SPIRALBURST STUDIO
PRIVACY POLICY

Last Modified on March 29, 2023

Please read this privacy policy carefully, as it contains important information on who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities if you have a complaint.Please read this privacy policy carefully, as it contains important information on who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities if you have a complaint.

1. Who we are

Spiralburst Studio, LLC (“Spiralburst,” “We,” or “Us”) collects, uses, and is responsible for certain personal information about you, as part of our games and their related websites:

• “Hexicon: Strategy Word Game” and its related website https://hexiconapp.com,
• “Maracaibo Digital” and its related website https://maracaiboapp.com,
• “Honeycomb: Word Puzzle” and its related website https://honeycomb.goodgameshelf.com,
• “Crop Squares”,

and our other websites:

• Spiralburst Studio company website located at https://spiralburst.com,
• Good Game Shelf located at https://goodgameshelf.com

all of which collectively are the “Service”.

For those in the European Union, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as controller of that personal information for the purposes of those laws.

2. The Personal Information we collect and use

In providing the Service, we collect the following personal information either automatically or when you voluntarily provide it to us. The personal information we collect varies with each product of the Service:

1. Honeycomb: Word Puzzle
   1. Your email address is collected when you contact us about a Service-related issue or send feedback. The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   2. Certain technical information about your device and other information, such as your device operating system and device model, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
2. Maracaibo Digital
   1. Your email address is collected when you sign up for our newsletter. The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   2. Certain technical information about your device and other information, such as your IP Address, device operating system, and device model, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
3. Crop Squares
   1. Your email address is collected when you contact us about a Service-related issue or fill out a survey or send feedback. The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   2. Certain technical information about your device and other information, such as your IP Address, device operating system, and device model, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
4. Hexicon: Strategy Word Game
   1. Your screen name and email address are collected when you sign up for an account on the Service, or connect a Google, Facebook, or other sign-in account with the Service (your “Account Information”). Creating an account is required to play certain games on the Service. The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   2. Your device’s push notification token is collected when you install Hexicon: Strategy Word Game on your device (your “Token”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   3. Certain technical information about your device and other information, such as your IP Address, device operating system, and device model, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   4. Your unique Advertising ID (if you are using an Android device) or your IDFA Advertising Identifier (if you are using an iOS device) for advertising purposes (your “Advertising Information”). The legal basis for collecting this information is our legitimate interest, under GDPR Art. 6 (1) (f).
5. Good Game Shelf
   1. Certain technical information about your device and other information, such as your IP Address and device operating system, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   2. Your email address is collected when you sign up for our newsletter. The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
6. Spiralburst Company Website
   1. Certain technical information about your device and other information, such as your IP Address and device operating system, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
   2. Your email address (and possibly name) are collected when you sign up for our newsletter, contact us about a Service-related issue or support ticket, fill out a survey or send feedback, or enter a contest or sweepstakes on the Service (your “Contact Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).

3. How we use your Personal Information

We use your personal information as follows:

1. Newsletters: Spiralburst may use your Contact Information to send you commercial or marketing messages, including newsletters and email communications about our products or services.
2. Technical Support: Spiralburst may use your Contact Information, Account Information, Technical Information, and any other voluntary information you provide us about your device or yourself, as needed, to provide you with technical support for the Service.
3. Contests, Surveys, and Feedback: Spiralburst may offer you the chance to participate in contests, surveys, and other Service feedback. We may use your Contact Information to receive and process any contests, surveys, and feedback that you and other users choose to participate in, in order to improve the Service.
4. Push Notifications: We use your Token to send you updates about the Service through push notifications to your device. This applies only to Hexicon: Strategy Word Game.
5. Analytics and Service Improvements: We use certain Technical Information and Account Information to collect and analyze gameplay and user data, and to generate error reports, in order to improve the Service.

4. Who we share your Personal Information with

We share your Personal Information with certain third parties as part of our operation of the Service. This data sharing enables us to provide you with the Service in the optimal way.

Some of these third-party recipients may be based outside the European Economic Area — for further information, including how we safeguard your personal data when this occurs, see their individual privacy policies linked where applicable and Section 9 entitled “Transfer of your Information out of the EEA,” below.

We share your Personal Information with the following third parties:

1. Newsletters: We use Mailchimp and Email Octopus to manage our newsletter mailing lists. We share your Contact Information with them for these purposes. You can view Mailchimp's privacy policy and Email Octopus’s privacy policy.
2. Analytics and Troubleshooting: We use multiple service providers to improve the Service through analyzing usage data, as well as detecting errors and other issues on the Service. These service providers include:
   
   
   1. Google Analytics: We use Google Analytics to gather and pool certain information with other users’ information, for the purposes of improving the Service, such as tracking the total number of users or visitors to the Service, their aggregate activities on the Service, and tracking the sites that refer visitors to the Service. Google anonymizes this information. You can view the Google privacy policy here. This applies only to websites of the Service.
   2. Sentry: We use Sentry for detecting and fixing errors on the Service. Certain Technical Information may be shared with Sentry for these purposes. You can view their Privacy Policy here.
   3. Amplitude: We use Amplitude to analyze user behavior and improve the Service. Your IP Address (except for Honeycomb: Word Puzzle) and a unique User ID will be shared with Amplitude for these purposes. You can view their Privacy Policy here.
   4. Firebase: We use Google’s Firebase service to analyze user behavior and improve the Service. Your unique User ID and your Account Information will be shared with Google for these purposes. You can view the Google privacy policy here. This applies only to Hexicon: Strategy Word Game
3. Advertisements: If you use a part of the Service that features advertisements, we use Google Admob to display ads on the Service that are relevant to your interests. Your Advertising Information is used by Google in order to personalize these advertisements. You can view the Google privacy policy here. Please see Section 8 entitled “Mobile Advertising Opt-Out” below on how you can opt out of receiving targeted ads through the Service. This applies only to Hexicon: Strategy Word Game
4. Other Sharing: We will share your personal information if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Service, or (iii) such action is appropriate to protect Spiralburst’s or its employees’, clients’, or users’ rights, property, or safety.
   We will not share your personal information with any other third party.

