PRIVACY POLICY
Last
Updated: October 16, 2025
Effective
Date: October 16, 2025
1.
INTRODUCTION & SCOPE
ArcanePlay ("Company," "we," "us," or "our") is committed to protecting your
privacy through transparent data practices. This Privacy Policy ("Policy")
governs all personal information collection, usage, storage, sharing, and
protection activities across our:
• Official websites and mobile applications
• Game distribution and publishing platform
• Independent developer games hosted on our platform ("Developer Games")
• User account systems and social features
• Customer support and marketing communications
By accessing, registering for, or using any of our services, you confirm that you
have read, understood, and consent to all data practices described in this Policy.
If you do not agree with any aspect of this Policy, you must immediately discontinue
use of all services.
2.
COMPREHENSIVE DATA COLLECTION
2.1
User-Provided Information
• Identity Verification: Full legal name, government-issued ID (driver's
license, passport) when required for age verification or compliance
• Contact Information: Verified email address, primary telephone number,
physical residence address
• Account Credentials: Unique username, encrypted password, profile photo,
security questions
• Demographic Data: Verified date of birth, gender identification, geographical
location, preferred language
• Financial Information: Credit/debit card details, billing address, transaction
history, payment method preferences
• User Content: In-game messages, social posts, player communications, uploaded
media
2.2
Automated Data Collection
• Device Identification: IP address, device model, operating system version,
unique device identifiers, hardware specifications
• Usage Analytics: Gameplay duration, feature interaction patterns, session
frequency, progression metrics, achievement data
• Technical Performance: Crash reports, error logs, system performance metrics,
network latency data
• Location Data: GPS coordinates (when enabled), IP-based location estimation,
regional settings
2.3
Third-Party Sourced Information
• Social Media Integration: Profile information, friend lists, connection data
from Facebook, Google, Apple, and other integrated services
• Service Provider Data: Fraud detection analysis, marketing analytics, customer
verification information
• Advertising Networks: Campaign performance metrics, user engagement
statistics, attribution analysis
• Payment Processors: Transaction validation, chargeback monitoring, payment
method verification
2.4
Sensitive Information Handling
• Biometric Data: Facial recognition or fingerprint data only when required for
enhanced security verification
• Government Identification: Passport numbers, driver's license details
collected solely for mandatory age or identity verification
• Financial Account Information: Bank account numbers collected only for
verified payout processing
3.
DATA PROCESSING PURPOSES
3.1
Core Service Operations
• User account creation, authentication, and ongoing maintenance
• Secure payment processing and financial transaction execution
• Multiplayer matchmaking, leaderboard management, and social feature
operation
• Comprehensive customer support service delivery
3.2
Service Enhancement & Development
• Gameplay optimization through detailed usage pattern analysis
• New feature development based on comprehensive user behavior analytics
• Quality assurance testing and continuous performance monitoring
• Player experience personalization and difficulty adjustment
3.3
Security & Compliance
• Advanced fraud prevention monitoring and security breach investigation
• Anti-cheating measures and fair play enforcement
• Terms of Service enforcement and policy violation detection
• Legal and regulatory compliance including tax reporting
3.4
Marketing & Communication
• Service announcements and policy updates
• Targeted promotional communications (with opt-out mechanisms)
• Personalized advertising and content recommendations
• User satisfaction surveys and market research
4.
DATA SHARING & DISCLOSURE PROTOCOLS
4.1
Authorized Service Providers
• Cloud Infrastructure: AWS, Google Cloud Platform, Microsoft Azure
• Payment Processing: Stripe, PayPal, Apple App Store, Google Play Billing
• Analytics & Marketing: Google Analytics, AppsFlyer, Adjust, Facebook
Analytics
• Customer Support: Zendesk, Intercom, Freshdesk
4.2
Legal Requirements & Compliance
• Court order compliance and subpoena responses
• Government agency information requests and regulatory investigations
• Tax authority reporting and financial compliance
• Law enforcement cooperation within legal boundaries
4.3
Business Transactions
• Mergers, acquisitions, or substantial asset transfer scenarios
• Corporate restructuring or business dissolution events
• Due diligence processes for potential investors and partners
4.4
Rights Protection
• Terms of Service violation investigations
• Fraud prevention and security incident response
• User safety protection and illegal activity prevention
5.
