The first is a “teamPlayerID” available through Microsoft Azure PlayFab. Each teamPlayerID is specific both to the user and to our Games. In other words, each user’s teamPlayerID for our Games is different not only from other users’ teamPlayerID for our Games but also from the user’s teamPlayerIDs for other developers’ games. The second is a universally unique identifier (a “URID”) that we randomly generate for each teamPlayerID.
Our use of these identifiers is designed intentionally in order to help reduce any privacy impact or security risk associated with gameplay.
We collect the following types of information from or about users:
We may share the above-identified types of user data with third parties as follows:
In addition, we may share Metrics and any other aggregated or de-identified user data that cannot reasonably be used to identify any user with our Service Providers and with our licensors, such as the professional sports leagues and players’ associations with whom we partner in order to offer certain content included in the Games.
In addition, we may share user data: (i) with our affiliates or any successor to all or part of our business; (ii) in order to comply with a subpoena, court order, or applicable law; and (iii) in order to protect the rights, property, or personal safety of users, us, or the public.
As used above, “Service Providers” means third parties who perform services (such as data storage and data analytics) on our behalf.
We take reasonable measures designed to protect user data from unauthorized access and against unlawful processing, accidental loss, destruction, and damage.
We will retain your user data for the duration of your use of or access to our Games. We may retain your user data for longer as necessary and relevant to our legitimate operations in accordance with applicable laws, such as to resolve any legal proceedings.
After an extended period of inactivity on the relevant Game (2 years for Infinite Victory), and if there are no other reasons why retaining your user data is necessary and relevant to our legitimate operations, we will delete your user data; however, we may create (using a one-way hash function) a fingerprint of that data that allows us, should you choose to reengage with our Games and enable this option, to recover your user data using data stored locally on your device. We will delete this fingerprint upon request.
You have choices with respect to how we collect and use your personal data.
In-Game Permissions: We obtain Permissions before: (i) generating Limited Identifiers that enable us to track your game progress; (ii) collecting and using Gameplay Data that specifically pertains to and enables online gameplay; (iii) collecting and using Gameplay Data that specifically pertains to and enables multiplayer gameplay; and (iv) collecting and using Metrics, which will help us improve our Games, but is not required for any features. You may decline to grant such Permissions, but doing so may result in the corresponding features (e.g., resumption of gameplay over time and across devices, online gameplay, multiplayer gameplay) not being available to you. You have the ability to review and adjust previously granted Permissions in the Games’ settings menus.
Local Settings: In addition to the user data stored by Bit Fry and our Service Providers, data relating to your gameplay will be stored on your local device. To turn off such storage or to delete such stored data, you must adjust settings on your local device. As a result, however, you may only be able to play in single-player offline mode, and without the ability to resume saved games.
California residents and European residents should also review the additional information applicable to them in the sections that follow.
The California Consumer Privacy Act (“CCPA”) generally gives California residents the rights to: (i) request that we disclose certain information to you about our collection, disclosure and sale of your personal information (“know/access”); (ii) request that we delete your personal information (“delete”); (iii) opt-out of the sale of your personal information (“opt-out of sale”); and (iv) not receive discriminatory treatment by a business for the exercise of your consumer privacy rights conferred by California law.
As described in additional detail above, under “Our Use of Microsoft Azure PlayFab Tools to Limit the User Data We Collect and Store,” our Games are designed intentionally in order to help reduce any privacy impact or security risk associated with gameplay. The user information we collect and use, described above under “Collection and Use of User Data,” is not reasonably capable of being associated with or linked to a particular consumer or householder, and thus does not constitute “personal information” within the meaning of the CCPA.
Thus, while you may, by visiting our Consumer Privacy Request Form located here, or sending an email to email@example.com to request the form, submit a request to know/access, delete or opt-out of sale, we do not collect or sell personal information within the meaning of the CCPA. Should you submit such a request, we may ask you for additional information in order to verify your identify before responding to such requests, but we will use such additional information only for purposes of such verification. We endeavor to respond to your request as soon as we can. If we are not able to respond to your request within 45 days, we will let you know that we may require additional time (up to 90 total days). You may also use an authorized agent to exercise your rights on your behalf. If you wish to use an authorized agent, we require that your authorized agent provides written proof to us that they are authorized to act on your behalf, and we may also require your authorized agent to verify their own identity.
While our focus is generally on the United States, insofar as we may from time to time process personal data of individuals in the European Union, Iceland, Liechtenstein, Norway, or the United Kingdom, which processing may be subject to the European Union’s General Data Protection Regulation (“GDPR”), please note the following:
We do not collect Metrics from users who are known to our Service Providers to be below the age of consent for data collection. We do collect and process other information from children in the same ways as for our user base as a whole. The design of the Games allows us to do so in compliance with laws applicable to children’s privacy.