1) Scope and Roles

This Policy applies to all Optifun brands and apps. Optifun is the controller of personal information processed via the Services unless a product‑specific notice states otherwise. The product‑specific notices linked above form part of this Policy.

2) Information We Collect

A. Information you provide

• Contact details (e.g., email, phone), support requests, survey responses.
• Content you create or share in our apps (e.g., profile name, messages, avatars, challenge submissions).
• Contest data: entry forms and prize fulfillment details (see Contests Notice).
• Accounts with third‑party partners (e.g., platform sign‑in, payments) where their own privacy policies apply.

B. Information collected automatically

• Device and usage data: IP address, device/advertising IDs, OS, app version, language, crash logs.
• Engagement telemetry: sessions, screens viewed, clicks/taps, referrer, session duration, approximate location from IP.
• Gameplay/feature metrics to balance features and improve experience.

C. Information from others

• App stores (installs, purchases, refunds), analytics/attribution partners, anti‑fraud providers, and advertising partners.
• If you share to social platforms, they may provide engagement signals as allowed by their policies.

3) How We Use Information

• Provide & improve the Services: operate features, personalize content, maintain safety, debug, fix issues.
• Communications: service messages (updates, security); marketing or in‑app notifications where permitted.
• Analytics & research: A/B tests, performance measurement, feature development.
• Moderation & safety: detect/prevent fraud, abuse, or violations of Terms/contest rules.
• Advertising & measurement: deliver and measure content/ads, including interest‑based where allowed.
• Legal/compliance: meet legal obligations, enforce agreements, protect rights, and for corporate transactions.

We may create aggregated or de‑identified data that cannot reasonably be used to identify you and use it for any lawful purpose.

4) Cookies, SDKs & Similar Technologies

We and our partners use cookies, local storage, pixels, mobile SDKs, and crash/analytics tools (e.g., Firebase/Crashlytics, Google Analytics, Amplitude) to operate, secure, and improve the Services and, where allowed, to support advertising. You can refuse or delete cookies in your browser and reset/limit your device’s advertising ID. Some features may be limited if disabled.

5) How We Share Information

• Service providers (processors): hosting, analytics, customer support, anti‑fraud, payments, fulfillment.
• Affiliates within the Optifun group.
• Business/advertising partners (for joint promotions and interest‑based ads where permitted).
• Legal & safety: to comply with law or protect rights, safety, and security.
• Corporate events: merger, acquisition, financing, or sale of assets.

We do not sell personal information. Where required by law (e.g., certain U.S. states), some advertising practices may be considered “sharing” for cross‑context behavioral advertising — you can opt out (see Your Choices & Rights).

6) International Transfers

We may transfer, process, and store information in countries other than your own. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses).

7) Your Choices & Rights

8) Data Retention

We keep personal information as long as necessary to provide the Services, for the purposes described above, and to comply with legal requirements, resolve disputes, and enforce agreements. Retention periods vary by data type, product, and legal obligations.

9) Security

We use commercially reasonable safeguards to protect information. However, no method of transmission or storage is 100% secure.

10) Children’s Privacy

Our Services are not directed to children under 13 (or the minimum age required by local law). Some features or contests are restricted to 18+ (see product and contest notices). If we learn we collected information contrary to this section, we will delete it.

11) Third‑Party Links

Our Services may link to third‑party sites or services. Their practices are governed by their own policies.

12) Changes to this Policy

We may update this Policy. We will post the updated version with a new “Effective date” and, where required, provide additional notice.

Legal Bases for Processing (GDPR & PIPEDA) — Notice at Collection

This table summarizes what we collect, why we use it, and the legal basis (GDPR)/lawful grounds (PIPEDA). Where consent is required (e.g., non‑essential cookies/SDKs in the EU/UK), we only process after obtaining it.

Retention Schedule (How long we keep data)

We retain data only as long as needed for the purposes described, or as required by law. Approximate periods are below; actual periods may vary by jurisdiction and system configuration.

Data Protection Officer & EU/UK Representatives

DPO: [Full Name or Provider], dpo@optifun.app

EU Representative (GDPR Art. 27): [Company/Address], eu-rep@optifun.app

UK Representative: [Company/Address], uk-rep@optifun.app

How to Exercise Your Rights

• Submit a request: use our form at /privacy/requests or email privacy@optifun.app.
• Verification: we may ask for information to verify your identity (e.g., contact email, limited device info, or in‑app identifier). Authorized agents (e.g., under CCPA) must provide proof of authority.
• Response timelines: within 30 days under GDPR (extendable by 60 days for complex requests) or 45 days under CCPA/CPRA (extendable by 45 days).
• Appeals (where applicable): if your request is denied under certain U.S. state laws, you may appeal via the same form; instructions will be provided in our response.

Do Not Sell or Share My Personal Information (CCPA/CPRA)

We do not “sell” personal information. Some interest‑based advertising may be considered “sharing” under California law. You can opt out via the link below and we honor Global Privacy Control (GPC) signals in supported browsers.

Cookie & SDK Details (EU/UK Consent)

In the EU/UK, non‑essential cookies/SDKs require prior consent. Use the button below to adjust preferences anytime.

Children’s Data & Age Gates

Our Services are not directed to children under 13. Product‑specific age limits apply: DareTribe is not directed to users under 17; certain promotions/prizes are restricted to 18+. We use age‑gates and may request additional verification (e.g., for prize eligibility). If we learn we collected data contrary to these limits, we will delete it.

Security Measures & Breach Notifications

• Technical: TLS for data in transit; encryption at rest; key management; rate limiting and WAF; device/OS integrity checks where feasible.
• Organizational: role‑based access control (RBAC), least privilege/MFA for admin tools, vendor DPAs, employee training, secure SDLC, vulnerability management.
• Monitoring: logging, anomaly detection, periodic audits.
• Incident response: if a personal‑data breach occurs, we will assess impact and notify the relevant supervisory authority within 72 hours where required by GDPR, and affected users as required by law.

Sensitive Data & Automated Decision‑Making

We do not intentionally collect sensitive categories (e.g., health, biometric templates, precise geolocation) and we do not perform automated decision‑making that produces legal or similarly significant effects. Limited automated moderation/spam detection may be used to flag content for human review. Do not submit sensitive data in UGC; if you do, we treat it per this Policy and you may request deletion.

Policy History & Archives

This page is our current policy. Prior versions are available in our archive for reference. Material changes will be communicated as required by law.

• 2025‑10‑02: Added legal bases table, retention schedule, DPO/EU/UK reps, rights procedures, cookies/SDK details, security/breach, sensitive data, and archives.
• 2024‑01‑01: Initial publication.

13) Contact Us