Privacy Policy

Last Updated: January 22, 2025

What A Fun LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, games, websites, and related services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy and consent to our collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, please do not use our Services.

CONTACT INFORMATION

Company Name: What A Fun LLC

Email: support@what-a-fun.com

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at the email address above.

1. INFORMATION WE COLLECT

We collect various types of information in connection with the Services, including:

1.1 Information You Provide Directly

Account Information: Username, email address, password, profile photo, and other registration details
User Content: Messages, chat logs, comments, feedback, reviews, and other content you submit
Customer Support: Information you provide when contacting our support team
Survey and Promotional Data: Responses to surveys, contests, sweepstakes, and promotional activities
Payment Information: Payment details are collected and processed by third-party payment processors (we do not directly store full payment card information)
Social Media Data: If you connect through social media (Facebook, Google, etc.), we may receive your profile information, email, friends list, and other data you authorize

1.2 Information Collected Automatically

Device Information: Device type, model, operating system, unique device identifiers (UDID, IMEI, Android ID), mobile network information, device settings
Advertising Identifiers: Apple IDFA (Identifier for Advertisers), Google AAID (Google Advertising ID), and similar identifiers
IP Address and Location: IP address, approximate geographic location (country, city, region) derived from IP address or GPS (with your permission)
Usage Data: Game progress, scores, achievements, in-app purchases, session duration, features used, interactions with other users
Log Data: Crash reports, error logs, performance data, timestamps, referring/exit pages
Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies

1.3 Information from Third Parties

Advertising Partners: Information from ad networks to optimize ad delivery and measure campaign performance
Analytics Providers: Data from analytics services to understand user behavior and improve our Services
Social Networks: Information when you use social features or authenticate via social media platforms
Payment Processors: Transaction verification and fraud prevention data
Data Enrichment Services: Demographic and interest data to better understand our user base

1.4 Sensitive Personal Information

We Generally Do NOT Collect Sensitive Personal Information

We do not intentionally collect or process sensitive personal information (also known as "special categories" of data), including:

Government-issued identifiers (Social Security numbers, passport numbers, national ID numbers)
Financial account credentials, debit/credit card numbers, or banking information (these are processed directly by third-party payment processors, not by us)
Precise geolocation data (we only collect approximate location at city/region level based on IP address)
Racial or ethnic origin
Political opinions or affiliations
Religious or philosophical beliefs
Trade union membership
Genetic data or biometric data used for identification
Health data or medical information
Sexual orientation or information about sex life
Criminal history or background information

Limited Exceptions:

Account Passwords: We collect and store encrypted/hashed passwords for authentication purposes only
Age Information: We collect age or date of birth solely to comply with children's privacy laws (COPPA, GDPR) and determine eligibility for age-restricted features
User-Generated Content: If you voluntarily share sensitive information in public areas (chat, forums, profiles), we are not responsible for that disclosure

If We Ever Collect Sensitive Data in the Future:

Should we ever need to collect sensitive personal information, we will:

Obtain your explicit, informed consent before collection
Clearly explain the purpose and how the data will be used
Limit use strictly to the purposes you authorize
Apply enhanced security and encryption measures
Provide clear and accessible opt-out mechanisms
Comply with all applicable laws regarding sensitive data (GDPR Article 9, CCPA sensitive PI requirements, etc.)
Notify you through updated Privacy Policy and obtain renewed consent where required

2. HOW WE USE YOUR INFORMATION

We use the collected information for various purposes, including:

2.1 To Provide and Maintain the Services

Create and manage your account
Operate, maintain, and improve our games and Services
Enable gameplay features, multiplayer functionality, and social interactions
Process transactions and deliver purchased items or subscriptions
Verify and authenticate users
Save game progress and sync across devices

2.2 To Communicate With You

Send service-related notifications, updates, and announcements
Respond to your inquiries and provide customer support
Send push notifications about game events, promotions, and new features (you can opt-out)
Deliver marketing communications and promotional offers (with your consent where required)

2.3 To Personalize Your Experience

Customize game content, features, and recommendations based on your preferences
Remember your settings and preferences
Provide personalized in-game offers and rewards

2.4 For Analytics and Improvement

Analyze usage patterns and trends
Monitor and analyze the effectiveness of our Services
Develop new features, products, and services
Conduct research, testing, and statistical analysis
Improve game balance, difficulty, and user experience

2.5 For Advertising

Display personalized advertisements within our Services and on third-party platforms
Measure ad performance and optimize ad campaigns
Provide you with relevant offers from us and our partners
Conduct attribution analysis to understand ad effectiveness

2.6 For Safety and Security

Detect, prevent, and address fraud, cheating, and abuse
Enforce our Terms of Service and other policies
Protect the rights, property, and safety of What A Fun LLC, our users, and the public
Moderate user-generated content and communications
Maintain the integrity and fairness of our games

2.7 For Legal Compliance

Comply with legal obligations, regulations, and government requests
Respond to subpoenas, court orders, or legal processes
Establish, exercise, or defend legal claims

3. THIRD-PARTY SERVICES AND DATA SHARING

We use trusted third-party service providers to help us operate our Services. These parties may access your information only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.

