Privacy Policy
Version: 1.66.0
Last Reviewed: November 2025
Introduction
This Privacy Policy explains how Fame Media Tech Limited, trading as "n-gage.io", "we", "us", or "our", collects, uses, and protects your personal information when you visit our website at www.n-gage.io, which we refer to as "Our Site", and when you download or use any of our mobile applications licensed to our clients, which we refer to as "Our Apps".
Our Apps are designed to enhance the visitor experiences at venues operated by our clients, who we refer to as "Operators". They allow Operators to increase engagement and provide insights into visitor behaviour.
We are Fame Media Tech Limited, with company registration number 11579910, and our registered office is at 15 Welbury Way, Aycliffe Business Park, Newton Aycliffe, United Kingdom, DL5 6ZE. You can contact us by email at info@n-gage.io or by phone on 0330 102 5525.
For detailed information about our comprehensive data protection practices, including our role as data processor for client data, please refer to our full Data Protection & Privacy Policy. This Privacy Policy provides a user-friendly overview of our key practices.
Age Requirements and Children's Privacy
Our Apps are intended for users aged 13 and over. If you are under 13 years of age, you may not create an account or use Our Apps without supervision and consent from a parent or guardian. By creating an account, you confirm that you are at least 13 years old. We do not knowingly collect personal information from children under 13 without verifiable parental consent.
If you are a parent or guardian and believe your child under 13 has created an account or provided personal information without your consent, please contact us immediately at support@n-gage.io. We will promptly investigate and delete such information and terminate the account. For children aged 13 to 17, we encourage parents and guardians to monitor their children's use of Our Apps and manage permissions through device-level parental controls.
What Information We Collect
When you visit our website, we collect information that you provide directly to us. This includes your contact information when you fill out forms on our website, such as "Contact Us" or "Request a Demo" forms, where we collect your name, email address, phone number, company name, and any message or inquiry you submit. If you sign up for our newsletter, we collect your email address and name. If you apply for a position with us, we collect information included in your CV and application materials.
We also collect information automatically when you use our website. This technical information includes your IP address, browser type and version, device type, operating system, and time zone setting. We collect usage information about the pages you visit, time spent on pages, links clicked, referring website, and the date and time of your visits. We use cookies and similar tracking technologies to collect information about your browsing behavior.
When you use Our Apps, we collect several categories of information. We collect identity and contact information, including your name and email address if you choose to provide them when signing up to Our Apps, your date of birth and gender if you choose to provide these details when signing up, and your name, email address, and purchase history from third-party ticket suppliers when related to ticketing or other purchases. We also collect details of sponsorship arrangements or annual memberships you hold and details of vouchers you redeem.
If you allow us to collect it, we gather visitor experience information. This includes the times at which you arrive at and depart from the Operator's site or location, the route you take through the Operator's site or location, and details of any purchases you make. We collect details of your interactions with the Operator, such as answers to quiz questions, your connection to beacons, answers you give to questions about you or your visit, and photos or video clips you choose to upload to Our Apps.
We collect technical information from app users, including your IP address, device ID, device name, class and model, browser type and version, time zone setting and location, operating system and platform, and app interaction data, crash logs, diagnostics, and app performance data. We collect information about which device permissions you have granted or denied, such as location services, Bluetooth, camera, photo library, and push notifications. We use Bluetooth connectivity data to detect your proximity to beacons within the Operator's venue and collect data through the permissions you have granted.
We also collect correspondence and feedback, including information you provide when completing forms in Our Apps, when you subscribe to any of our services, content you upload to Our Apps, correspondence with us, and information when you request further information or report a problem.
We use Google Analytics to help us understand how visitors use Our Site and Our Apps. Google Analytics uses cookies and similar technologies to collect information about your use and generate reports on activity. Google may use this data to contextualize and personalize ads in its own advertising network. To learn more about how Google uses data, you can visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on for website use, adjusting your device advertising settings, or contacting us to request opt-out from analytics tracking.
Device Permissions We Request
To provide the full functionality of Our Apps, we may request several permissions from your device. We request access to your device location services to track your position within the Operator's venue, provide location-based content and navigation, connect you to nearby beacons, and record your route through the site. This enables us to deliver personalized experiences based on where you are in the venue.
