Privacy Policy

Effective Date: 2/19/2026
Last Updated: 2/19/2026

This Privacy Policy explains how Grand Theft Aliens (“Grand Theft Aliens,” “we,” “us,” “our”) collects, uses, discloses, and protects information about you when you visit or use grandtheftaliens.com and any related pages, forms, membership experiences, events, digital content, or services that link to this Privacy Policy (collectively, the “Services”).

Company/Owner: Grand Theft Aliens
Business Address: Area 51, Nevada, USA
Privacy Contact Email: grandtheftaliens@protonmail.com

If you are in the EEA/UK and we are required to appoint a representative or DPO, those details will be posted here.

We collect information in three ways: (A) information you provide, (B) information collected automatically, and (C) information from third parties.

Depending on how you interact with the Services, you may provide:

• Contact details (e.g., name, email, phone number).
   
• Account or membership details (e.g., username, password, preferences).
   
• Purchases / transactions (e.g., items bought, shipping address). Payment card details are typically collected directly by our payment processor, not stored by us.
   
• Communications (e.g., messages to support, emails, form submissions).
   
• User-generated content (e.g., comments, posts, images, event RSVPs, reviews).
   
• Event/community information (e.g., attendance confirmations, accessibility needs you choose to share).
   

Do not submit sensitive information (e.g., SSN, driver’s license, health details) unless we explicitly request it. If you do, you consent to our processing of that information to respond to you.

When you use the Services, we may automatically collect:

• Device/technical data: IP address, device type, browser, OS, language, time zone.
   
• Usage data: pages viewed, clicks, referring pages, session duration, approximate location (derived from IP), and performance data.
   
• Cookie and similar technology data: identifiers and preferences stored via cookies, pixels, SDKs, local storage, etc.
   

We may receive information from:

• Service providers we use (e.g., hosting, security, analytics, email delivery, payments, customer support tools).
   
• Social media platforms if you interact with our pages or use social sign-in (subject to their settings).
   
• Partners involved in joint promotions or events.
   

We use information to:

1. Provide and operate the Services (content delivery, accounts, membership access, event RSVPs).
    
2. Process transactions and deliver purchases (if applicable).
    
3. Communicate with you (support responses, service updates, confirmations).
    
4. Personalize your experience (preferences, content recommendations).
    
5. Marketing and promotions (newsletters, announcements). You can opt out anytime.
    
6. Analytics and improvement (understanding usage, debugging, performance).
    
7. Security, fraud prevention, and abuse detection (protecting the Services, enforcing rules, preventing malicious behavior).
    
8. Legal compliance (responding to lawful requests, protecting rights and safety).
    

Where GDPR/UK GDPR applies, we process personal data under these lawful bases (as applicable):

• Contract (to provide Services you request)
   
• Legitimate interests (security, fraud prevention, improving Services, basic analytics)
   
• Consent (marketing emails; certain cookies/targeted advertising where required)
   
• Legal obligation (tax, accounting, responding to lawful requests)
   

We provide transparency consistent with GDPR Articles 13/14 and UK ICO guidance. 

We use cookies and similar technologies for:

• Strictly necessary functions (site security, load balancing, login/session management)
   
• Preferences (language, settings)
   
• Analytics (understanding usage and improving performance)
   
• Advertising/measurement (if enabled)
   

• Where required by law, we use a cookie banner/consent tool to collect and store your preferences.
   
• You can also control cookies through browser settings. Blocking some cookies may impact site functionality.
   

We do not share personal information except as described here:

We share information with vendors who perform services for us, such as:

• Hosting/CDN and security (e.g., DDoS protection, bot mitigation)
   
• Analytics providers
   
• Email and communications tools
   
• Payment processors (if you purchase)
   
• Customer support tools
   
• Event/community tools (RSVP management)
   

They are authorized to use personal information only as needed to provide services to us and must protect it.

We may disclose information if we believe it is necessary to:

• comply with law, regulation, legal process, or governmental request;
   
• enforce our terms/policies;
   
• protect our rights, property, users, or the public; or
   
• detect/prevent fraud, security incidents, or malicious activity.
   