3.1 Third-Party Services We Use

Advertising Services:

Google AdMob: For displaying advertisements in our apps
Privacy Policy: https://policies.google.com/privacy
Google Ad Manager: For ad mediation and optimization
Meta Audience Network (Facebook): For advertising
Privacy Policy: https://www.facebook.com/about/privacy
Unity Ads: For in-game advertising
Privacy Policy: https://unity3d.com/legal/privacy-policy
AppLovin: For ad mediation and monetization
Privacy Policy: https://www.applovin.com/privacy/

Analytics Services:

Google Firebase Analytics: For usage analytics and crash reporting
Privacy Policy: https://firebase.google.com/support/privacy
Google Analytics: For website and app analytics
Privacy Policy: https://policies.google.com/privacy
Firebase Crashlytics: For crash reporting and performance monitoring
Facebook Analytics: For user behavior analysis
Flurry Analytics: For mobile analytics
Privacy Policy: https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html

Cloud and Infrastructure Services:

Google Firebase: For authentication, database, hosting, and cloud functions
Privacy Policy: https://firebase.google.com/support/privacy
Firebase Cloud Messaging (FCM): For push notifications
Firebase Realtime Database / Firestore: For data storage and synchronization
Firebase Authentication: For user authentication

Social and Communication:

Facebook SDK: For social features and sharing
Google Sign-In: For authentication
Apple Sign-In: For authentication (iOS)

Payment Processing:

Google Play In-App Billing: For Android purchases
Apple App Store In-App Purchase: For iOS purchases
PayPal: For web-based payments
Stripe: For payment processing

Platform-Specific Privacy Information:

Google Play Store Data Safety:

Our app's Data Safety section on Google Play provides a summary of our data collection practices. You can view this information on our app's Google Play listing before downloading.

Apple App Store Privacy Labels:

Our app's Privacy Nutrition Label on the Apple App Store summarizes the types of data we collect and whether it's linked to you or used for tracking. Visit our app's App Store listing for details.

Mobile App Permissions:

Our Services request the following device permissions:

Android Permissions:

INTERNET: Required to connect to game servers, sync data, and display advertisements
ACCESS_NETWORK_STATE: To check internet connectivity status and optimize performance
ACCESS_WIFI_STATE: To detect WiFi availability and improve connection quality
WAKE_LOCK: To prevent device from sleeping during active gameplay
VIBRATE: For haptic feedback during gameplay (optional)
RECEIVE_BOOT_COMPLETED: To restore scheduled notifications after device restart
FOREGROUND_SERVICE: For background services like music playback
AD_ID: To access Google Advertising ID for personalized ads (you can opt-out in device settings)
ACCESS_COARSE_LOCATION (Optional): For region-specific content, localized ads, and anti-fraud measures. We only collect approximate location (city/region level). You can deny this permission.
ACCESS_FINE_LOCATION (Optional): Only requested if game features require precise location. You can deny this permission.
READ_EXTERNAL_STORAGE / WRITE_EXTERNAL_STORAGE (Optional, Android 12 and below): To cache game assets and save progress locally. Newer Android versions use scoped storage.
POST_NOTIFICATIONS (Android 13+): To send push notifications. You can deny or revoke this permission anytime.

iOS Permissions:

App Tracking Transparency (ATT): We request permission to track your activity across apps and websites for personalized advertising (iOS 14.5+). You can choose "Ask App Not to Track" or grant permission.
Notifications: We request permission to send push notifications for game updates, events, and promotions. This is optional and you can disable it anytime in iOS Settings.
Location Services (Optional): For region-specific content or features. We only collect approximate location. You can deny or choose "While Using the App."
Photo Library (Optional): Only if game features allow profile photo upload or sharing screenshots. You can deny this permission.
Camera (Optional): Only for games with AR features or avatar scanning. You can deny this permission.