DATA SECURITY MEASURES
We implement comprehensive security protocols including:
• Transport Layer Security (TLS) 1.3 encryption for data in transit
• Advanced Encryption Standard (AES-256) for data at rest
• Multi-factor authentication systems and biometric verification
• Role-based access control frameworks with principle of least privilege
• Regular security vulnerability assessments and penetration testing
• SOC 2 Type II compliant data storage infrastructure
• Continuous security monitoring and incident response protocols
6.
DATA RETENTION FRAMEWORK
6.1
Retention Periods
• Active Account Data: 36 months from last user activity
• Financial Transaction Records: 84 months for tax and compliance purposes
• Customer Support Communications: 24 months from ticket resolution
• Marketing Opt-Out Requests: Permanent retention until revocation
• Deleted Account Data: Permanent deletion within 90 days of account closure
6.2
Data Disposal
• Secure deletion protocols for all retired data
• Physical media destruction for archived records
• Third-party compliance verification for data disposal
7.
USER RIGHTS & CONTROL MECHANISMS
7.1
Universal Rights
• Access and portability of personal data in machine-readable formats
• Correction and updating of inaccurate or incomplete information
• Account deletion and comprehensive data erasure
• Processing restriction and objection rights
7.2
Regional Specific Rights
• California Residents (CCPA/CPRA): Right to know, delete, opt-out of
sales/sharing, and non-discrimination
• European Residents (GDPR): Rights to portability, restriction, objection, and
consent withdrawal
• Canadian Residents (PIPEDA): Right to challenge compliance and file with
privacy commissioner
7.3
Exercise Procedures
• Request submission through dedicated privacy portal or support email
• Identity verification requirements matching request sensitivity
• 45-day maximum response timeframe for all requests
• No fee for standard requests (excessive requests may incur fees)
8.
CHILDREN'S PRIVACY PROTECTION
8.1
Age Restrictions
• Services strictly limited to users 18 years and older
• Age verification during registration through multiple methods
• Immediate investigation of suspected underage usage
8.2
Minor Data Handling
• Proactive screening for underage user registration
• Immediate deletion of discovered minor data without notification
• Parent/guardian reporting mechanisms for accidental collection
9.
INTERNATIONAL DATA TRANSFERS
9.1
Transfer Mechanisms
• Data may be transferred to and stored in the United States and other
jurisdictions
• EU Standard Contractual Clauses for European data transfers
• Adequacy decisions compliance for other international transfers
• Supplementary measures for jurisdictions with differing privacy standards
10.
THIRD-PARTY SERVICES & INTEGRATIONS
10.1
External Platforms
• Our services may integrate with third-party websites, applications, or
services
• This Privacy Policy does not apply to third-party platforms
• Users should review third-party privacy policies separately
• We are not responsible for third-party data practices
11.
POLICY UPDATE PROCEDURES
11.1
Modification Protocol
• We reserve the right to modify this Policy to reflect changing
requirements
• Material changes communicated through multiple channels
• 30-day advance notice for significant modifications
• Continued use after changes constitutes acceptance
11.2
Notification Methods
• In-service notifications and prominent website banners
• Direct email communications to registered accounts
• Public posting on official channels with version history
12.
CONTACT & SUPPORT
For privacy-related inquiries, complaints, or rights exercise:
• Email:
[email protected]
• Response Timeline: 2-3 business days for acknowledgment
• Verification Requirements: Identity confirmation for security-sensitive
requests
• Escalation Path: Privacy Officer review available upon request