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.

We may share information if you request or direct us to do so (e.g., social sharing features).

We do not sell personal information for money.

However, some privacy laws define “sale” or “sharing” broadly to include certain online advertising/analytics activities (e.g., cross-context behavioral advertising). If we use these tools, you can opt out as described below.

You may opt out of targeted advertising by:

• Using our cookie preference tool (if available), and/or
   
• Enabling browser-based opt-out signals where supported (including Global Privacy Control (GPC)), and/or
   
• Emailing us at [privacy@grandtheftaliens.com] with the subject “Opt-Out of Targeted Advertising.”
   

We keep personal information only as long as necessary for the purposes described in this policy, including:

• Account/membership data: retained while active; then deleted or de-identified within [30–180] days unless required longer by law.
   
• Transaction records: retained for tax/accounting/legal obligations (typically [5–7] years).
   
• Security logs: retained for a limited period (typically [30–180] days) unless needed to investigate abuse or comply with law.
   
• Marketing lists: retained until you unsubscribe or we determine the list is inactive.
   

Retention may be extended where necessary to resolve disputes, enforce agreements, or comply with law.

We use administrative, technical, and physical safeguards designed to protect information, such as:

• TLS/HTTPS in transit
   
• Access controls and least-privilege permissions
   
• Monitoring, logging, and rate limiting
   
• Bot detection and abuse prevention
   
• Backup and recovery practices
   
• Vendor due diligence for key processors
   

No system is 100% secure. You are responsible for maintaining the confidentiality of your login credentials and for any activity under your account.

If you access the Services from outside the country where our servers/providers are located, your information may be transferred internationally. Where required (e.g., EEA/UK), we use appropriate safeguards such as Standard Contractual Clauses and/or other lawful transfer mechanisms.

You may have the right to:

• Access, correct, or delete your personal data
   
• Object to or restrict processing
   
• Data portability
   
• Withdraw consent (where processing is based on consent)
   
• Lodge a complaint with your supervisory authority
   

We provide required notice elements consistent with UK ICO guidance and GDPR transparency obligations. 

Depending on your state of residence and our activities, you may have rights such as:

• Access/confirm processing
   
• Delete
   
• Correct
   
• Obtain a copy (portability)
   
• Opt out of targeted advertising, certain profiling, and certain data sharing
   

By 2026, many states have comprehensive privacy laws in effect (and more continue to come online). We honor valid requests where required. 

California requires a “notice at collection” describing categories of personal information collected and purposes.
Categories we may collect (depending on how you use the Services):

• Identifiers (name, email, IP address)
   
• Commercial information (purchases, if any)
   
• Internet/network activity (pages viewed, clicks, cookie IDs)
   
• Geolocation (approximate location from IP)
   
• Audio/visual (if you submit media)
   
• Inferences (preferences, basic interest signals based on usage)
   

Purposes:

• Provide/operate Services, support, communications
   
• Security, fraud prevention, debugging
   
• Analytics and improvement
   
• Marketing (with choices/consent where required)
   
• Legal compliance
   

Retention: See Section 8.
Sensitive Personal Information: We do not intentionally collect “sensitive personal information” as defined by CPRA unless you choose to provide it; if collected, we use it only as permitted by law and for necessary purposes.

How to submit a request: Email [privacy@grandtheftaliens.com] with “Privacy Request” in the subject, or use [Request Form URL]. We may need to verify your identity.

Authorized agents: California residents may use an authorized agent subject to verification and proof of authorization.

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take steps to delete it.

If you are in a jurisdiction with a higher digital consent age, we follow applicable law.

The Services may link to or embed third-party sites (e.g., social media, video platforms, ticketing/event platforms). Your interactions with those third parties are governed by their privacy policies, not ours.

We may update this Privacy Policy from time to time. We will update the “Last Updated” date and, where required, provide additional notice (e.g., banner or email for material changes).

Questions or requests:
Email: grandtheftaliens@protonmail.com