How to Manage Permissions:

Android: Settings → Apps → [App Name] → Permissions
iOS: Settings → [App Name] → Toggle permissions on/off

Denying optional permissions may limit certain features but will not prevent you from using the core game functionality.

3.2 When We Share Your Information

Service Providers: We share data with vendors who perform services on our behalf (hosting, analytics, customer support, payment processing)
Advertising Partners: We share device identifiers and usage data with ad networks to serve personalized ads
Social Features: Your profile information, game progress, and activity may be visible to other players
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the new entity
Legal Requirements: We may disclose your information when required by law, to respond to legal processes, or to protect our rights and safety
With Your Consent: We may share your information with third parties when you have given us explicit consent to do so

Important: We do not sell your personal information to third parties for monetary consideration. However, under some privacy laws (such as CCPA), sharing data for targeted advertising may be considered a "sale." You have the right to opt-out of such sharing.

4. ADVERTISING AND BEHAVIORAL TARGETING

4.1 How We Use Advertising Data

We display advertisements in our free-to-play games to support our business. To provide relevant ads, we and our advertising partners may collect and use:

Advertising identifiers (IDFA for iOS, GAID for Android)
IP address and approximate location
Device information and operating system
In-app activity and interactions
Ad views and clicks

4.2 Personalized Advertising

We may use your information to deliver personalized (interest-based) advertising. This means ads are selected based on your interests, behavior, and demographic information. Our advertising partners use cookies, pixels, and SDKs to track your activity across apps and websites.

4.3 Opting Out of Personalized Ads

You can limit personalized advertising through the following methods:

iOS Devices:

iOS 14.5+: Go to Settings → Privacy → Tracking → Turn off "Allow Apps to Request to Track"
Older iOS: Go to Settings → Privacy → Advertising → Turn on "Limit Ad Tracking"

Android Devices:

Go to Settings → Google → Ads → Turn on "Opt out of Ads Personalization"
Or: Settings → Privacy → Ads → Delete Advertising ID

In-App Settings:

Some of our games may provide opt-out options in the game settings menu.

Note: Opting out does not mean you will see fewer ads, but the ads will be less relevant to your interests. Additionally, opt-outs are device-specific and must be set on each device you use.

5. INTERNATIONAL DATA TRANSFERS

What A Fun LLC operates globally, and your information may be transferred to, stored, and processed in countries outside of your country of residence. Your data may be transferred to and processed in:

Data Storage and Processing Locations:

United States: Our primary servers, headquarters, and main operations
Google Cloud Platform / Firebase: Data centers in United States, Europe (EU regions), and Asia-Pacific (depending on service optimization)
Third-Party Service Providers: Located in various countries including:
- United States (advertising, analytics, payment processing)
- European Union (GDPR-compliant data processing)
- Other countries where our service providers operate

Important: These countries may have data protection laws that differ from, and may be less protective than, those in your country of residence.

Safeguards for International Transfers:

When we transfer your personal data internationally, we implement appropriate safeguards to ensure your data remains protected:

For Transfers from the European Union / EEA:

Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses for transfers to countries outside the EEA
Adequacy Decisions: We rely on European Commission adequacy decisions where available (e.g., transfers to countries deemed to provide adequate protection)
Supplementary Measures: We implement additional technical and organizational measures (encryption, access controls, data minimization) to ensure GDPR-level protection
Data Processing Agreements (DPAs): We execute GDPR-compliant DPAs with all processors handling EU personal data

For Transfers from the United Kingdom:

UK International Data Transfer Agreement (IDTA): We use UK IDTA or UK Addendum to EU SCCs for transfers from the UK
UK Adequacy Regulations: We comply with UK adequacy regulations and ICO guidance

For Transfers from Other Jurisdictions:

Brazil (LGPD): Standard contractual clauses and adequacy assessments for international transfers
Canada (PIPEDA): Contractual safeguards ensuring comparable level of protection
Switzerland: Swiss-approved SCCs and adequacy mechanisms
South Korea (PIPA): Consent and contractual safeguards for overseas transfers
Other Countries: Appropriate contractual, technical, and organizational safeguards as required by local law

Your Rights Regarding International Transfers:

You have the right to:

Obtain information about the countries where your data is processed
Request a copy of the safeguards we use for international transfers (SCCs, DPAs, etc.)
Object to transfers in certain circumstances (subject to legal limitations)
Withdraw consent for transfers based on consent (where applicable)

To exercise these rights or obtain more information about our international data transfers, contact us at support@what-a-fun.com with "International Transfer Inquiry" in the subject line.

