Privacy Policy
Last Updated: December 19, 2024
Beijing Chaoshunxing Environmental Protection Technology Co., Ltd. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our mobile applications, games, and website (collectively, the "Services").
1. Introduction and Scope
This Privacy Policy applies to all users of our Services, including visitors to our website, players of our mobile games, and users of our mobile applications. By using our Services, you consent to the data practices described in this policy.
2. Global Developer Policy Compliance
We strictly adhere to the Google Play Developer Program Policies and the Apple App Store Review Guidelines. Our Services are designed to ensure safety and transparency for all users across these platforms.
3. Information We Collect
We collect various types of information to provide and improve our Services:
3.1 Personal Information
- Account Information: If you create an account, we may collect your email address, username, and password.
- Contact Information: When you contact us for support or inquiries, we collect your name, email address, and any other information you provide.
- Payment Information: For in-app purchases, we collect transaction details through secure third-party payment processors (Google Play, Apple App Store).
3.2 Non-Personal Information
- Device Information: Device model, OS version, unique device identifiers (e.g., IDFA, AAID), IP address, and network information.
- Usage Data: How you interact with our apps, including feature usage, gameplay patterns, session duration, and in-game progress.
- Location Data: Approximate location derived from IP address for regional customization (not precise GPS location unless explicitly requested).
- Technical Logs: Error reports, crash logs, and performance metrics to improve app stability and user experience.
4. How We Use Your Information
We use the collected information for the following purposes:
- To provide, maintain, and improve our Services
- To personalize user experience and content recommendations
- To process transactions and manage subscriptions
- To communicate with you about updates, promotions, and support
- To analyze usage patterns and optimize game balance
- To detect, prevent, and address technical issues and fraud
- To comply with legal obligations and regulatory requirements
- To conduct market research and business development
5. Legal Basis for Processing
Our legal basis for processing personal data varies depending on the context:
- Contract Performance: To fulfill our contractual obligations when you use our paid services
- Legitimate Interests: For business operations, fraud prevention, and service improvement
- Legal Compliance: To meet statutory and regulatory requirements
- Consent: For marketing communications and optional data collection features
6. AI and Automated Decision-Making
We utilize artificial intelligence and machine learning technologies to enhance our Services:
6.1 AI-Powered Features
- Personalized Recommendations: AI algorithms analyze your usage patterns to suggest relevant content and features
- Game Balance Optimization: Machine learning models adjust game difficulty and rewards based on player skill levels
- Fraud Detection: AI systems identify and prevent fraudulent activities and cheating behaviors
- User Segmentation: Automated clustering algorithms group users for targeted marketing and support
6.2 Your Rights Regarding Automated Decisions
You have the right to:
- Request human review of decisions made solely by automated means
- Obtain an explanation of the logic involved in automated decision-making
- Challenge decisions that significantly affect you
- Opt out of profiling for marketing purposes
To exercise these rights, contact us at support@chaoshunxing.com.
7. Data Sharing and Disclosure
We may share your information with the following categories of recipients:
7.1 Service Providers
We work with trusted third-party service providers who help us operate our business:
- Analytics Partners: Firebase, Mixpanel, Amplitude for usage analytics
- Advertising Partners: AdMob, Unity Ads, AppLovin, IronSource for monetization
- Cloud Infrastructure: AWS, Google Cloud for data storage and processing
- Customer Support: Zendesk or similar platforms for support ticket management
7.2 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
7.3 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request.
8. Third-Party Platforms and Ads
We work with various monetization and analytics partners, including but not limited to AdMob, Unity Ads, AppLovin, and Firebase. These partners may collect data as described in their own privacy policies to provide personalized advertising and analyze app performance.
You can control personalized advertising through your device settings or by visiting the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI) websites.