Location Data Retention: Your location data is retained for up to three years to enable Operators to analyze visitor patterns, understand seasonal variations, compare year-over-year trends, and make data-driven improvements to their facilities and guest experience. This long-term analysis helps Operators identify popular areas, optimize layouts, reduce congestion, and enhance overall visitor experience.
Your Control: You have full control over your location data. You can disable location services through your device settings, object to retention beyond 90 days by contacting support@n-gage.io, or request deletion of your location history at any time. If you object to long-term retention, we will delete your location data after 90 days unless we can demonstrate compelling grounds to continue processing. You have the right to escalate unresolved objections to the Information Commissioner's Office.
Legal Basis: We collect location data with your explicit consent. We retain it for up to three years based on our legitimate interests in enabling operational analytics, which we have carefully balanced against your privacy rights through a Legitimate Interests Assessment. Appropriate safeguards including encryption, access controls, and regular necessity reviews protect your data throughout the retention period.
We request Bluetooth access to detect and connect to beacons positioned throughout the Operator's venue, trigger location-specific content, track your journey through different zones, and provide contextual information as you explore. We request permission to send you push notifications so that Operators can communicate with you about events and offers and updates relevant to your visit. You can customize which notifications you receive through your device settings.
We request camera access if you choose to take photos within Our Apps, share your experience, or participate in interactive features offered by the Operator. We request access to your photo library if you choose to upload existing photos or videos to Our Apps or share content as part of your visit experience. If applicable, we request microphone access if you choose to record audio or video content within Our Apps.
You have full control over these permissions and can grant, deny, or revoke them at any time through your device settings. Please note that denying certain permissions may limit the functionality of Our Apps. We collect information about which permissions you have granted or denied to help us understand app usage patterns and improve our services.
How We Use Your Information
For website visitors, we use your information to understand the way you use Our Site, respond to your inquiries and requests, send newsletters and marketing communications if you've opted in, process demo requests and provide product information, improve our website functionality and user experience, analyze website usage patterns and trends, detect and prevent fraud and security incidents, and recruit and hire employees.
For app users, we use your information to enable us to identify and match your booking details when you download Our Apps, register you as a user of Our Apps, create and host your user profile, and enable and manage your use of Our Apps. We analyze device permission grants and usage patterns to improve Our Apps and understand how users interact with different features. We personalize your experience of using Our Apps, record and display details of any "adoptions" you make, collate visitor experience information and make it available to Operators, and prepare anonymized statistical information and reports and make them available to Operators.
We use your information to notify you about any changes to the terms of use which apply to Our Apps, resolve any concerns, complaints or issues which you raise in relation to Our Apps or to any visits you make to Operators' sites or locations, administer and protect our business and technology, improve the experience of using Our Apps, and make suggestions and recommendations to you about services that may be of interest to you, but we will not send you any unsolicited marketing or spam. We enable Operators to send you, via Our Apps, marketing communications and push notifications.
We will use your personal information only for the purposes for which we collected it, unless we reasonably decide that we need to use it for another appropriate reason.
Automated Processing and Artificial Intelligence
We use automated systems and artificial intelligence to analyze visitor behavior patterns, movement through Operator venues, and interaction with exhibits or attractions. This helps us and our Operators to understand which areas and exhibits are most popular, provide personalized content recommendations, improve visitor flow and reduce congestion, enhance the overall visitor experience, and generate insights and reports for Operators.
This automated processing does not make decisions that produce legal or similarly significant effects concerning you. The analysis is used for operational improvements and to enhance your experience. You have the right to object to this automated processing. If you wish to opt out, please contact us at support@n-gage.io. Note that opting out may limit some personalization features of Our Apps.
Legal Basis for Processing
We process your personal information based on several legal bases. We rely on consent when you provide consent for guest mobile app registration, marketing communications, optional data collection such as preferences and feedback, processing of special category data such as accessibility requirements, and use of non-essential cookies.