Third-Party Data Transfers:

Our third-party service providers (advertising networks, analytics providers, cloud services) may also transfer your data internationally. We require these providers to:

Implement appropriate safeguards for international transfers
Comply with applicable data protection laws
Use Standard Contractual Clauses or other approved mechanisms
Provide adequate security measures

Your Consent: By using our Services, you acknowledge and consent to the international transfer, storage, and processing of your information as described in this Privacy Policy, including to countries that may not provide the same level of data protection as your country of residence.

If you do not agree to these transfers, please do not use our Services.

6. DATA SECURITY

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

Encryption of data in transit using SSL/TLS protocols
Encryption of sensitive data at rest
Secure authentication and access controls
Regular security assessments and penetration testing
Firewall protection and intrusion detection systems
Employee training on data protection and security
Restricted access to personal data on a need-to-know basis

Important Security Notice: While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. Please notify us immediately of any unauthorized use of your account.

6.1 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Assess the Breach: Evaluate the nature, scope, and impact within 72 hours of discovery
Notify Authorities: Report to relevant data protection authorities as required by law (within 72 hours for GDPR, promptly for other jurisdictions)
Notify Affected Users: Inform you via email, in-app notification, or website notice if the breach poses a high risk to your rights and freedoms
Provide Information About:
- Nature of the breach and types of data affected
- Approximate number of affected users
- Consequences and potential risks
- Measures we have taken or will take to address the breach
- Steps you can take to protect yourself
- Contact information for further inquiries (support@what-a-fun.com)
Timeframe: We will notify you without undue delay, typically within 7 days of discovering the breach (or as required by applicable law)

What You Should Do If Notified:

Change your account password immediately
Enable two-factor authentication if available
Monitor your accounts for suspicious activity
Be cautious of phishing attempts or fraudulent communications
Review your account activity and transaction history
Contact us if you have questions or notice unusual activity

7. YOUR RIGHTS AND CHOICES

Depending on your location and applicable laws, you may have certain rights regarding your personal information:

7.1 Access and Portability

You have the right to request access to the personal information we hold about you and receive a copy in a structured, commonly used, and machine-readable format.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information. You can update some information directly in your account settings.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention, completing transactions).

7.4 Restriction and Objection

You have the right to object to or request restriction of certain processing of your personal information, including processing for direct marketing purposes.

7.5 Withdrawal of Consent

Where we process your data based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.

7.6 Marketing Communications

You can opt-out of marketing emails by:

Clicking the "unsubscribe" link in any marketing email
Adjusting preferences in your account settings
Contacting us at support@what-a-fun.com

7.7 Push Notifications

You can disable push notifications by:

Adjusting notification settings in your device settings
Managing preferences within the app settings

7.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@what-a-fun.com with the subject line "Privacy Rights Request." We will respond to your request within the timeframe required by applicable law (typically 30 days).

To protect your privacy and security, we may need to verify your identity before processing your request. We may request additional information such as:

Account email address or username
Recent purchase receipts
Device information
Answers to security questions

7.9 Right to Appeal

If we deny your privacy rights request, you have the right to appeal our decision.

How to Appeal:

Reply to our denial email with "Privacy Rights Appeal" in the subject line
Explain why you believe our decision was incorrect or provide additional supporting information
Include any documentation or evidence that supports your request
We will review your appeal and respond within 30-45 days (or as required by applicable law)

Appeal Review Process:

Your appeal will be reviewed by a different team member than the one who made the initial decision
We will consider all information provided and re-evaluate our decision
You will receive a detailed written response explaining our final decision
If your appeal is granted, we will process your original request promptly

If Your Appeal is Denied:

You may have additional options depending on your location:

California Residents: Contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov
Virginia Residents: Contact the Virginia Attorney General at oag.state.va.us
Colorado Residents: Contact the Colorado Attorney General at coag.gov
Connecticut Residents: Contact the Connecticut Attorney General
EU/EEA/UK Residents: Lodge a complaint with your local Data Protection Authority (see Section 7.10 below)
Other Jurisdictions: Contact your local consumer protection authority or data protection regulator

7.10 Right to Lodge a Complaint

If you are in the European Economic Area (EEA), UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

EU/EEA Data Protection Authorities:

Find your country's Data Protection Authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en

United Kingdom:

Information Commissioner's Office (ICO): ico.org.uk

Switzerland:

Federal Data Protection and Information Commissioner (FDPIC): edoeb.admin.ch

Other Jurisdictions: You may also have the right to lodge complaints with consumer protection agencies or privacy regulators in your jurisdiction.

8. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:

Active Accounts: Data retained while your account is active or as needed to provide Services
Inactive Accounts:
- Accounts inactive for 24 months will receive an email notice regarding potential deletion
- Data will be deleted or anonymized after 36 months of continuous inactivity
- You may request earlier deletion at any time by contacting us
Transaction Records: Retained for 7 years after the transaction date (required for tax, accounting, and legal compliance)
Customer Support Records: Retained for 3 years after the last interaction for quality assurance and dispute resolution
Marketing Data:
- Deleted within 30 days of unsubscribe request
- Email addresses retained for suppression list purposes only (to honor your opt-out)
Legal/Fraud Prevention Data: Retained as long as legally required or necessary to prevent fraud, typically 5-10 years depending on jurisdiction and circumstances
Account Deletion Requests: Processed and completed within 30 days of verified request (may take up to 90 days in complex cases)
Backup Systems: Data may persist in backup systems for up to 90 days after deletion from active systems, after which backups are overwritten
Analytics Data (Anonymized/Aggregated): May be retained indefinitely as it cannot identify you personally
Cookies and Tracking Data:
- Session cookies: Deleted when you close your browser
- Persistent cookies: Expire after 6-24 months depending on purpose
- Advertising identifiers: Retained until you reset or opt-out

Deletion Process: When we delete your personal information, we will:

Permanently erase it from our active databases
Remove it from backup systems during the next backup cycle
Anonymize or aggregate data where complete deletion is not feasible
Ensure third-party service providers delete data shared with them (where contractually required)

Exceptions: We may retain certain data beyond standard periods when:

Required by law (legal hold, subpoena, regulatory requirement)
Necessary to resolve disputes or enforce our Terms of Service
Essential for fraud prevention and security
You have provided explicit consent for extended retention

When we no longer need your personal information, we will securely delete or anonymize it in accordance with applicable laws and our data retention policies.

9. COOKIES AND TRACKING TECHNOLOGIES

We and our partners use cookies, web beacons, pixels, SDKs, and similar tracking technologies to collect and store information about your use of our Services.

9.1 Types of Technologies We Use:

Cookies: Small text files stored on your device to remember preferences and track usage
Web Beacons/Pixels: Small graphics used to track user actions and measure ad performance
Mobile SDKs: Code embedded in mobile apps to collect usage and device data
Local Storage: Technology to store data locally on your device
Session Storage: Temporary storage that is cleared when you close your browser or app

9.2 Purposes of Cookies:

Essential: Necessary for the Services to function (authentication, security, load balancing)
Functional: Remember your preferences and settings
Analytics: Understand how you use our Services and improve performance
Advertising: Deliver relevant ads and measure ad effectiveness
Social Media: Enable social sharing features

9.3 Managing Cookies:

You can control cookies through your browser settings:

Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

You can also opt-out of interest-based advertising by visiting:

Digital Advertising Alliance (DAA): http://www.aboutads.info/choices
European Interactive Digital Advertising Alliance (EDAA): http://www.youronlinechoices.eu
Network Advertising Initiative (NAI): https://www.networkadvertising.org/choices

Note: Disabling cookies may limit your ability to use certain features of our Services.

10. CHILDREN'S PRIVACY

We are committed to protecting the privacy of children. We comply with the Children's Online Privacy Protection Act (COPPA), the General Data Protection Regulation (GDPR), and other applicable children's privacy laws.

10.1 Age Requirements

General Services: Our Services are intended for users aged 13 and older (or the applicable age of digital consent in your jurisdiction)
Younger Users: We do not knowingly collect personal information from children under 13 without verifiable parental consent
Age-Gated Services: Some of our Services may have higher age requirements (e.g., 16+)

10.2 Verifiable Parental Consent (COPPA Compliance)

How We Obtain Parental Consent:

If we determine that a user is under 13 years old (or the applicable age of consent in their jurisdiction), we follow this process:

Account Restriction: The account is immediately placed in "Restricted Mode" with limited functionality
Parental Email Request: We ask the child to provide their parent or legal guardian's email address
Parent Notification: We send an email to the parent/guardian explaining:
- That their child has attempted to use our Services
- What personal information we collect from children
- How we use and share that information
- That parental consent is required
- How to provide or refuse consent
- How to review, delete, or request removal of their child's information
Consent Verification: Parents must verify their identity and provide consent using one of these methods:
- Email Consent + Credit Card Verification: Parent provides consent via email and we verify their identity with a small refundable charge (e.g., $0.30) to a credit or debit card
- Government ID Upload: Parent uploads a copy of government-issued ID (driver's license, passport) through a secure third-party verification service. ID is deleted after verification.
- Video Call Verification: Parent participates in a brief video call with our support team to verify identity
- Signed Consent Form: Parent signs and returns a consent form via mail, email, or fax with identity verification
Consent Processing: Once verified consent is received, we enable full account functionality within 2-3 business days

