Privacy Policy

1. App Store & Google Play Privacy Categorization

To assist with platform transparency requirements, we disclose our data practices as follows:

• Identifiers (Device ID, User ID): Linked to User: Yes. Used to Track: No. Purpose: App Functionality, Cloud Save synchronization.
• Purchases (Purchase History): Linked to User: Yes. Used to Track: No. Purpose: App Functionality, verifying content entitlements.
• Usage Data (Product Interactions): Linked to User: No (Aggregated/Anonymized). Used to Track: No. Purpose: Analytics, service improvement.
• Diagnostics (Crash Logs, Performance Data): Linked to User: No. Used to Track: No. Purpose: App Functionality, identifying technical bugs.
• User Content (Custom AI Generations, Custom Names): Linked to User: Yes. Used to Track: No. Purpose: App Functionality, Product Personalization.

2. Data We Do Not Collect

We explicitly do not collect: real names (unless voluntarily provided in custom character names), physical addresses or phone numbers, payment information (handled exclusively by Apple/Google), precise location data (GPS), camera or microphone access, contacts, health or biometric data, or browsing history outside of our Games.

3. Loot Box Transparency

Our Games include loot boxes (random-item purchases) such as Booster Packs and Promo Packs. Drop rates and odds for each rarity tier (Common, Uncommon, Rare, Epic, Legendary, Mythic) are displayed in-app before purchase, near the purchase button. This complies with UK CAP, Apple App Store, and Google Play Store transparency requirements. App Store and Play Store listings disclose "contains random-item purchases."

Specific mechanics including duplicate handling and pity timer systems (when implemented) are detailed in each game's Help section. Players can review odds at any time before making a purchase decision.

4. Third-Party Services & AI Generation

We share specific data with third parties to facilitate core game functions:

• Platform Providers: Apple (iCloud/App Store) and Google (Google Play Games/Store) for cloud saves and IAP processing.
• Stability AI: Character generation prompts (based on your selections) are sent to Stability AI. Images are stored locally on your device. We do not store your raw text prompts on our servers. Review their policy at stability.ai/privacy-policy.

5. Children's Privacy (COPPA)

The Games are not directed at children under 13 (Rated 12+/Teen). We do not knowingly collect data from children under 13. If we discover data from a user under 13, it will be deleted within 7 days. Parents may contact support@redwoodarcade.ca for verified deletion requests.

6. Global Jurisdictional Rights

• Canada (PIPEDA): We adhere to the 10 Fair Information Principles.
• EU/UK (GDPR): Legal bases include Contractual Necessity (gameplay) and Legitimate Interest (analytics/security).
• California (CCPA/CPRA): Rights include the Right to Know, Delete, and Correct. We do not "sell" your data.
• Australia / Japan / Brazil: We comply with the Privacy Act (AU), APPI (JP), and LGPD (BR) regarding data access, correction, and international transfer safeguards.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. Primary processing locations: United States and Canada. Stability AI processing may occur on US-based servers. Apple and Google services may transfer data internationally as part of cloud save and IAP infrastructure.

• EU/UK users: We rely on Standard Contractual Clauses (SCCs) or adequacy decisions as legal basis for international transfers.
• Canadian users: All transfers are handled with appropriate safeguards under PIPEDA.
• Brazilian users: Compliance with LGPD requirements regarding international data transfers.
• All users: We require third-party processors to maintain equivalent data protection standards.

8. Cookies and Tracking Technologies

• Device IDs: We use IDFV (iOS) and Android Advertising ID.
• Local Storage: We use AsyncStorage on your device to store local settings (e.g., audio mute status).
• No Web Cookies: As native mobile apps, we do not use traditional browser cookies.

9. Networked Features and Public Visibility

When networked features launch, your AI-generated characters may appear as opponents in other players' games.

• Visibility: Other players see the character image, custom name, and stats. They do NOT see your email or account ID.
• Opt-Out: You can disable public visibility in the Settings menu at any time.

10. Data Retention

• Account Data: Deleted within 30 days of a deletion request.
• IAP Records: 7 years (Canadian tax compliance).
• Crash Reports: 90 days.
• Analytics Data: Retained indefinitely in anonymized form.

11. Force Majeure Provisions

In the event of catastrophic circumstances beyond our reasonable control (natural disasters, major cyberattacks, pandemic-related disruptions, government actions, third-party service failures), our data breach notification timing, deletion request fulfillment, and other data processing activities may be temporarily delayed. We will resume normal operations and complete delayed processing as soon as practical, and will communicate significant delays to affected users where possible.

12. Account Deletion Process

• Method: In-app "Delete Account" button or email support@redwoodarcade.ca.
• Timeline: Deactivation is immediate; full deletion occurs within 30 days.
• Effect: All progress and custom AI content are permanently erased. This cannot be undone.

13. Contact Information

• Privacy Inquiries and Data Requests: support@redwoodarcade.ca
• General Support and Account Issues: support@redwoodarcade.ca
• Legal Matters, IP Concerns, and DMCA Notices: legal@redwoodarcade.ca

Response Time: We aim to respond within 5 business days.

Business: Redwood Arcade, Ontario Sole Proprietorship, Ontario, Canada.