Privacy policy

Effective Date: March 9, 2020


ConcernedApe LLC, a Washington limited liability company (“ConcernedApe”, “we”, “us” and their derivatives) makes this policy available to users of our websites, including and its subdomains (collectively, the “Websites”), the Stardew Valley® videogame for PC, Playstation 4, PSVita, and Xbox (collectively, the “Game”), the Stardew Valley Forum, including and its subdomains (collectively, the “Forum”), and other online services we may provide (with the Websites, Game, and Forum, collectively, the “Services”).

This policy describes our practices for collecting, using, transferring, disclosing, retaining and disposing of users’ personal data. Note that lowercase terms that are used but not defined in this policy (e.g., “personal data”, “controller”, “process”, “data subject”, etc.) have the meanings assigned in Article 4 of the European Union General Data Protection Regulation. To be clear, however, this policy applies to all users of the Services, no matter where they live.

This policy applies only to personal data we collect through the Services. It does not apply to any information that we collect offline or you provide to or is collected by any third party.

Please read this policy carefully, so you can understand our policies and practices regarding your personal data. 


We do not knowingly collect personal data from anyone under 13 years of age. Our Services are directed to people who are at least 13 years old. If you are under 13, do not submit any information about yourself to us. If you become aware that a child under the age of 13 has provided us with personal data, please contact us at [email protected], so we may remove the information.

Personal data we collect and how we collect it

Information from Third-Party Game Platforms. We may automatically receive your personal data from the third-party platform (e.g., Steam, the Playstation Store, etc.) (each a “Third-Party Platform”) through which you download and play the Game. The personal data we collect from a Third-Party Platform may include, by way of example, your name, the name of your account associated with the Third-Party Platform, and a list of your saved contacts with the Third-Party Platform (e.g., your “Steam Friends List”). Personal data collected by a Third-Party Platform is subject to such Third-Party Platform’s privacy policy (e.g., the Steam Privacy Policy Agreement and the Privacy Policy). Information collected from Third-Party Platforms is used in accordance with the “How we use personal data” section below.

Correspondence. If you correspond with us, we will retain records of our correspondence, including the contents of whatever was said, your email address, name, signature, postal address, and telephone number, if provided, and any other information that you provide to us in such correspondence.

Forum. If you use the Forum, we may collect your name or username, email address, and IP address (your IP address is never publicly visible). We may also retain copies of your posts to the Forum, including the contents of whatever was posted and any other personal data you choose to share on the Forum such as your profile information.

Analytics. If you browse our Websites or Forum, we may collect certain information about your use of our Websites and Forum. This information may include, without limitation, the number of page visits and duration, type of browser, etc. Some of this information, such as your IP address, may constitute personal data.

Automatic Tracking Technologies. Data we collect about your use of the Websites and Forum may be collected through “cookies” and “web beacons”. Cookies are small files placed on the hard drive of your computer through your web browser that enable us to recognize your browser and capture and remember certain information. Web beacons (also referred to as “clear gifs”, “pixel tags”, and “single-pixel gifs”) are small electronic files that enable us, for example, to count users who have visited our pages and for other related website statistics. For more information about cookies, please see our detailed Cookies Policy.

You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. Additionally, other online resources, such as Privacy Badger from the Electronic Frontier Foundation, are available that can help block certain automatic data collection technologies. Please note that, if you disable or refuse cookies or other automatic data collection technologies such as web beacons, some aspects of the Services may be inaccessible or not function properly.

Where personal data is processed; transfer of personal data

We’re based in the State of Washington in the United States of America. We may process and transfer your personal data in and to the United States of America and other countries, regardless of where you are. Note that the laws regulating the collection, use, and disposal of personal data vary from country to country, so applicable law in the country where your personal data may be processed may not be as comprehensive or strict as the laws of the country where you’re located.

How we use personal data

  • If you reach out to us directly, we may use your personal data to respond to you. 
  • When you play the Game, we may use your personal data collected from the applicable Third-Party Platform in order to present the Game and its various features and functions to you, including to facilitate multiplayer experiences.
  • When you create a profile on the Forum, we may use your personal data to present the Forum to you and to notify you about activity on the Forum.
  • If you post to the Forum, we may monitor and store those communications to detect cheating, fraud, illegal activity, or other activities that may violate our Terms of Use
  • With your consent, we may use your personal data to send you newsletters or announcements about our Services via email. 
  • Where you’ve provided information to us for a specific purpose (e.g., to help us troubleshoot an issue you’re having with the Services), we’ll use your information in furtherance of that purpose.

We do not use automated decision-making in connection with the processing of your information.

We use automatic data collection technologies and the personal data collected through them to enable our Websites and Forum to remember you. We also use information gained through automatic data collection technologies to compile statistical information about use of our Websites and Forum, such as the pages users visit most often. We may use this information to improve our Services.

Access to personal data by contractors and other third parties

We may give certain independent contractors access to data we collect, including personal data. These independent contractors may assist us with tracking use of our Websites and Forum, including monitoring posts to the Forum, and with providing and improving the Services. Independent contractors that work for us are obligated to keep personal data confidential and use it only in accordance with our express instructions. 

Google Analytics. One of our independent contractors is Google Analytics. Google Analytics tracks and reports website traffic and monitors use of our Websites and Forum. Data collected may be shared with other Google services and used to target the ads of its own advertising network. It is our understanding that you can opt-out of Google Analytics tracking on our Websites and Forum by installing the Google Analytics opt-out browser add-on that prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit Google Privacy Policy.