9. Third-Party SDKs and Services
Our mobile applications integrate various third-party Software Development Kits (SDKs) to provide essential functionality, analytics, and monetization services. Below is a comprehensive list of the SDKs we currently use:
| SDK/Service | Purpose | Data Collected | Privacy Policy Link |
|---|---|---|---|
| Google Play Services | App authentication, crash reporting, and core functionality | Device info, crash logs, usage data | Google Privacy Policy |
| Firebase Analytics | App usage analytics and performance monitoring | Session data, user behavior, device info | Firebase Privacy |
| Google AdMob | In-app advertising and monetization | Advertising ID, device info, ad interactions | Google Ads Policy |
| Unity Ads | Rewarded video ads and interstitial advertising | Advertising ID, device info, ad performance | Unity Privacy Policy |
| AppLovin | Programmatic advertising and mediation | Advertising ID, device info, bid requests | AppLovin Privacy |
| IronSource | Ad mediation and monetization optimization | Advertising ID, device info, ad requests | IronSource Privacy |
| RevenueCat | In-app purchase and subscription management | Purchase history, subscription status | RevenueCat Privacy |
| Mixpanel | Advanced user behavior analytics | User actions, funnel analysis, retention | Mixpanel Privacy |
| Amplitude | Product analytics and user journey tracking | Event tracking, user cohorts, conversion | Amplitude Privacy |
Note: You can opt out of personalized advertising by adjusting your device settings:
- iOS: Settings > Privacy & Security > Tracking (Limit Ad Tracking)
- Android: Settings > Google > Ads (Opt out of Ads Personalization)
10. International Data Transfers
Your information may be transferred to and processed in countries outside your country of residence, including China, the United States, and European Economic Area countries. We implement appropriate safeguards to protect your data during international transfers, including:
- Standard Contractual Clauses (SCCs) approved by relevant authorities
- Binding Corporate Rules (where applicable)
- Compliance with GDPR, CCPA, and other relevant data protection laws
When transferring data internationally, we ensure that adequate protection measures are in place and that your rights are maintained regardless of where your data is processed.
11. Data Security Measures
We implement industry-standard security measures to protect your information:
- Encryption: SSL/TLS encryption for data transmission, AES-256 encryption for sensitive data at rest
- Access Controls: Role-based access controls and multi-factor authentication for internal systems
- Regular Audits: Security assessments and penetration testing conducted quarterly
- Incident Response: Comprehensive incident response plan with 72-hour breach notification commitment
- Data Minimization: We only collect and retain data necessary for legitimate business purposes
12. Data Retention Periods
We retain your personal data only for as long as necessary:
- Account Data: Until account deletion or 24 months after last activity
- Transaction Records: 7 years for legal and tax compliance
- Usage Analytics: 24 months for product improvement purposes
- Support Communications: 36 months after case resolution
- Marketing Preferences: Until you withdraw consent or opt-out
- Backup Data: Up to 90 days after primary deletion for disaster recovery
13. Global Privacy Regulations (GDPR/CCPA)
We comply with global privacy laws, including:
- GDPR (EU): We provide data subjects with the right to access, rectify, or erase their personal data, restrict processing, object to processing, and data portability.
- CCPA (USA): We provide California residents with specific rights regarding their personal information, including the right to know, delete, and opt-out of sale.
- Other Jurisdictions: We comply with applicable data protection laws in all jurisdictions where we operate.
14. Your Rights & Data Deletion Request
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we update or correct inaccurate data.
- Deletion: Request that we delete your personal data.
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Request transfer of your data to another service provider.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent for marketing communications.
Data Deletion Request Process
To exercise your right to data deletion or any other rights, please follow this process:
- Contact us: Send an email to support@chaoshunxing.com with the subject line "Data Deletion Request"
- Verification: We will verify your identity within 3 business days to prevent unauthorized access
- Processing: Once verified, we will delete your personal data from our active systems within 30 days
- Backup removal: Data will be removed from backups within 90 days
- Confirmation: We will provide written confirmation of deletion completion
- Legal exceptions: Minimal records may be retained for legal compliance (transaction records, fraud prevention)
Response Time: We commit to responding to all data subject requests within 30 days of verification.
15. Cookie and Tracking Technologies
15.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Required |
|---|---|---|---|
| Essential Cookies | Required for basic website functionality (session management, security) | Session | Yes |
| Performance Cookies | Collect anonymous usage data to improve website performance | 2 years | No |
| Functional Cookies | Remember preferences and settings | 1 year | No |
| Targeting Cookies | Used for advertising and marketing purposes | 13 months | No |
| Analytics Cookies | Track user behavior and site performance (Google Analytics) | 26 months | No |
15.2 Cookie Management
You can manage cookie preferences through:
- Your browser settings (most browsers allow you to block or delete cookies)
- Our cookie consent banner on the website
- Emailing us at support@chaoshunxing.com to opt out
Note: Disabling essential cookies may affect website functionality.
