The defaults sensitive-franchise buyers ask for — written down, before procurement asks.

Structured for clients whose IP and data sensitivity is a first-class concern.

GS Studio™ is structured for clients whose IP and data sensitivity is a first-class concern, not an afterthought. Our defaults — single-counterparty engagements, EU jurisdiction, Perforce-native code custody, NDA on Day 1, no client IP fed into public model endpoints, named human reviewers on every shipped artifact — are written down because the buyers we've earned the seat with have asked for each one in turn. This page is the consolidated answer.

Where data lives.

• 01Primary jurisdiction: Cyprus (EU member state). GDPR-compliant by default. Single legal system simplifies cross-border review.
• 02Operational data (Perforce depots, ticketing, build artifacts, internal docs): hosted on EU-region cloud (AWS Frankfurt / GCP europe-west) by default. US-region available on request when a client's compliance posture requires it.
• 03Game telemetry and live-ops data: hosted in the region of the client's choice. ATONE was operated multi-region (EU + US-east + AP) under client-controlled provisioning.
• 04No data domiciled in non-EU/US jurisdictions without explicit written client approval. Sanctions-clean by policy: no operational presence in Russia, Belarus, or China for client work.

How code is handled.

• 01Perforce-native engagements by default. GS Studio™ operates fluently inside the client's Perforce depot — branch hygiene, changelist discipline, mainline gating. Git workflows supported where the client is on Git.
• 02Per-engagement Perforce silos. No GS Studio™ engineer sees a depot they are not staffed on. Cross-account leakage is structurally impossible because the access surfaces don't intersect.
• 03Workstation hardening: disk encryption at rest (FileVault / BitLocker), MDM-managed company devices for any AAA-tier engagement, no client code on personal machines, screen-share recording disabled by default, USB / Airdrop transfer disabled by policy.
• 04Source-of-truth discipline: changelists are descriptive and per-feature; no batch dumps. Author ownership is preserved through git/p4 attribution; no anonymized commits.
• 05Code review gate: every shipped changelist has a named human reviewer on the GS Studio™ side and is delivered for the client-side reviewer named on the engagement charter.

NDA defaults.

• 01Mutual NDA on Day 1, before any commercial conversation. Standard MSA-aligned mutual NDA template available; client paper-of-record accepted.
• 02Engagement-scoped NDAs. Each engagement has its own scope of confidentiality; project-A staff cannot speak to project-B clients.
• 03Post-engagement obligations. Standard 5-year confidentiality survival on technical specifics; perpetual on trade secrets and business strategy. Public technical content (blog posts, conference talks) requires explicit client review and approval.
• 04GS Studio™'s own published technical content — including the ATONE post-mortem — is published under explicit client agreement. We do not publish anything about a current client without the client's consent.

AI usage and training boundaries.

• 01Full AI Use Policy at /ai-policy/. Summary: AI is an assistive tool, not an authoring substitute; every shipped artifact has a named human author and a named human reviewer; per-deliverable AI-use disclosure in status reports; client policy overrides our defaults.
• 02Zero training on client IP. Client code, art, design, and audio are never fed into public model endpoints (OpenAI, Anthropic, Google, etc.) for training purposes. Allowed: assistive tooling that does not retain client data (e.g., enterprise plans with no-training defaults; local / self-hosted models; offline IDE assistants under enterprise terms).
• 03Zero-AI engagements available at no extra cost. If your engagement requires AI off-the-table entirely, we run that way and document it in the engagement charter.

IP-handling — single-counterparty by design.

• 01One client per engagement. GS Studio™ does not run a multi-client portfolio shop where senior staff rotate across overlapping accounts. The senior architects on your engagement are not also the senior architects on a competitor's engagement.
• 02No PE parent driving senior fungibility. GS Studio™ has no private-equity parent and no cross-portfolio utilization optimisation. The lead you scope onto your engagement stays on your engagement.
• 03Clear IP ownership, written in. Every engagement contract states explicitly that the work product belongs to the client. GS Studio™ retains no derivative rights to the client's game-play, art, or systems IP. (The engineering patterns and lessons we publish — like the ATONE post-mortem — are scoped, reviewed, and approved before publication, and never include client business specifics.)
• 04No portfolio overlap by default. If you are a top-10-by-revenue publisher and want exclusivity in a genre or platform for the engagement window, we'll negotiate the scope and price it accordingly.

Incident response and disclosure.

• 0124-hour disclosure window for any confirmed security incident affecting client data or code. The 24-hour clock starts at internal confirmation, not at first signal — but the client is the first call.
• 02Named incident lead on every engagement: the GS Studio™ engineering lead is the point of contact, escalating to Sergey Semeniuk (Founder / Managing Director) for any incident with client-data or material-IP impact.
• 03Post-incident review. Every confirmed incident triggers a written post-mortem delivered to the client within 14 days, including remediation timeline and verification plan. The post-mortem becomes part of the engagement record.

What's in place. What's coming. Honest dates.

We do not claim certifications we do not hold. The roadmap above states what is in place, what is coming, and the realistic timeline. Buyers requiring a specific certification today should treat that as a procurement filter and we'll be transparent about whether we meet it on Day 1.

Reference checks on request.

We maintain a short list of client reference contacts willing to take a 15-minute call from a prospective buyer. Reach out via hello@gs-studio.eu or your engagement contact and we'll connect you. Reference contacts are matched to engagement type — mobile / casual references for Track A scope; named MMO / multiplayer references for Track B scope.