We also may disclose personal data:

  • to our subsidiaries and affiliates;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of ConcernedApe’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by ConcernedApe pertaining to the users of our Services is among the assets transferred;
  • To comply with any court order, law, or legal process, such as responding to a government or regulatory request;
  • To enforce any contract we may have in effect with you such as our Terms of Use; and
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others.

Legal bases for processing

We rely on the following legal bases to process your personal data:

  • Your consent;
  • Compliance with applicable law;
  • Exercise of our legitimate interests in:
    • Providing the Game and enabling our users to play the Game, including with one another;
    • Improving the Game;
    • Providing customer service;
    • Improving our Services and business;
    • Reviewing job applications; and
    • Addressing legal issues.
  • Fulfillment of our obligations to users of our Services; and
  • Endeavoring to protect users of our Services.

Your data subject rights

We will promptly act on the request of any user of the Services that we:

  • Confirm that we have their personal data;
  • Provide them with access to their personal data, including in portable format, that we may possess;
  • Correct, update or amend their personal data;
  • Delete and “forget” their personal data; or
  • Limit our processing of their personal data.

You may always withdraw any consent to process your personal data you have provided us and object to our use or disclosure of your personal data. Exercise of any of the rights set forth in this section may not apply retroactively from the date a given request is made and doesn’t affect our ability to continue processing personal data in accordance with this policy and applicable law. The rights described in this section are subject to certain limitations and exceptions under applicable law.

If you’d like to exercise any of your data subject rights concerning your personal data that we may possess, please reach out to us by email at [email protected] When you reach out, please put “Data Subject Access Request” in the subject line of the e-mail, and briefly describe the right or rights you intend to exercise. We may use your personal data to confirm your identity before acting on your request.

You will always have the right to lodge a complaint about our privacy practices with the appropriate supervisory authority. We ask that you contact us first, so we can try to address any concerns that you have about our privacy practices directly.

Additional notice for California residents

The following applies to California residents pursuant to the California Consumer Privacy Act of 2018 (“CCPA”):

  • In the preceding 12 months, we disclosed the categories of personal data listed below for business purposes:
    • Identifiers: your first and last name, email address, username, IP address, signature, postal address, telephone number, and online identifiers such as a key, token, or ID session. 
    • Internet or other similar network activity: your interaction with our Websites and advertisements, including the number of page visits, duration, and type of browser. 
    • Categories of personal data described in Section 1798.80(e) of the California Customer Records: your first and last name,signature, postal address, and telephone number.
    • Other categories: the content that you share publicly in the Forum or provide to us when you contact us directly.
  • In the preceding 12 months, we have not sold personal data. We only disclose personal data to service providers. 
  • You have the right to request that we disclose certain information to you about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
    • The categories of personal data we collected about you.
    • The categories of sources for the personal data we collected about you.
    • Our business or commercial purpose for collecting or selling that personal data.
    • The categories of third parties with whom we share that personal data.
    • The specific pieces of personal data we collected about you (also known as a data portability request).
    • If we sold or disclosed your personal data for a business purpose, two separate lists disclosing: (a) sales, identifying the personal data categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the personal data categories that each category of recipient obtained.
  • You have the right to request that we delete any of your personal data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service providers to:
    • Complete the transaction for which we collected the personal data, provide the Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    • Debug the Services to identify and repair errors that impair existing intended functionality.
    • Exercise free speech, ensure the right of another user to exercise their free speech rights, or exercise another right provided for by law.
    • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
    • Enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us.
    • Comply with a legal obligation.
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you the Services.
  • Charge you different prices or rates for the Services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of the Services.
  • Suggest that you may receive a different price or rate for the Services or a different level or quality of the Services.

Verifiable Consumer Requests.To exercise your rights described above, please email us at [email protected] with the subject line “CCPA”. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal data. You may also make a verifiable consumer request on behalf of your child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm that the personal data relates to you. Making a verifiable consumer request does not require you to create a profile with us. We will only use personal data provided in a verifiable consumer request to verify your identity or authority to make the request.

Response Timing and Format.We endeavor to respond to a verifiable consumer request within 30 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have a profile with us, we will deliver our written response to that profile. If you do not have a profile with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the receipt of verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. 

For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. 

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Data security and retention

We retain personal data for only as long as necessary to fulfill the purposes for which it was collected or provided, subject to certain exceptions as authorized by and where required under applicable law. We may pseudonymize, delete or take other measures to dispose of personal data. We may retain copies of personal data for additional time for business continuity purposes and for the purposes of creating backups.

We implement a variety of security measures to maintain the safety of your personal data when you use the Services. We offer the use of a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted. Such information is only accessible by those authorized with special access rights to such systems and that are required to keep the information confidential, subject to any additional requirements imposed by our contract with them and applicable law.

Also, please keep in mind that the transmission of information via the internet is not completely secure. Although we have designed our Services with the protection of your personal data in mind, we cannot guarantee the security of your personal data transmitted through the Services. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Changes to this policy

If we make any changes to this policy, we will post the revised policy on this page and put a notice of the revision on the Homepage. You are responsible for periodically visiting this page to check for any changes. The date the privacy policy was last revised is listed at the top of the policy.

Contacting us

If you have any questions regarding this policy or our privacy practices, you may contact us at [email protected]