5. How long your Personal Information will be kept

We will keep your Personal Information for the length of time required to provide you with the Service, unless a longer retention period is required or permitted by law. Afterwards, we delete all aforementioned data in our possession within a reasonable timeframe. We do not verify the correctness of personal data that we collect or you provide.

Please note that some data may be retained, if necessary to resolve disputes, enforce Spiralburst user agreements, or comply with technical and legal requirements and constraints related to the security, integrity, and operation of the Service.

6. Children’s Privacy

We do not knowingly collect any Personal Information from children under the age of 13, nor do we allow them to create accounts, sign up for newsletters, make purchases, or browse the Service without the consent of their parent or legal guardian as per our Terms of Use. In addition, we may limit how we collect, use, and store some of the information of EU users between 13 and 16. Spiralburst takes children’s privacy seriously and encourages parents to play an active role in their children’s online experience at all times. We urge parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission, when online. If you have any concerns about your child’s personal information, please contact us at support@spiralburst.com.

7. “Do Not Track” Signals

Because there’s not yet a consensus on how companies should respond to web browser-based or other “do not track” mechanisms yet, we do not respond to web browser-based “do not track” signals.

8. Mobile Advertising Opt-Out

If you would like more information about online advertising and your choices about not having personal information used to personalize ads for you, please see the links below. This applies only to Hexicon: Strategy Word Game.

• If you have an Android device, see Google’s instructions here: https://support.google.com/ads/answer/2662856?co=GENIE.Platform%3DAndroid&hl=en
• If you have an iOS device, see Apples’ instructions here: https://support.apple.com/en-us/HT205223
• For general information on opting out of network-based advertising, see the following link: http://www.networkadvertising.org/managing/opt_out.asp

9. Transfer of your Information out of the EEA

Spiralburst is based in the United States. No matter where you are located, you consent to the processing, transfer and storage of your information in and to the U.S., as well as Canada, Brazil, Switzerland, UK, India, Australia, Hong Kong, Japan, and Korea, in accordance with the privacy policies of third parties with whom we share your Personal Information. The laws of the U.S. and these other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

If you would like further information, please contact us (see Section 15 “How to contact us” below).

10. EU Residents - Your Rights

Under the laws of some jurisdictions, including the General Data Protection Regulation in the EEA, you have a number of important rights with regard to your Personal Information.

1. By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
2. If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
3. If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
4. You have the right to ask us to stop using your information for a period of time, if you believe we are not doing so lawfully.
5. Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.

If you would like to exercise any of those rights, please email us at support@spiralburst.com. We may ask for additional verification information, such as your username and other information required to be sure that you are the owner of that data.

11. California Residents – Your Rights

If you are a California resident, beginning on January 1, 2020, the California Consumer Privacy Act (CCPA) gives you the following rights:

Right to Know: You can ask us what personal data we hold about you and request a copy of the information. This information includes:

• The categories of personal information we have collected about you.
• The categories of sources from which we collect the personal information.
• The business or commercial purpose for collecting your personal information.
• The categories of third parties with whom we share that information.
• The specific pieces of personal information we have collected about you.

Right to Delete: You can request that your personal information be erased. However, there are some exceptions to this right, in situations where we:

• Need to complete the transaction for which the personal information was collected, provide a good or service that you requested, or that is reasonably anticipated within our ongoing business relationship with the consumer, or to otherwise perform a contract between us.
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
• Debug to identify and repair errors that impair existing intended functionality.
• Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law.
• Need to comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
• Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with us.
• Need to comply with a legal obligation.
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

Right to Opt Out: Spiralburst does not sell any of your personal information for any purposes.

Other Rights: In addition to the rights above, you also have the right to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the calendar year preceding your request. This request is free and may be made only once a year.

You also have the right not to be discriminated against for exercising any of the rights of California residents listed in this section.

If you would like to exercise any of the rights listed above, please contact us at the addresses below in the section entitled “How to contact us.”

12. Keeping your Personal Information secure

We have taken steps to put appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorized way.

For example, we limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner.

Additionally, we use role-based access controls, encryption of data in transit and at rest, and regular backups to protect personal information we collect and process.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

13. Resolving Disputes

We hope that we can resolve any questions or concern you raise about our use of your Personal Information. Please contact us via the methods listed below in the section entitled “How to contact us” to let us know about any of your questions or concerns, and we will get back to you to resolve the issue.

If you are an EU citizen, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.

14. Changes to this Privacy Notice

This privacy notice was last updated on March 29, 2023.

We may change this privacy notice from time to time. When we do, we will inform you via email to the email address you have provided us with through your account, or by posting a message about the change on the Service.

15. How to contact us

Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, you can do so by email to support@spiralburst.com or by postal mail to 144 Pius St., Pittsburgh, PA 15203.