Restricted Mode for Users Under 13 Without Parental Consent:

Until parental consent is verified, accounts are in Restricted Mode with the following limitations:

❌ Social features disabled (no chat, messaging, friend requests, or user profiles)
❌ User-generated content disabled (cannot post comments, reviews, or share content)
❌ Behavioral/personalized advertising disabled (only contextual, age-appropriate ads shown)
❌ Third-party advertising and analytics SDKs that are not COPPA-compliant are blocked
❌ Personal information sharing with third parties is restricted (except essential service providers)
❌ Push notifications disabled (except essential service messages)
✅ Core gameplay features remain accessible with limited data collection
✅ Data collection limited to: device type, game progress (stored locally), crash reports (anonymized), and IP address (for regional content)

For Users Under 13 With Parental Consent:

Even with parental consent, we implement age-appropriate protections:

Limit data collection to what is reasonably necessary for participation in the Services
Disable or moderate social features with enhanced safety controls
Use contextual advertising instead of behavioral/interest-based advertising
Only use COPPA-compliant third-party services
Restrict data sharing to service providers who support internal operations
Apply enhanced content moderation and safety filters
Provide additional account security features

10.3 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided us with personal information, you have the right to:

Review your child's personal information
Request deletion of your child's personal information
Refuse further collection or use of your child's information
Provide or withdraw consent (where applicable)

To exercise these rights, please contact us at support@what-a-fun.com with "Parental Rights Request" in the subject line.

10.4 If We Discover Unauthorized Collection

If we discover that we have inadvertently collected personal information from a child under 13 without proper parental consent, we will:

Delete the information as soon as possible
Terminate or restrict the account
Implement additional safeguards to prevent future occurrences

11. SOCIAL FEATURES AND USER INTERACTIONS

Our Services may include social features that allow you to interact with other users:

11.1 Public Information

When you use social features, certain information may be publicly visible:

Username and profile photo
Game progress, scores, and achievements
In-game status and activity
User-generated content (messages, posts, comments)

11.2 User Conduct

When using communication features (chat, forums, messaging), you must not:

Engage in harassment, bullying, or threats
Use offensive, obscene, or discriminatory language
Share personal information of others without consent
Impersonate others or provide false information
Spam, advertise, or solicit other users
Violate intellectual property rights

11.3 Content Moderation

We reserve the right to monitor, review, and moderate user-generated content. We may use automated systems and manual review to detect and remove inappropriate content. Violations may result in:

Content removal
Account suspension or termination
Reporting to law enforcement (for illegal activities)

Important: Be cautious when sharing information in public areas. Once posted, your information may be seen by others and potentially copied or redistributed. We are not responsible for information you choose to make public.

12. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, apps, or services that are not owned or controlled by What A Fun LLC. This Privacy Policy does not apply to such third-party services.

We are not responsible for the privacy practices of third-party services. We strongly encourage you to review the privacy policies of any third-party services you access through our Services.

Third-party services include but are not limited to:

Social media platforms (Facebook, Twitter, Instagram)
Advertising networks
Analytics providers
Payment processors
External websites linked from our Services

13. INTELLECTUAL PROPERTY AND CONTENT DISCLAIMER

13.1 No Unauthorized Content

Our Services do not intentionally provide or host pirated, unauthorized, or copyright-infringing content. All content in our Services is either:

Owned by What A Fun LLC
Licensed from authorized third parties
Used under fair use or similar legal doctrines
User-generated and subject to our Terms of Service

13.2 User Responsibility

Users are solely responsible for:

Verifying they have the right to access content in their jurisdiction
Complying with all applicable laws and regulations
Respecting intellectual property rights

13.3 Copyright Infringement Notice

If you believe any content in our Services infringes your intellectual property rights, please contact us immediately at support@what-a-fun.com with:

Description of the copyrighted work
Location of the infringing material
Your contact information
A statement of good faith belief
A statement of accuracy under penalty of perjury
Your physical or electronic signature

We will investigate and remove infringing content promptly upon verification.

