Preamble: We are aiming to make this policy as transparent and easy to understand as possible. If you have any questions regarding our policies or if you feel there is any missing information, feel free to contact us.
General: Everyone can download the game and play it for free. To earn money, we use in-app purchases.
We use analytics to recognize things that need to be improved and to validate that our own marketing efforts are profitable.
Without analytics, we couldn't run and sustain this game as a service. Therefore, your Advertising id is processed. You can disable the id in the privacy settings of your phone, if you don't want this.
Data Usage: The collected data is used for analytics, the game's functionality and product personalization.
Data Sensitivity: We don't process or have access to sensitive data (e.g. credit card numbers or your address). All the personal data we process is used to identify something: Your savegame, you as a player, you as a recipient of consumer information, the game installation on your phone or an in-app purchase.
You can opt-in to use your email address to bind your account. The email address is only used for the purpose of account management.
Data Security: We use an encrypted connection (https) to transfer personal data to our servers or to third-party processors. Some of the third-party processors are located in countries outside the EU, but all off them comply with the GDPR. Access to our own game databases is protected and limited to authorized employees.
Risk Assessment: We did a risk assessment to identify the potential damage of a data breach. The worst-case scenario would be that someone has access to all the data processed by us. This person could manipulate your savegame, see how you play the game or send you game notification. All this is a local damage that only affects this game and your progress in this game.
With our data alone, you cannot be identified as a person unless in combination with sensitive personal data from different sources.
If you opt-in to use your email address to bind your account, the worst case scenario of a data breach means, that someone can use this email address to send you spam. But it's not possible to figure out the password you used.
Policy Changes: We reserve the right to make changes to this privacy policy at any time in the future. We recommended to check this page regularly, especially the date of the last modification at the bottom. If you object to the changes, you can stop using the application and delete your account and/or ask us to remove your personal data. A changed privacy policy will apply to all personal data we have about users.
We are processing the following kind of personal data:
Savegame Identifiers: The game automatically connects to our server to create an online savegame (cloud save). We generate an UserId and AuthToken to access and authenticate for this savegame. The game also creates a BlingHubId, which contains a pointer to your UserId. In general, it's the same concept as the UserId, but it allows you to authenticate with Google Play Games, Game Center and other services, so that you won't lose your progress after a re-install.
We store your progress as well as all premium transactions in our database.
In-App Purchases: We store the order ids of in-app purchases to be able to support payers and for fraud detection. Please recognize that we don't have access to your payment information or your name, address etc. when you make a purchase.
Server Logs: We log server requests in our server logs. The server logs contains the UserId, which allows us to debug and fix errors.
Ad Measurement: We use the Advertising Identifier (Android) or IDFA (iOS). The Id is used to identify you as a user across multiple apps. It also us track the success of our own marketing campaigns.
If you don't like this, you can globally disable the id in the privacy settings of your operating system.
Auth Tokens: Use an authentication method like Google Play Games, Game Center or Facebook to bind your account. If you do this, we request an authentication token that allows us to identity you as a user independently of your current local progress. The token is just something that we can use to confirm that you are the owner of that account. This way we can restore an old savegame after a re-install or if you are using a different device.
The auth tokens are generated for this specific app. We can't use the token to authenticate for other apps.
Email Sign In: You can opt-in to use your email address as an authentication method. This allows you to play the same game on multiple platforms like Android and iOS. The email address is stored within an additional security layer and we don't store or transfer your original passwords of course.
IP Addresses: We don't store or process IP addresses ourselves, but some of our third-party processors process IP addresses.
Android Id: The Android Id is for Android version 8.0 and above a unique id based on the combination of our app-signing key, a user, and a device. This means that this id can be used by us and our third-party processors to identify you as a user, but can't be connected to the usage data of apps or services from other developers. If you are running an Android version lower than 8.0 on your device, the Android id is the same for all developers, which means a data breach is more relevant here. Please consider to upgrade your Android OS.
Instance Identifier: The Instance Id is used to identify the current app installation on your phone. The id becomes invalid if you uninstall the app. If you re-install the app, you get a new id.
Other Data: Additionally to the personal data and identifiers mentioned above, we or our third-party processors do also process the following data:
Game progression data, session starts and durations, usage of premium items or advertisements, the hardware model & manufacturer, operating system version, crash logs, display screen size & orientation, audio volume, battery, system language or locale settings, the type of internet connection, the mobile carrier, your time zone, free space available on your device, IP based location data and segmentation and attribution data.
Support: If you contact our support, we will process your contact data like your email address and other information provided to handle your request.
We will store the information provided for up to 12 months to be able to handle follow up requests. We don't forward your contact data to third-party processors. Only our authorized employees can access your contact data.
We need to forward parts of the data to the following services:
AWS: We use Amazon Web Services for our scalable backend infrastructure. Amazon guarantees not to access or process any personal data. The only exception is the processing for data security reasons or to comply with the law. Only our authorized employees can access the game data or order ids. The data can be stored outside of the EU. Show details...
Firebase: We use multiple services from Firebase by Google. The services process Advertising Ids, Instance Ids and app usage data. The data is deleted automatically 14 months after the last session. The processing can happen outside of the EU. Show details...
Facebook Analytics: Facebook Analytics identifies users with Advertising Ids and Instance Ids. It collects data about your progress and play behavior. The processing can happen outside of the EU. Show details...
FacebookSignIn: You can sign in with your existing Facebook account to bind your game to Facebook. We use only the authentication service and will only access your user name from your Facebook profile. The user name is not sent to our server or any third party services. We don't post any content on your Facebook profile.
Tenjin: Tenjin is an attribution tracking service, which helps us to determine where new users are coming from. It processes your Advertising Id, IP addresses and other data about your progress, play behavior and specification of your phone. The processing happens mostly in the EU, but can happen outside of the EU. Show details...
AppsFlyer: AppsFlyer is an attribution tracking service, which helps us to determine where new users are coming from. It processes your Advertising Id, IP addresses and other data about your progress, play behavior and specification of your phone. The processing can happen outside of the EU. Show details...
Zendesk: We use services from Zendesk, Inc. to handle customer requests via Email or Social Media. The processing can happen outside of the EU. Show details...
You have the following rights as a data subject:
Data Access: You have the right to access the personal data processed by us. Please contact us to request your data.
Data Erasure: You can delete all savegames and stored account data by using the delete account button in the Bling Hub menu. All Instance Ids are invalidated if you uninstall the app. You can request a new Advertising Id / IDFA in the privacy settings of your operating system. Please contact us if you want us to delete other personal data (e.g. data from support requests).
Complaints: You have the right to lodge a complaint with a supervisory authority. Show details...
Owner and Data Controller:
Bling Bling Games GmbH
Karlstraße 51
76133 Karlsruhe
Germany
privacy@blingblinggames.com
Last Updated: February 12, 2024