16. Children's Privacy
Our Services are designed for a general audience. We do not knowingly collect personal data from children under the age of 13 (or the relevant age in your jurisdiction) without parental consent, in accordance with COPPA and other global standards.
If we become aware that we have collected personal information from a child without proper parental consent, we will take steps to delete that information promptly.
17. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify users of material changes through:
- Email notifications to registered users
- In-app notifications for active users
- Posting the updated policy on our website with a revised "Last Updated" date
Your continued use of our Services after such changes constitutes acceptance of the updated policy.
18. Device-Level Privacy Controls
We respect and support device-level privacy controls provided by major platforms:
18.1 iOS Privacy Features
- App Tracking Transparency (ATT): We comply with Apple's ATT framework and only track users who explicitly grant permission
- Privacy Nutrition Labels: Our App Store listings include detailed privacy information as required by Apple
- Approximate Location: We use approximate location when precise location is not essential for functionality
- Photo Library Access: We request photo library access only when necessary for specific features
18.2 Android Privacy Features
- Google Play Data Safety: We provide comprehensive data safety information in our Google Play listings
- Runtime Permissions: We request permissions only when needed and explain why they are required
- Background Location: We do not collect location data in the background unless essential for core functionality
- Data Deletion: We support Android's data deletion requirements for user-requested data removal
18.3 Cross-Platform Privacy Settings
Users can manage privacy preferences through:
- Device settings (Location, Camera, Microphone, Photos permissions)
- Advertising ID reset and opt-out options
- In-app privacy dashboards where available
- Email requests to our support team
19. Data Protection Impact Assessment (DPIA)
We conduct regular Data Protection Impact Assessments for high-risk processing activities:
19.1 Assessment Criteria
We evaluate processing activities based on:
- Scale and scope of data processing
- Sensitivity of personal data involved
- Potential impact on data subjects' rights
- Use of new or innovative technologies
- Cross-border data transfers
19.2 Mitigation Measures
When risks are identified, we implement appropriate safeguards:
| Risk Category | Mitigation Measure | Implementation Status |
|---|---|---|
| Data Breach | Encryption, access controls, incident response plan | Implemented |
| Unauthorized Access | Multi-factor authentication, role-based access | Implemented |
| Cross-border Transfer | Standard Contractual Clauses, data minimization | Implemented |
| Automated Decision-Making | Human oversight, appeal mechanisms | Implemented |
| Third-party Processing | Data processing agreements, vendor assessments | Implemented |
20. Data Processing Appendix
This appendix provides additional details about our data processing activities:
20.1 Data Processing Locations
- Primary Processing: Beijing, China (our headquarters)
- Cloud Infrastructure: AWS (US East, EU Central), Google Cloud (Asia Pacific)
- Analytics Processing: United States (Firebase, Mixpanel, Amplitude servers)
- Ad Network Processing: Global (AdMob, Unity Ads, AppLovin, IronSource)
20.2 Sub-processors
We maintain an up-to-date list of sub-processors on our website. Current sub-processors include:
- Amazon Web Services (AWS) - Cloud Infrastructure
- Google Cloud Platform - Data Storage and Analytics
- Firebase - Mobile Backend and Analytics
- Mixpanel - Advanced Analytics
- Amplitude - Product Analytics
- RevenueCat - Subscription Management
- Zendesk - Customer Support
- Google AdMob - Advertising
- Unity Ads - Gaming Advertising
- AppLovin - Programmatic Advertising
- IronSource - Ad Mediation
We will notify customers of any new sub-processors with 30 days' notice.
20.3 Data Subject Request Handling
Our Data Protection Officer oversees all data subject requests:
- Response Time: Within 30 days of verification
- Verification Process: Identity confirmation via email and account details
- Appeal Process: Users may appeal decisions to our DPO
- Documentation: All requests and responses are logged for compliance
21. Contact Us
For any questions regarding this Privacy Policy, please contact us at:
- Email: support@chaoshunxing.com
- Business Inquiries: liuchao@chaoshunxing.com
- Address: Four Units, First and Second Floors of Building 1, No. 1 Shahe Station Road, Miyun Town, Miyun District, Beijing, China
- Phone: +86 010-12345678
- D-U-N-S Number: 702096564
For EU residents, our designated representative for GDPR matters can be contacted at the same email addresses above.