Privacy Policy

Effective date: 28 September 2025
Last updated: 29 September 2025

1) Who we are (Data Controller)

Quantum Star Games (“Quantum Star”, “we”, “our”, “us”) provides mobile games, websites, and related services (the “Services”).

• Data Controller: Quantum Star Games (individual developer)
• Privacy contact: tianuniverse2025@gmail.com
• Postal address: tianuniverse2025@gmail.com
• EU/UK Representative (if required): Not applicable
• Data Protection Officer (DPO): Not appointed under GDPR Art. 37. Contact: tianuniverse2025@gmail.com

2) What data we collect

• Account & Profile: display name, player ID, linked social IDs you choose to connect.
• Contact: email/support messages/feedback.
• Purchases: in-app purchase receipts/tokens (no full card numbers).
• Device & Technical: device model/OS, app version, IP, diagnostics/crash logs.
• Identifiers & Online Activity: ad IDs (IDFA/GAID), in-app events/telemetry, session data, approximate location (from IP).
• UGC/Comms: chat/messages you send, avatars/screenshots you upload.
• Marketing Preferences: email/push/ad-personalization choices.

We may receive limited data from platforms and integrated partners consistent with your device settings and law.

3) Why we use data (Purposes & legal bases)

Provide/operate Services; transactions & fraud prevention; analytics & improvement; advertising & measurement (personalized only where permitted/consented); service communications; compliance & safety. (GDPR bases include contract, legitimate interests, consent, and legal obligation as applicable.)

4) Do we “sell” or “share” personal information?

We do not sell your personal information for money. Some ad/measurement integrations may constitute “sharing” for cross-context behavioral advertising under California law. Where required, we provide controls to opt out of sale/share and targeted advertising. “Sell” and “share” have specific statutory meanings under CPRA.

5) Cookies, SDKs & similar technologies

We and partners use cookies/mobile SDKs for authentication, security, analytics, and ads. Access to advertising identifiers/tracking across apps obeys your device settings and applicable permissions.

6) Children’s privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we learn we have collected such data, we will delete it.

7) How we disclose information

We disclose data to: service providers (hosting, analytics, anti-fraud, support), advertising/mediation partners (as permitted by your settings/consent), platform stores (entitlement processing), legal/compliance, and in business transfers. Recipients must protect data and use it per our instructions and law.

8) International transfers

Where we transfer data internationally, we use appropriate safeguards (e.g., standard contractual clauses and supplementary measures) to help ensure an adequate level of protection.

9) Retention

We keep personal information only as long as necessary for the purposes above or as required by law, then delete or anonymize it.

10) Your rights & choices (by region)

A. EU/UK (GDPR)

You may access, rectify, erase, restrict, object (including to profiling for direct marketing), port, and withdraw consent where processing is based on consent. You can complain to a supervisory authority. We provide required Art. 13/14 information at or before collection (controller identity, purposes/bases, recipients, retention, transfers, etc.).

B. California (CCPA/CPRA) — Your rights & how to exercise them

1. Right to know (collection, use, disclosure): request categories and specific pieces of personal information collected; sources; business/commercial purposes; and categories of third parties to whom we disclosed it.
2. Right to know whether we “sold” or “shared” personal information: we will provide separate lists of categories sold/shared and categories disclosed for a business purpose for the preceding 12 months (or state none if not applicable).
3. Right to opt out of “sale” or “sharing”: you can direct us to stop selling or sharing at any time. We provide a “Do Not Sell or Share My Personal Information” option and honor user-enabled opt-out preference signals (e.g., Global Privacy Control).
4. Right to delete, correct, and to limit use/disclosure of sensitive personal information (where applicable), and non-discrimination for exercising rights.
5. Authorized agents & verification: you may use an authorized agent; we may require proof of authorization and reasonable verification. We respond within the statutory timeframes.

How to exercise your California rights:

• Email us at tianuniverse2025@gmail.com (subject line: “Privacy Request”).
• We also honor Global Privacy Control (GPC) signals where technically feasible and extend your opt-out across browsers/devices we can reasonably associate with you.

Disclosures for the preceding 12 months (CPRA look-back)

• Sale of personal information: We do not sell personal information.
• Sharing for cross-context behavioral advertising: Subject to your choices, we may have shared:
  • Identifiers (e.g., advertising IDs, IP address)
  • Internet/Network Activity (e.g., in-app events, page views)
  • Approximate geolocation (derived from IP)
  You can opt out at any time via the contact above or by enabling GPC.

Required links & notices: We maintain a clear and conspicuous “Do Not Sell or Share My Personal Information” option on our internet homepages (and in-app settings) that either immediately effectuates your opt-out or takes you to a notice page where you can make that choice.

C. Virginia (VCDPA)

Virginia residents may access, correct, delete, port, and opt out of targeted advertising, sale, and profiling with legal or similarly significant effects. Appeals: if we deny your request, you may appeal by replying to our response or emailing tianuniverse2025@gmail.com; we will respond within the statutory period and include how to contact the Virginia Attorney General if your appeal is denied.

D. Brazil (LGPD)

Brazilian users have the rights in LGPD Art. 18 (confirmation, access, correction, anonymization/blocking/deletion, portability, information about sharing, consent withdrawal, review of automated decisions).

11) Security

We implement technical and organizational measures (e.g., encryption in transit, access controls, auditing). No system is perfectly secure; keep credentials confidential and notify us of suspected unauthorized access.

12) Changes to this Policy

We may update this Policy for operational/legal reasons. We will update the Effective date and, where required, provide additional notice or request consent.

13) Contact us

Privacy email: tianuniverse2025@gmail.com
Postal address: tianuniverse2025@gmail.com

Annex A — CPRA Category Tables (illustrative)

• Categories collected: Identifiers; Internet/Network Activity; Approximate Geolocation; Commercial Information (IAP receipts); Device/Technical; In-app Communications/UGC (where applicable).
• Categories disclosed for business purposes (service providers/platforms): Identifiers; Device/Technical; Internet/Network Activity; Commercial Information.
• Categories “shared” for cross-context behavioral advertising (subject to opt-out): Identifiers; Internet/Network Activity; Approximate Geolocation.
• Sale of personal information: We do not sell personal information.
• How we honor opt-outs: via the “Do Not Sell or Share” option, in-app toggle, and GPC signals.