We process your information based on contract performance to deliver our services, including client account management, service delivery and support, and billing and payment processing. We rely on our legitimate interests for purposes including fraud prevention and security monitoring, network and information security, business analytics and service improvement, direct marketing to business contacts in business-to-business contexts, internal administration and operations, retention of guest location data for up to three years for operational analytics including heat map analysis, visitor flow optimization, and facility improvement planning (we have conducted a Legitimate Interests Assessment demonstrating this processing is necessary, proportionate, and includes appropriate safeguards) and understanding how you use Our Site and Our Apps. When relying on legitimate interests, we carefully balance our interests against your rights and freedoms.
We process information to comply with legal obligations, including tax and accounting requirements, employment law compliance, responses to lawful requests from authorities, and regulatory reporting obligations. In rare circumstances, we may rely on vital interests in emergency situations requiring immediate action to protect life or physical safety when other legal bases are not applicable and delay would pose serious risks.
Who We Share Your Information With
We will share your information with those Operators whose sites or locations you visit. The Operators may then use your information for marketing and other purposes in accordance with their own privacy policies.
We work with trusted third-party service providers who process data on our behalf. All subprocessors are subject to contractual data protection obligations. DigitalOcean provides cloud hosting and database services from Dublin, Ireland, in the European Economic Area, and processes first name, last name, and email address. HubSpot provides customer service ticketing from Dublin, Ireland and Germany in the European Economic Area and processes first name, last name, and email address. Mailgun handles email automation and delivery from Europe and processes first name, last name, and email address. Pusher provides real-time in-app notifications from Dublin, Ireland in the European Economic Area and processes first name, last name, and email address.
Google Analytics provides analytics and app performance metrics. Minew provides beacon hardware technology. DigiTickets, TicketingHub, and Mstore provide ticketing integrations when used by specific Operators. Forge provides server management from Arkansas in the United States but does not process personal data. Sentry provides error tracking and monitoring from San Francisco in the United States but does not process personal data. Each of these relationships is governed by contracts that impose data protection obligations consistent with our own standards.
If you choose to share photos or content from Our Apps to social media, you will be redirected to the relevant platform such as Facebook, Instagram, or Twitter, and that platform's privacy policy and terms of service will apply. The content you share becomes subject to that platform's data practices. We do not control how social media platforms use your information. We recommend reviewing the privacy policies of any social media platforms you connect with Our Apps.
Our Apps may provide links to third-party websites or services where you can make purchases, such as tickets, merchandise, or experiences offered by Operators. We do not process payments directly and do not collect or store credit card or payment card information. When you follow a link to make a purchase, you will be directed to the Operator's website or a third-party payment provider, and their privacy policies and terms will apply to your transaction. We may receive confirmation that a purchase was made and basic transaction details such as what was purchased and when from the Operator to enhance your app experience, but we do not receive your payment card details.
We may disclose your information if required by law or in response to court orders or legal processes, lawful requests from government authorities, regulatory authorities during investigations, tax authorities for financial reporting, and our professional advisors including auditors and lawyers. In the event of mergers or acquisitions, corporate restructuring, or financing activities, your information may be transferred under strict confidentiality with appropriate protections.
We will never sell your personal information for marketing purposes.
International Data Transfers
Your personal information is primarily stored and processed within the United Kingdom and European Economic Area through our cloud infrastructure provider, DigitalOcean. If you are located outside the UK or EU, your information will be transferred to and processed in the UK or EU, which provides adequate protection for personal data under applicable data protection laws.
Some of our third-party service providers, such as Google Analytics, may process data outside the UK or EU, including in the United States. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office and European Commission, service providers' certification under relevant data transfer frameworks, and additional security measures and contractual protections.
You can obtain more information about the safeguards we use for international transfers by contacting our Data Protection Officer at support@n-gage.io.
How Long We Keep Your Information
We retain your personal information only as long as necessary for the purposes outlined in this policy. For website visitors, we keep website inquiries and contact form submissions for two years from submission, newsletter subscriptions until you unsubscribe plus three months to process the unsubscription, job applications for six months from application date or longer if you consent, marketing contacts until you opt out plus three months, and analytics data typically for two years, though anonymized analytics may be retained longer.
