Last Modified on October 26, 2021
1. Who we are
Spiralburst Studio, LLC (“Spiralburst,” “We,” or “Us”) collects, uses, and is responsible for certain personal information about you, as part the “Hexicon: Strategy Word Game” and “Maracaibo Digital” games and the Spiralburst Studio websites located at https://spiralburst.com/, https://maracaiboapp.com/, and https://hexiconapp.com/ (collectively, the “Service”).
For those in the European Union, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as controller of that personal information for the purposes of those laws.
2. The Personal Information we collect and use
Information collected by us: In providing the Service, we collect the following personal information either automatically or when you voluntarily provide it to us:
- Your name and email address are collected when you sign up for our newsletter, contact us about a Service-related issue or support ticket, fill out a survey or send feedback, or enter a contest or sweepstakes on the Service (your “Contact Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
- Your screen name and email address are collected when you sign up for an account on the Service, or connect a Google, Facebook, or other sign-in account with the Service (your “AccountInformation”). Creating an account is required to play certain games on the Service. The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b). Only for Hexicon.
- Your device’s push notification token is collected when you install one of our games on your device (your “Token”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b). Only for Hexicon.
- Certain technical information about your device and other information, such as your IP Address, device ID, and operating system, is collected when you use the Service (your “Technical Information”). The legal basis for collecting this information is to fulfill a contract with you, under GDPR Art. 6 (1) (b).
- Your unique Advertising ID (if you’re using an Android device) or your IDFA Advertising Identifier (if you are using an iOS device) for advertising purposes (your “Advertising Information”). The legal basis for collecting this information is our legitimate interest, under GDPR Art. 6 (1) (f). Only for Hexicon.
How we use your Personal Information: We use your personal information as follows:
- Newsletters: Spiralburst may use your Contact Information or Account Information to send you commercial or marketing messages, including newsletters and email communications about our products or services.
- Technical Support: Spiralburst uses Contact Information, Account Information, and any information you provide us about your device or yourself, as needed, to provide you with technical support for the Service.
- Contests, Surveys, and Feedback: Spiralburst may offer you the chance to participate in contests, surveys, and other Service feedback. We may use your Contact Information to receive and process any contests, surveys, and feedback that you and other users choose to participate in, in order to improve the Service.
- Push Notifications: We use your Token to send you updates about the Service through push notifications to your device. Only for Hexicon.
- Analytics and Service Improvements: We use certain Technical Information and Account Information to collect and analyze gameplay and user data, and to generate error reports, in order to improve the Service.
Who we share your Personal Information with: We share your Personal Information with certain third parties as part of our operation of the Service. This data sharing enables us to provide you with the Service in the optimal way.
Some of those third-party recipients may be based outside the European Economic Area — for further information, including how we safeguard your personal data when this occurs, see their individual privacy policies linked to above and the section entitled “Transfer of your Information out of the EEA,” below.
We share your Personal Information with the following third parties:
- Analytics and Troubleshooting: We use multiple service providers to improve the Service through analyzing usage data, as well as detecting errors and other issues on the Service. These service providers include:
- Other Sharing: We will share your personal information if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Service, or (iii) such action is appropriate to protect Spiralburst’s or its employees’, clients’, or users’ rights, property, or safety.
We will not share your personal information with any other third party.
How long your Personal Information will be kept: We will keep your Personal Information for the length of time required to provide you with the Service, unless a longer retention period is required or permitted by law. Afterwards, we delete all aforementioned data in our possession within a reasonable timeframe. We do not verify the correctness of personal data that we collect or you provide.
Please note that some data may be retained, if necessary to resolve disputes, enforce Spiralburst user agreements, and comply with technical and legal requirements and constraints related to the security, integrity, and operation of the Service.
Children’s Privacy: We do not knowingly collect any personal information from children under the age of 13, nor do we allow them to create accounts, sign up for newsletters, make purchases, or browse the Service. In addition, we may limit how we collect, use, and store some of the information of EU users between 13 and 16. Spiralburst takes children’s privacy seriously and encourages parents to play an active role in their children’s online experience at all times. We urge parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission, when online. If you have any concerns about your child’s personal information, please contact us at firstname.lastname@example.org.
“Do Not Track” Signals: Because there’s not yet a consensus on how companies should respond to web browser-based or other “do not track” mechanisms yet, we do not respond to web browser-based do not track signals.
Mobile Advertising Opt-Out: If you would like more information about online advertising and your choices about not having personal information used to personalize ads for you, please see the links below. Only for Hexicon.:
3. Transfer of your Information out of the EEA
Spiralburst is based in the United States. No matter where you are located, you consent to the processing, transfer and storage of your information in and to the U.S., as well as Canada, Brazil, Switzerland, UK, India, Australia, Hong Kong, Japan, and Korea, in accordance with the privacy policies of third parties with whom we share your Personal Information. The laws of the U.S. and these other countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.
If you would like further information, please contact us (see “How to contact us” below).
4. EU Residents - Your Rights
Under the laws of some jurisdictions, including the General Data Protection Regulation in the EEA, you have a number of important rights with regard to your Personal Information.
- By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
- If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
- If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
- You have the right to ask us to stop using your information for a period of time, if you believe we are not doing so lawfully.
- Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.
If you would like to exercise any of those rights, please email us at email@example.com. We may ask for additional verification information, such as your username and other information required to be sure that you are the owner of that data.
5. California Residents – Your Rights
If you are a California resident, beginning on January 1, 2020, the California Consumer Privacy Act (CCPA) gives you the following rights:
Right to Know: You can ask us what personal data we hold about you and request a copy of the information. This information includes:
- The categories of personal information we have collected about you.
- The categories of sources from which we collect the personal information.
- The business or commercial purpose for collecting your personal information.
- The categories of third parties with whom we share that information.
- The specific pieces of personal information we have collected about you.
Right to Delete: You can request that your personal information be erased. However, there are some exceptions to this right, in situations where we:
- Need to complete the transaction for which the personal information was collected, provide a good or service that you requested, or that is reasonably anticipated within our ongoing business relationship with the consumer, or to otherwise perform a contract between us.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law.
- Need to comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent.
- Enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with us.
- Need to comply with a legal obligation.
- Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right to Opt Out: Spiralburst does not sell any of your personal information for any purposes.
Other Rights: In addition to the rights above, you also have the right to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the calendar year preceding your request. This request is free and may be made only once a year.
You also have the right not to be discriminated against for exercising any of the rights of California residents listed in this section.
If you would like to exercise any of the rights listed above, please contact us at the addresses below in the section entitled “How to contact us.”
6. Keeping your Personal Information secure
We have taken steps to put appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorized way.
For example, we limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner.
Additionally, we use role-based access controls, encryption of data in transit and at rest, and regular backups to protect personal information we collect and process.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
7. Resolving Disputes
We hope that we can resolve any questions or concern you raise about our use of your Personal Information. Please contact us via the methods listed below in the section entitled “How to contact us” to let us know about any of your questions or concerns, and we will get back to you to resolve the issue.
If you are an EU citizen, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
8. Changes to this Privacy Notice
This privacy notice was last updated on October 26th, 2021.
We may change this privacy notice from time to time. When we do, we will inform you via email to the email address you have provided us with through your account, or by posting a message about the change on the Service.
9. How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, you can do so by email to firstname.lastname@example.org or by postal mail to 144 Pius St., Pittsburgh, PA 15203.