Privacy Policy (2026 Global Full-Compliance Deep Enhanced Edition)

Effective date: 2026-05-13

This Privacy Policy is the 2026 global full-compliance deep enhanced edition of DogGameApp.com. It is designed for multi-region operations, including the European Union, United Kingdom, United States (including state-level differences), Brazil, China, India, Saudi Arabia, Canada, Japan, and other jurisdictions. It extends prior policy versions by adding:

Latest transparency obligations under the EU Digital Services Act (DSA).
US state-level privacy variance terms (California, Texas, Virginia, Colorado, Washington and others).
AI-generated content disclosure requirements (when relevant).
Detailed in-app purchase and ad-fraud enforcement architecture.
2026 global data sovereignty and app store policy adaptation updates.

Part I. Data Collection Granularity and Purpose

We strictly follow the principle of data minimization and necessity. We collect only data required for legitimate operation of IAA (in-app advertising), IAP (in-app purchase), service stability, anti-fraud, and experience optimization. We do not collect unrelated personal information.

1. Device fingerprint and identifiers

Identifiers may include IDFA (iOS), GAID (Android), OAID (for applicable Android ecosystems), encrypted unique device identifiers, and non-direct identifying technical tokens.
Technical environment fields may include brand, model, screen resolution, operating system version, language preference, battery status, and system clock offset used for anti-timezone cheating and cross-region pricing fraud detection.
All identifiers are processed with security controls and are not used to expose your real-world identity.

2. Network environment data

IP address for geo-compliance filtering, legal-region adaptation, and service routing stability (not for precise geolocation tracking).
Carrier/operator name, Wi-Fi connection status, and network class (e.g., 4G/5G/Wi-Fi) for diagnostics and regional compliance operations.

3. Behavioral telemetry (IAA and UX)

Advertising telemetry: ad impression ID, click timestamp, conversion chain metadata, rewarded video watch duration, completion/exit state, and ad dwell time. Purpose: ad performance optimization, fraud prevention, and required synchronization with monetization partners after minimization and pseudonymization.
Application logic telemetry: core loop trigger counts, paywall popup conversion ratio, onboarding drop-off checkpoints, and feature usage frequency. Purpose: interaction optimization, feature layout tuning, and usability improvement. We do not collect private user content from core app operations unless explicitly required and disclosed.

4. Financial transaction data (IAP)

We receive only official purchase receipts and verification signals through App Store and Google Play APIs.
We never directly process or store sensitive payment credentials such as bank card number, CVV, payment PIN, or expiration date.
Recorded order fields can include order ID, product name, quantity, settlement currency, settlement amount, country code, transaction timestamp, sandbox flag, and order status (success/fail/refund), solely for receipt validation, refund handling, reconciliation, and anti-fraud operations.

Supplement: all collected data is encrypted during transmission and storage. Access is restricted to authorized personnel under audited access logs.

2. Deep Third-Party Sharing Architecture (Data Mapping)

We share only necessary data under strict minimization, encrypted transmission, and controllable governance. No sensitive personal payment credentials are shared.

A. Mediation and monetization layer (RTB, fill-rate, yield optimization)

Typical integrated or supportable platforms may include (depending on product integration scope):

AppLovin MAX
Google AdMob
Unity LevelPlay / Unity Ads
ironSource
Meta Audience Network
Pangle (TikTok for Business ad stack where available)
Mintegral
Vungle / Liftoff Monetize
Chartboost
InMobi
Smaato
Fyber
Yandex Ads (region dependent)
Ogury
PubMatic
OpenX
Index Exchange
AdColony
Tapjoy

Shared fields are limited to pseudonymized device and ad event signals required for ad serving, bidding, anti-fraud, and performance reporting.

Typical ad inventory types under this policy include launch/splash ads, rewarded video ads, interstitial ads, and banner ads. Each ad type follows platform policy boundaries, legal disclosure requirements, and anti-fraud telemetry controls.

B. Attribution and anti-fraud (MMP)

AppsFlyer
Adjust
Singular
Kochava (if integrated)
Branch (if attribution scope applies)

Purpose: install attribution, anti-install-fraud checks, ad abuse detection, and campaign integrity verification. Shared data remains pseudonymized and limited.

C. Payment processors

Apple Inc. (App Store)
Google LLC (Google Play)

Purpose: process in-app purchases, verify receipt legitimacy, manage refunds and order lifecycle.