14. PAYMENTS, SUBSCRIPTIONS, AND REFUNDS

14.1 In-App Purchases

Our Services may offer in-app purchases, subscriptions, or virtual items. All transactions are processed through third-party payment platforms:

Google Play (Android)
Apple App Store (iOS)
PayPal
Other authorized payment processors

14.2 Payment Information

We do not directly collect or store your full payment card information. Payment details are collected and processed by the payment platform's secure payment system.

14.3 Subscriptions

Subscription-based services will automatically renew unless canceled before the renewal date. To cancel:

iOS: Settings → [Your Name] → Subscriptions
Android: Google Play Store → Menu → Subscriptions

14.4 Refunds

Refund requests must be submitted through the platform where you made the purchase:

Google Play: Subject to Google Play's refund policy
Apple App Store: Subject to Apple's refund policy

We do not process refunds directly. For assistance, contact support@what-a-fun.com

15. REGION-SPECIFIC DISCLOSURES

15.1 For California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know:

You have the right to request information about:

Categories of personal information collected
Categories of sources from which data is collected
Business or commercial purposes for collecting data
Categories of third parties with whom we share data
Specific pieces of personal information we hold about you

Right to Delete:

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale or Sharing ("Do Not Sell or Share My Personal Information"):

What We "Sell" or "Share" Under CCPA:

We do NOT sell your personal information for money. However, under CCPA/CPRA, sharing data with advertising partners for targeted advertising may be considered a "sale" or "sharing."

Categories of Personal Information Sold/Shared for Targeted Advertising:

Device Identifiers: Apple IDFA, Google Advertising ID (GAID), device IDs
IP Address and Approximate Location: IP address, city/region-level location
Usage Data: App interactions, gameplay activity, in-app events, session duration
Ad Interaction Data: Ad views, clicks, impressions, conversions
Inferences: Preferences and interests derived from your behavior

Categories of Third Parties Who Receive This Information:

Advertising networks and partners (Google AdMob, Meta Audience Network, Unity Ads, AppLovin, etc.)
Analytics service providers (Firebase Analytics, Google Analytics, Flurry)
Attribution and marketing platforms
Ad measurement and optimization services

How to Opt-Out of Sale/Sharing:

You can opt-out using any of these methods:

Device-Level Controls (Recommended):
- iOS 14.5+: Settings → Privacy & Security → Tracking → Disable "Allow Apps to Request to Track"
- Older iOS: Settings → Privacy → Advertising → Enable "Limit Ad Tracking"
- Android: Settings → Google → Ads → Enable "Opt out of Ads Personalization" OR Settings → Privacy → Ads → Delete Advertising ID
In-App Settings: Some of our games may include a "Do Not Sell My Info" or "Privacy Choices" option in the settings menu
Email Request: Send an email to support@what-a-fun.com with subject line "Do Not Sell or Share My Personal Information" and include:
- Your email address or account username
- Device type and OS version
- The specific app/game name

Effect of Opting Out:

You will still see ads, but they will be less relevant to your interests (contextual ads only)
Your opt-out is device-specific and must be set on each device you use
We will stop sharing your personal information for targeted advertising purposes going forward
We will process your email opt-out request within 15 business days

We Do NOT Sell or Share Personal Information of Minors Under 16:

We do not sell or share the personal information of consumers we know are under 16 years of age without affirmative authorization (or parental consent for children under 13).

Right to Correct:

You have the right to request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information:

You have the right to limit our use of sensitive personal information to purposes permitted by law.

Right to Non-Discrimination:

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Authorized Agents:

You may designate an authorized agent to make requests on your behalf. We may require written proof of authorization.

Verification:

To protect your privacy, we will verify your identity before processing CCPA/CPRA requests. We may request information such as your email address, account details, or recent purchases.

Shine the Light Law:

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. Contact us at support@what-a-fun.com with "California Shine the Light Request" in the subject line.

15.2 For European Economic Area (EEA), UK, and Swiss Residents (GDPR)

If you are in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

We process your personal data based on:

Contract Performance: To provide the Services you requested
Legitimate Interests: To improve our Services, prevent fraud, and ensure security
Consent: For personalized advertising and certain data processing (you may withdraw consent anytime)
Legal Obligations: To comply with applicable laws

Your GDPR Rights:

Right of access and data portability
Right to rectification
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

Data Controller:

What A Fun LLC is the data controller for your personal information.

Company Information:

Name: What A Fun LLC
Contact: support@what-a-fun.com

Data Protection Officer (DPO):

For GDPR-related inquiries, data protection concerns, or to exercise your GDPR rights, you may contact our Data Protection Officer:

Email: dpo@what-a-fun.com (or support@what-a-fun.com with subject "ATTN: Data Protection Officer")
Subject Line: Include "GDPR Request" or "Data Protection Inquiry" in your email

Our DPO will respond to your inquiry within 30 days (or as required by GDPR).