For app users, guest data from mobile applications for three years following last interaction with our service, including location data which is retained for up to three years from collection date based on our legitimate interests in operational analytics (guests may object to retention beyond 90 days), booking and visit information as determined by the retention period established by the Operator whose venue you visited, photos and content you upload until you delete them or close your account, and system logs for one year.
For all users, anonymized analytics data may be retained indefinitely as it no longer constitutes personal data. If you have consented to us using your information for marketing purposes, we will retain it until you tell us that you withdraw your consent. We may retain information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a legal dispute or regulatory investigation to which the information is likely to be relevant.
How We Keep Your Information Secure
We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it. Our technical security measures include encryption of data in transit using TLS 1.2 or higher and at rest using AES-256, role-based access controls with multi-factor authentication, network security including firewalls and intrusion detection, regular security assessments, vulnerability scanning, and penetration testing, application security through secure coding practices, and monitoring and logging systems with automated alerts.
Our organizational security measures include background checks for employees with data access, confidentiality agreements for all staff and contractors, regular security training for all employees, incident response procedures, business continuity and disaster recovery planning, and vendor management with security assessments.
While we use reasonable security measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of your information. We have also put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your Rights
Under data protection law, you have several rights. You have the right of access to request a copy of the personal information we hold about you and check that we are lawfully processing it. You have the right to rectification to request correction of inaccurate or incomplete information.
You have the right to erasure to request deletion of your personal information where it is no longer necessary for the purposes for which it was collected, you withdraw consent and no other legal basis exists, you object and no overriding legitimate grounds exist, the data has been unlawfully processed, or legal obligations require deletion.
You have the right to restriction to request that we limit how we use your information, for example if you contest the accuracy, allowing us time to verify, processing is unlawful but you prefer restriction to erasure, we no longer need the data but you require it for legal claims, or you have objected whilst we verify whether our legitimate grounds override yours.
You have the right to data portability to receive your data in a structured, commonly used, and machine-readable format such as JSON, CSV, or XML and transfer it to another service. You have the right to object to our processing of your information based on legitimate interests or for direct marketing. For direct marketing, the right to object is absolute, and we will stop processing for marketing purposes immediately upon receiving an objection.
You have the right to withdraw consent at any time where we rely on consent for processing. Although we do not currently engage in automated decision-making with legal or similarly significant effects, you have rights related to automated decision-making, including the right not to be subject to decisions based solely on automated processing.
To exercise any of these rights, please contact us by email at info@n-gage.io or support@n-gage.io, or by post to the Data Protection Officer at 15 Welbury Way, Aycliffe Business Park, Newton Aycliffe, DL5 6ZE, UK.
We aim to respond to all requests within one month. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Cookies and Tracking Technologies
Our website and apps use cookies and similar technologies. Essential cookies are always active and are necessary for the website or app to function properly. These include session management, security features, load balancing, and remembering your preferences during your visit.
Performance cookies require consent and help us understand how visitors use our services. These include Google Analytics, error tracking, performance monitoring, and aggregated usage statistics. Functional cookies require consent and enhance your experience through language preferences, user interface customizations, and personalized content. Marketing cookies require consent when used and support our promotional activities through campaign effectiveness tracking, remarketing to website visitors, and conversion tracking.
For our website, our cookie banner appears on first visit, allowing granular consent options. A cookie preference center enables modification of choices at any time. Browser settings allow you to block or delete cookies. We respect Do Not Track signals where technically feasible. For apps, app settings allow you to manage permissions and preferences, and device settings control broader data collection permissions.
Some cookies are set by third-party services we use, such as Google Analytics and social media platforms when we embed their content. We carefully evaluate all third parties setting cookies and ensure they have appropriate privacy policies. For detailed information about the cookies we use, including their purposes and durations, please see our full Cookie Policy.
Children's Privacy
When processing children's data is necessary for service delivery to families visiting attractions, we implement appropriate safeguards. Parents or legal guardians provide consent on behalf of children. We verify parental authority through reasonable means. We provide parents with access to their children's data. Parents can request deletion of children's data, and we limit collection to minimum necessary data.
If we discover we have inadvertently collected data from a child without proper consent, we cease processing the data immediately, delete the data from our systems, notify relevant parties of the deletion, review how the data was collected, and implement measures to prevent recurrence.
