Logo
HomeAbout Products PricingSolutions Resources

GDPR Compliance Statement

1. Introduction

This GDPR Compliance Statement applies specifically to users and clients within the European Economic Area (EEA), United Kingdom, and Switzerland. It supplements the Eagle 3D Streaming Privacy Policy and outlines our approach to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

Eagle 3D Streaming ("we," "us," "our," or "Eagle 3D") is committed to protecting the privacy and fundamental rights of individuals within the European Union. This document details the specific measures, legal bases, and individual rights available under the GDPR.

Important Note: Full compliance with the GDPR through a customized Enterprise plan is available to clients requiring strict regulatory adherence. Self-Serve plans operate under a standard data governance framework and may not meet all GDPR requirements out-of-the-box.

2. Key Roles: Data Controller and Data Processor (Art. 4, 24-28 GDPR)

In accordance with data protection laws like the GDPR, it is essential to define the roles and responsibilities concerning personal data. Eagle 3D Streaming operates under a dual-role model depending on the context of the data:

Eagle 3D Streaming as a Data Controller: We act as the Data Controller for the personal information we collect directly from you to establish and manage your customer relationship with us. This includes information used for account creation, billing, customer support, marketing communications, and platform administration. As the Controller for this data, we determine the purposes and means of its processing.
Eagle 3D Streaming as a Data Processor: We act as the Data Processor for any content, applications, and end-user data that you (or your organization) upload, stream, or otherwise process through our platform. This includes Unreal Engine application files, project data, session logs, and any personal data belonging to your end-users or contained within your applications. In this context, you (or your organization) are the Data Controller. We process this data strictly according to your instructions as embodied in your use of the Service, our Terms of Service, and, for Enterprise clients, a signed DPA.
Data Processing Agreements (Art. 28 GDPR): We have concluded data processing agreements (DPAs) with all sub-processors that process EU personal data. These are contracts mandated by data privacy laws that guarantee they process personal data only based on our instructions and in compliance with the GDPR.

3. Legal Bases for Processing (Art. 6 GDPR)

We process personal data only when we have a valid legal basis under Article 6 of the GDPR:

Purpose of UseCategories of Information InvolvedLegal Basis (Art. 6)
To Provide and Operate the ServicesIdentity, Contact, Account, Operational, Technical(1)(b) Performance of a contract
To Process Payments and InvoicingBilling and Payment Data(1)(b) Performance of contract; (1)(c) Legal obligation
To Secure and Protect Our ServicesAll categories, as necessary(1)(f) Legitimate interests; (1)(c) Legal obligation
To Communicate with YouIdentity, Contact, Communications(1)(b) Contract; (1)(f) Legitimate interests; (1)(a) Consent
To Improve and Develop Our ServicesTechnical, Usage, Operational(1)(f) Legitimate interests (business improvement)
To Comply with Legal and Regulatory ObligationsAll categories, as required(1)(c) Legal obligation

4. International Data Transfers (Chapter V GDPR)

Eagle 3D Streaming is a cloud-agnostic platform. To provide global, low-latency streaming, your data may be stored and processed in data centers located in various countries, including the United States and within the European Economic Area (EEA).

When personal data originating from the EEA, UK, or Switzerland is transferred to countries not deemed to provide an adequate level of data protection (Art. 45 GDPR), we implement appropriate safeguards as required by Art. 46 GDPR. These safeguards typically include:

Standard Contractual Clauses (SCCs): We ensure that our agreements with sub-processors incorporate the European Commission's approved SCCs where applicable.
Data Privacy Framework: Where available, we utilize U.S.-based service providers who participate in and certify their compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

5. Data Retention and Deletion (Art. 5(1)(e), Art. 17 GDPR)

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy (principle of storage limitation), or as required to comply with our legal obligations, resolve disputes, and enforce our agreements.

Your Control Over Data

You have direct control to manage and delete certain personal data through the Eagle 3D Dashboard (Control Panel):

From Your Dashboard, You Can Delete:
  • Unreal Engine applications and project files
  • Project configuration settings and environment variables
  • Streaming session logs and analytics data
  • Account profile information (name, contact details, preferences)
  • Authentication and session data
Requires Contacting Support:
  • Complete deletion of your Eagle 3D account
  • Billing and payment history data
  • Historical support ticket communications
  • Legal and compliance records

To request the deletion of your entire account or billing-related data, please contact our support team at support@eagle3dstreaming.com.

Unless a more specific retention period has been agreed upon in a separate contract or is required by applicable law, your personal data will be retained until the purpose for which it was collected no longer applies. If you assert a valid request for deletion (Art. 17 GDPR) or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing it (e.g., tax, commercial law retention periods, or the need to preserve evidence in legal disputes). In such cases, deletion will occur after these reasons cease to apply.