We execute confidentiality and data processing agreements with partners, define strict data scope and retention boundaries, and run periodic partner compliance checks. If a partner violates policy or law, we may suspend or terminate integration and seek legal remedies. Users may view major sharing categories and consent controls in app settings where applicable; disabling optional sharing may reduce ad personalization and certain service capabilities.

3. Region-Specific Legal Statements (2026)

EU (GDPR) and UK (UK GDPR)

Legal bases: contract performance, explicit consent, and legitimate interests (including anti-fraud and service optimization), consistent with GDPR/UK GDPR Article 6 requirements.
Representative contact placeholder: [Reserved for legal representative contact and registered address in EU/UK].
DSA transparency: we disclose ad delivery logic, recommendation logic, moderation standards, processing flow, and key third-party cooperation details through transparency disclosures and periodic reporting where required.
UGC scenario: if user-generated content is enabled, moderation procedures, complaint channels, and enforcement standards are publicly documented.
User rights: access, rectification, erasure, consent withdrawal, data portability, and complaint rights before EDPB-related channels or ICO in the UK.

United States (CCPA/CPRA/VCDPA and state-variance terms)

No sale commitment: we do not sell personal information to third parties.
Sharing disclosure: certain pseudonymized identifier sharing for advertising operations may be considered "sharing" under some laws; users can opt out where required.
Do Not Track / tracking preference respect: if device-level tracking restrictions are enabled, we reduce or stop behavioral tracking for personalization and retain only strictly necessary operational signals.

State-level adaptation highlights:

California (CPRA): right to know data categories, use and sharing in prior 12 months; deletion rights; opt-out rights for targeted advertising/sharing; response timeline target up to 45 days under legal standards.
Texas (state-variance adaptation): strengthened access transparency and no unreasonable barriers to rights exercise; sensitive data sharing limitations unless legal basis and required permissions are in place.
Virginia (VCDPA): rights to correction, deletion, and opt-out in defined processing contexts; responses within legally required timelines (for example, around 30-45 days depending on request and applicable law).
Colorado, Washington, and others: we adapt to evolving state privacy frameworks and update implementation details accordingly.

Brazil (LGPD)

Explicit notice and legal basis before personal data processing.
Rights support for access, correction, deletion, and consent withdrawal.
Designated compliance process for Brazilian data subject requests.
Cross-border transfer controls under ANPD-related legal requirements when applicable.

Other key regions

China: aligned with PIPL, Data Security Law, and cross-border data transfer regulations, including consent, localization controls where applicable, and lawful supervisory cooperation.
India: aligned with DPDP Act principles, consent boundaries, rights channels, and cross-border transfer controls under competent authority requirements.
Saudi Arabia: aligned with PDPL localization and lawful transfer restrictions.
Canada and Japan: aligned with PIPEDA and APPI requirements, including user rights support and regulator-cooperative audit posture.

4. Subscription Transparency Statement (Auto-Renewing Services)

If our app includes auto-renewing subscriptions, we enforce transparent communication and user control rights:

Collected subscription metadata is limited to cycle, trial status, active/expired/paused state, and renewal timing.
Before purchase: we clearly disclose cycle, price, trial length, renewal rules, and cancellation path.
Before renewal: reminder mechanisms are implemented according to platform capability and legal/store requirements (for example, around 24 hours before renewal where supported by system policy).
Users can cancel anytime via in-app subscription management entry or App Store/Google Play subscription center.
Trial terms are explicitly disclosed, including automatic conversion and cancellation effect boundaries.

5. AI-Generated Content Disclosure (When Applicable)

All AI-generated content is explicitly labeled as AI-generated where required.
AI output is controlled by policy, moderation, and safety filters to prevent illegal or harmful content categories.
AI output is an assistive capability and does not constitute professional, legal, medical, financial, or guaranteed advice.
Training and model governance avoid unauthorized use of sensitive personal data and follow lawful data sourcing principles.

6. Children and Age-Appropriate Protection

Our services are not intended for unlawful collection from children below applicable digital consent ages in each jurisdiction.
If a guardian believes a child provided personal data without valid consent, they may contact us for review and deletion.
Age-gating, content restrictions, and parental controls are implemented where required by law or store policy category.