Contact Us and Complaints
For questions about this Privacy Policy or how we handle your personal information, you can contact us by email at info@n-gage.io or support@n-gage.io, by phone on 0330 102 5525, or by post to Fame Media Tech Limited at 15 Welbury Way, Aycliffe Business Park, Newton Aycliffe, DL5 6ZE, UK. We commit to acknowledging all inquiries within two business days, targeting resolution within ten business days for routine matters, though complex matters may take up to thirty days, during which we keep you informed.
For data protection matters, you can contact our Data Protection Officer by email at info@n-gage.io or support@n-gage.io, or by post to the Data Protection Officer at Fame Media Tech Limited, 15 Welbury Way, Aycliffe Business Park, Newton Aycliffe, DL5 6ZE, UK.
If you have a complaint about how we handle your personal information, please contact us first and we will do our best to resolve it. We investigate all complaints within ten business days. You also have the right to lodge a complaint with the supervisory authority at any time. In the United Kingdom, you can contact the Information Commissioner's Office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, by phone on 0303 123 1113, through their website at www.ico.org.uk, or by email at casework@ico.org.uk. The right to complain exists independently of any other rights or remedies.
Additional Information for US Residents
If you are a California resident, you have additional rights under California law. Under California Civil Code Section 1798.83, known as the Shine The Light law, California residents may request and obtain from us, once a year and free of charge, information about categories of personal information, if any, we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.
If you are under 18 years of age, reside in California, and have a registered account, you have the right to request removal of unwanted data that you publicly post. To request removal, contact us at support@n-gage.io with the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed, but it may not be completely removed from all our systems, such as backups.
Under the California Consumer Privacy Act, if you are a California resident, you have specific rights. A consumer means a natural person who is a California resident acting only in an individual or household context. Personal information means information that identifies, relates to, describes, or could reasonably be linked with a particular consumer or household. Sale of personal information means the exchange of personal data for monetary consideration.
We collect several categories of personal information. We collect identifiers, such as name, email, IP address, and device ID. We collect protected classification characteristics, such as gender and date of birth. We collect commercial information, such as transaction information and purchase history. We collect internet or network activity, such as browsing history, app interactions, Bluetooth data, and device permissions. We collect geolocation data, such as device location and beacon proximity. We collect device and permission information, such as permissions status, Bluetooth connectivity, and camera access.
We do not collect California Customer Records information such as financial information, biometric information, audio or visual information, professional or employment information, education information, inferences to create profiles, or sensitive personal information.
You have the right to know and request disclosure of personal information we have collected about you. You have the right to delete and request deletion of your personal information, subject to certain exceptions. You have the right to correct and request correction of inaccurate personal information. You have the right to opt out from future selling or sharing of personal information, though we do not sell personal information. You have the right to non-discrimination, meaning we will not discriminate against you for exercising your rights.
Fame Media Tech Ltd, trading as n-gage.io, has not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve months. We will not sell or share personal information in the future. To exercise your rights, contact us at support@n-gage.io. We will respond within forty-five days of receipt, with a possible forty-five day extension if needed.
If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act. A consumer means a Virginia resident acting in an individual or household context, not commercial or employment. Personal data means information linked or reasonably linkable to an identified or identifiable natural person.
You have the right to be informed whether we are processing your personal data, the right to access your personal data, the right to correct inaccuracies, the right to request deletion, the right to obtain a copy of your data, and the right to opt out of targeted advertising, sale of data, or profiling. We have not sold personal data and will not sell personal data in the future.
To exercise your rights, contact us at support@n-gage.io or through our website at https://www.n-gage.io/contact-us. We will respond within forty-five days, with a possible forty-five day extension if needed. If we decline your request, you may appeal by emailing support@n-gage.io. We will respond to appeals within sixty days. If denied, you may contact the Attorney General to submit a complaint.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this policy, notify you by email if we have your email address or through a prominent notice on our website or in Our Apps, display prominent notices for app users when you next use Our Apps, and maintain previous versions for your reference. We recommend that you check this page regularly to keep up to date with any changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.