, New Hampshire, Tennessee, Utah, and other states with privacy laws:

  • You have rights to access, correct, delete, and port your personal information
  • You have the right to opt out of processing for targeted advertising and automated decision-making
  • SForest complies with all applicable state privacy laws
  • Use the same contact methods ([email protected]) to exercise rights

18. Data Subject Rights Summary Table

RightAvailabilityHow to Exercise
AccessAll US residents[email protected]
DeletionAll US residents (with exceptions)[email protected]
CorrectionAll US residents[email protected]
PortabilityCA, VA, CO, CT, DE, IN, IA, ME, MT, NV, NH, TN, UT[email protected]
Opt-Out (Marketing)All US residentsEmail unsubscribe link or account settings
Opt-Out (Targeted Ads)All US residentsCookie preference center or Do Not Sell link
Opt-Out (Profiling)CA, VA, CO, CT, and other states[email protected]
Non-DiscriminationCA, VA, CO, CT, and other statesAutomatic; contact [email protected] if denied
Authorized AgentCA, VA, CO, CT, and other statesSubmit with POA and identity verification

By accessing and using the SForest Platform, you acknowledge that:

  • You have read and understood this Privacy Notice
  • You consent to the data practices described herein
  • You understand the risks of data transmission and storage
  • You consent to data transfers outside your jurisdiction (if applicable)
  • You authorize SForest to process your personal information as described

Contact Information

Slumbering Forest LLC
Privacy Officer
1420 5TH AVE STE 2200
SEATTLE, WA 98101-1346
Email: [email protected]
Website: https://sforest.io

Last Updated: April 10, 2026
Slumbering Forest LLC © 2026. All Rights Reserved.