EU Representative:

If you are in the European Union and have concerns about how we handle your personal data, you may also contact:

EU Representative: We are currently evaluating the need for an EU representative under GDPR Article 27. If required, representative details will be updated here.
Alternative Contact: In the meantime, please contact our Data Protection Officer at the email above or your local Data Protection Authority

15.3 For Turkish Residents (KVKK)

Turkish residents have rights under the Law on Protection of Personal Data (KVKK):

Right to learn whether personal data is processed
Right to request information if processed
Right to learn the purpose of processing
Right to know third parties to whom data is transferred
Right to request correction of incomplete or inaccurate data
Right to request deletion or destruction of data
Right to request notification to third parties of corrections/deletions
Right to object to processing
Right to claim damages

15.4 For South Korean Residents (PIPA)

South Korean residents have rights under the Personal Information Protection Act (PIPA):

Right to access and copy personal information
Right to correct or delete personal information
Right to suspend processing of personal information
Right to file complaints with the Personal Information Protection Commission

15.5 For Brazilian Residents (LGPD)

Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD):

Confirmation of processing
Access to data
Correction of incomplete or inaccurate data
Anonymization, blocking, or deletion
Data portability
Information about public/private entities with which data is shared
Information about the possibility of denying consent
Revocation of consent

15.6 For Australian Residents

Australian residents are protected under the Privacy Act 1988 and have the right to access, correct, and request deletion of their personal information.

15.7 For Canadian Residents (PIPEDA)

Canadian residents have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and challenge compliance with PIPEDA.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Post the updated Privacy Policy on this page
Update the "Last Updated" date at the top of this Privacy Policy
Notify you through the Services (e.g., in-app notification, pop-up)
Send you an email notification (if we have your email address)
Obtain your consent if required by applicable law

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you must stop using the Services and may request deletion of your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

17. DO NOT TRACK SIGNALS

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, there is no industry standard for how to respond to DNT signals.

At this time, our Services do not respond to DNT signals or similar mechanisms. We will continue to monitor developments in DNT standards and may update our practices accordingly.

18. ACCOUNT DELETION

You have the right to delete your account and associated personal data at any time.

How to Delete Your Account:

Send an email to support@what-a-fun.com with the subject line "Account Deletion Request"
Include your account email/username and any relevant account details
We will verify your identity and process your request within 30 days

What Happens When You Delete Your Account:

Your account will be permanently deactivated
Your personal information will be deleted from our active databases
Your game progress, purchases, and virtual items will be lost
You will no longer receive communications from us

What We May Retain:

We may retain certain information as required or permitted by law, including:

Transaction records (for tax and accounting purposes)
Information necessary to resolve disputes or enforce agreements
Information required for fraud prevention and security
Aggregated or anonymized data that does not identify you
Backup copies (which will be deleted during our regular backup deletion cycle)

19. BUSINESS TRANSFERS

If What A Fun LLC is involved in a merger, acquisition, asset sale, bankruptcy, reorganization, or similar transaction, your personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

In such events, we will take reasonable steps to ensure the acquiring entity honors this Privacy Policy or provides you with notice and choice regarding any changes.

20. CONTACT US

What A Fun LLC
Email: support@what-a-fun.com

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us.

Types of Inquiries We Handle:

Privacy rights requests (access, deletion, correction)
Questions about data collection and use
Opt-out requests
Parental consent and children's privacy
Security concerns
Account deletion
General privacy questions

Response Time: We aim to respond to all inquiries within 30 days (or as required by applicable law).

21. CONSENT

By using our Services, you acknowledge that:

You have read and understood this Privacy Policy
You agree to the collection, use, and disclosure of your information as described herein
You are at least 13 years old (or the applicable age of consent in your jurisdiction)
If you are under 18, you have obtained parental or guardian consent to use the Services
You understand the risks associated with sharing information online
You agree to receive communications from us as described in this Privacy Policy

If you do not agree with this Privacy Policy, you must immediately stop using the Services and may request deletion of your data.

SUMMARY OF YOUR PRIVACY RIGHTS

You have the right to:

Access your personal data
Correct inaccurate data
Delete your data and account
Opt-out of marketing communications
Opt-out of personalized advertising
Restrict or object to data processing
Data portability
Withdraw consent
Lodge a complaint with supervisory authorities

To exercise your rights, contact us at: support@what-a-fun.com