7. Data Retention, Deletion, and Security

Retention follows legal necessity, transaction integrity, anti-fraud, and operational reliability standards.
When retention is no longer necessary, data is deleted or irreversibly anonymized.
Security controls include encrypted transport (e.g., HTTPS/TLS), encrypted storage (e.g., AES-256 where applicable), least-privilege access, operation logs, and periodic security testing.

8. User Rights and Request Channels

Rights can include access, correction, deletion, objection, restriction, portability, and withdrawal of consent (subject to applicable law).
Request channels: support@DogGameApp.com and tangruoxi@DogGameApp.com.
We respond within applicable regional timelines and may verify request identity for security and legal compliance.

9. Contact Information

Team Name: DogGameApp.com
Business Support: support@DogGameApp.com
Contact Email: tangruoxi@DogGameApp.com
Address: No. 1, Software Park Road, Quanzhou Software Park (Beifeng Campus), Beifeng Street, Fengze District, Quanzhou, Fujian Province, China.

10. Policy Update and Review Cycle

Due to continuous legal and platform changes, this policy may be updated. We recommend reviewing it regularly. A full compliance review is conducted at least every 6 months, including legal text updates, SDK and data-flow checks, store policy adaptation, and anti-fraud control optimization.

11. Cookies, SDK Storage, and Similar Technologies

We and our integrated SDK ecosystem may use cookies, local storage, secure key-value storage, and device-side identifiers to maintain session continuity, prevent abuse, and support monetization diagnostics under applicable law.

Strictly necessary technologies: required for basic app and service operations, security controls, and fraud detection.
Analytics technologies: used to understand crash, performance, and interaction quality trends in pseudonymized form.
Advertising technologies: used for ad delivery, frequency capping, conversion measurement, and anti-fraud controls, based on region-specific legal requirements.
Consent controls: where legally required (e.g., EU/EEA/UK), non-essential storage and tracking are activated only after valid consent signals.

12. International Data Transfer and Safeguards

Cross-border data transfer is performed only when there is a lawful mechanism and technical safeguard. Depending on region and scenario, safeguards may include adequacy decisions, standard contractual clauses, transfer impact assessments, regional storage routing, and encryption-based risk reduction.

Transfers are restricted to necessary scope and logged for governance review.
High-risk transfer routes may require additional controls, delayed activation, or regional isolation architecture.
If regulations change, transfer mechanisms are updated or suspended until compliance is revalidated.

13. Security Incident and Data Breach Response

We maintain internal incident detection, escalation, and remediation processes for suspected data security events.

Security alerts are triaged with severity levels and containment priority.
For incidents involving personal data, regulator and user notification obligations are followed according to applicable law.
Post-incident reviews include root-cause analysis, control reinforcement, and documented preventive actions.

14. Automated Processing and Profiling Notice

Some automated processing may be used for service integrity, fraud risk scoring, ad abuse detection, and system optimization. We do not use automated processing for unlawful discrimination.

Where legally required, users may request meaningful information about automated logic categories and impact.
Users may request human review for decisions that produce significant legal or similar effects, subject to applicable law.

15. Law Enforcement, Regulatory, and Legal Requests

We may disclose data only when required by law, court order, lawful regulatory request, or to protect legal rights, user safety, and service integrity.

Each request is reviewed for validity, scope necessity, and jurisdictional authority.
Where permitted, affected users may be notified before disclosure.
We reject overbroad or unlawful requests and seek clarification or legal remedy when appropriate.

16. Data Processing Legal Basis Matrix (Summary)

Contract Performance

Account access and core feature provisioning.
IAP receipt validation and entitlement delivery.
Service continuity and reliability operations.

Legitimate Interests

Fraud prevention and ecosystem abuse control.
Security hardening and operational risk management.
Performance diagnostics and product quality optimization.

Consent

Advertising personalization where legally required.
Optional analytics and non-essential tracking activation.
Region-specific permissions with explicit opt-in obligations.

Legal Obligation

Tax and accounting retention duties.
Regulatory response and lawful disclosure requirements.
Compliance audit and governance record keeping.

17. Data Subject Request Handling Procedure

To submit a data rights request, contact support@DogGameApp.com or tangruoxi@DogGameApp.com with request type and jurisdiction. We may require verification data to prevent unauthorized disclosure.

Request intake and case number assignment.
Identity and jurisdiction validation.
Legal basis and scope review.
Fulfillment, rejection with legal reasoning, or clarification request.
Closure notice and auditable record retention.