We follow secure deletion practices in accordance with our internal data handling policies. Data may persist in encrypted backup systems for a limited period as part of our disaster recovery strategy before being permanently overwritten.

If a user authenticates using Google Sign-In, deleting an Eagle 3D account does not delete the user's Google account or related authentication records stored by Google. Those must be managed directly with Google.

6. Your Data Protection Rights (Chapter III GDPR)

As an individual within the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the GDPR regarding your personal data:

Your RightGDPR ArticleWhat It Means
Right of AccessArt. 15You can request a copy of the personal data we hold about you
Right to RectificationArt. 16You can request correction of inaccurate or incomplete data
Right to Erasure ("Right to be Forgotten")Art. 17You can request deletion of your personal data under certain circumstances
Right to Restrict ProcessingArt. 18You can request we temporarily or permanently stop processing some or all of your personal data
Right to Data PortabilityArt. 20You can request a structured, machine-readable copy of your data, or ask for it to be transferred to another controller
Right to ObjectArt. 21You can object to processing based on our legitimate interests. For direct marketing, you have an absolute right to object
Right to Withdraw ConsentArt. 7(3)Where processing is based on consent, you can withdraw it at any time
Rights Related to Automated Decision-MakingArt. 22You have the right not to be subject to a decision based solely on automated processing. (Eagle 3D does not engage in such processing)
Exercising Your Rights: To exercise any of these rights, please contact us at support@eagle3dstreaming.com. We will respond within one month (Art. 12 GDPR), as required by law. To protect your privacy, we will verify your identity before fulfilling your request. For data where we act as a Processor (e.g., your project data), you should use the tools within the Eagle 3D Dashboard to manage that data directly.
Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

7. Cookies and Tracking Technologies (ePrivacy Directive / TTDSG)

Cookie TypePurposeLegal Basis
Essential / Strictly NecessaryRequired for the Service to function. Enable core features like login and securityArt. 6(1)(f) GDPR; § 25(2) TTDSG
Performance / AnalyticsHelp us understand how visitors interact with our website and Dashboard (aggregated, anonymous)Art. 6(1)(a) GDPR; § 25(1) TTDSG
FunctionalityRemember choices you make (like language preferences) for a personalized experienceArt. 6(1)(a) GDPR; § 25(1) TTDSG
EU-Specific Provisions
  • Strictly necessary cookies may be used without prior consent where required for service functionality
  • Performance-enhancing features that rely on analytics cookies are only activated after consent is obtained
  • If consent is not provided, certain optimization features may be limited

8. Security Measures (Art. 32 GDPR)

Protecting your data is our top priority. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Technical Measures
  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Network segmentation
  • Endpoint protection using Application Gateway (AGW) and reverse proxy infrastructure
  • Secure access controls for cloud infrastructure
  • Vulnerability scanning and monitoring
Multi-Factor Authentication (MFA): MFA is enforced for internal administrative access to infrastructure systems where data is stored or processed (e.g., AWS environments, analytics systems, and internal operational tools).
Operational Measures
  • Principle of least privilege
  • Internal security policies and access review procedures
  • Employee security awareness practices
  • Incident response planning

While we implement industry-standard measures, no method of electronic transmission or storage is 100% secure.

9. Enterprise Plans and Data Processing Addendum (DPA)

Our Self-Serve plans implement strong security and privacy practices. However, certain regulatory, data localization, or contractual requirements (such as strict GDPR storage or processing guarantees) may require architectural adjustments. These adjustments can impact system performance and infrastructure costs. In such cases, organizations requiring customized compliance commitments, enhanced data governance controls, or specific storage configurations should contact us to discuss an Enterprise plan with a tailored Data Processing Addendum (DPA).

10. Contact Information for GDPR Inquiries

For GDPR-specific questions or to exercise your data protection rights, please contact:

Eagle 3D Streaming LLC
2521 Humble, Midland, TX 79705
Email: support@eagle3dstreaming.com
Phone: (432) 296-2920

CONTACT US

Logo

Email: info@eagle3dstreaming.com

ABOUT

About

Company

Industry

Partners

Culture & Values

Career

PRODUCTS

Self-Serve Pixel Streaming

Enterprise

Full Stack Development

Pricing

Support

SOLUTIONS

Enterprise

AEC

Automotive

Virtual Events

Aerospace & Defence

Energy

Metaverse

Digital Twin

RESOURCES

Our Podcast

Spotlights

Developer Series

Blog

Events

Documentation

FAQ

Forum

LEGAL

Privacy Policy

GDPR

Privacy Policy

Copyright @ 2025. Eagle 3D Streaming.