Privacy Policy

This Privacy Policy explains how Claynosaurz Inc. ("Claynosaurz", "we", "us", or "our") collects, uses, discloses, and protects personal information in connection with the Claynosaurz Champions mobile game (the "Mobile Game"). By downloading, accessing, or using the Mobile Game, you consent to this Privacy Policy. If you do not agree, you must discontinue your use of the Mobile Game.

Nothing in this Privacy Policy limits any rights you may have under applicable law, including statutory consumer rights under EU or UK law.

Claynosaurz Inc. acts as the data controller for all personal information processed in connection with the Mobile Game. You may contact us at:

Information We Collect

Information You Provide

We collect information that you voluntarily provide when creating an account, communicating with us, or interacting with the Mobile Game. This may include your email address, age, username, gameplay preferences, and any details you submit when requesting support.

If you are under eighteen (18), we may require the email address of your parent or legal guardian to verify consent. We may request additional information when needed to confirm parental consent or assess whether a feature is appropriate for a minor.

We do not knowingly collect personal information from children under thirteen (13) without verifiable parental consent, in compliance with applicable law including the U.S. Children’s Online Privacy Protection Act ("COPPA").

Information Collected Automatically

When you use the Mobile Game, we automatically collect certain technical and usage information. This includes device identifiers, operating system information, IP address, regional and language preferences, network diagnostics, gameplay activity, feature usage, crash reports, and analytics data. We also collect information for anti-fraud and anti-cheat purposes to maintain game integrity.

Embedded Wallet and Blockchain Data

The Mobile Game uses a non-custodial embedded wallet provided through Dynamic.xyz. The Company does not offer custodial wallet services and does not at any time hold, manage, or control private keys on behalf of users.

We may collect the public wallet address or embedded wallet identifier associated with your account and certain on-chain events related to Game Assets. Activity involving these Game Assets may be recorded publicly on the Sui blockchain or other supported networks and may be permanently visible.

Game Assets and Marketplace Data

We process information related to Game Assets used within the Mobile Game, including items collected, equipped, exchanged, or transferred through the in-game peer-to-peer marketplace. We may record details such as ownership history, transaction timestamps, virtual currency activity, and metadata necessary to detect fraud or abuse and ensure fair gameplay. Game Assets exist solely within the Mobile Game and have no monetary or real-world value.

Information From Third Parties

We may receive information from platform providers such as the Apple App Store or Google Play, analytics services, crash-reporting tools, fraud-prevention systems, and embedded wallet providers. We do not collect or store full payment card details.

We do not collect or process full payment card numbers, bank account details, or other financial account data.

How We Use Personal Data

We use personal information to operate, provide, maintain, and improve the Mobile Game and its related features. This includes creating and managing user accounts, enabling gameplay, confirming parental or guardian consent when required, providing embedded non-custodial wallet functionality, facilitating Game Asset interactions, and ensuring the security and integrity of the Mobile Game. We also use personal information to enforce our Terms of Service, comply with legal obligations, provide customer support, and communicate with users about their accounts or the Mobile Game.

Claynosaurz uses the personal information it collects for the following purposes:

Providing the Mobile Game and its Features

We use information to operate and personalize the Mobile Game; create and update user accounts; provide embedded wallet features; enable Game Asset use and marketplace transactions; process in-app purchases; ensure device compatibility; monitor performance; and carry out internal operations such as debugging, troubleshooting, analytics, and service optimization.

Safety, Security, Fraud Prevention, and Compliance

We use information to protect the safety and integrity of the Mobile Game and its users; detect and prevent fraud, cheating, unauthorized transactions, and harmful or abusive behavior; confirm parental consent for minors; enforce usage policies; and comply with legal, regulatory, and law-enforcement requirements.

Customer Support

We use information to provide support, investigate and resolve player issues, monitor service quality, respond to inquiries, and improve customer support processes.

Research and Development

We may use information for testing, analysis, research, and product development, including machine-learning models designed to improve gameplay, fraud detection, personalization, and user experience. This helps us understand player behavior, improve game balance, and develop new features or enhancements.

Marketing Communications

Where permitted by law and user preferences, we may use information to send marketing or promotional communications about Claynosaurz games, features, surveys, events, or updates. Users may opt out of marketing communications at any time.

Non-Marketing Communications

We may use information to send important service-related communications, including changes to our Terms, Privacy Policy, or technical updates. These communications are transactional and are not subject to marketing opt-out.

Legal Proceedings and Regulatory Requirements

We may use and retain information as necessary for legal claims, audits, investigations, dispute resolution, regulatory inquiries, and as otherwise permitted or required by applicable law.

We process personal information under the legal bases permitted by the GDPR, including performance of a contract, compliance with legal obligations, legitimate interests in operating a secure and functional Mobile Game, and user consent where required. Where we rely on consent for processing, you may withdraw your consent at any time.

Sharing of Personal Information

We may share personal information with third-party service providers to support the operation of the Mobile Game. This includes cloud-hosting providers, analytics and crash-reporting platforms, Dynamic.xyz for embedded wallet services, content-delivery networks, anti-cheat and fraud-prevention systems, and customer-support tools. These providers access personal information only as necessary to perform services on our behalf.

If you interact with blockchain features, certain information such as your public wallet address or transaction metadata may be recorded on a public blockchain and become publicly accessible.

We may disclose personal information if required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of Claynosaurz or our users.

Personal information may also be transferred as part of a corporate transaction, including a merger, acquisition, reorganization, or sale of assets.

We use third-party service providers to support the operation, analysis, and monetization of the Mobile Game. These providers may have access to personal information as needed to perform their functions and process such information in accordance with their own privacy policies and applicable law.

Analytics

We use analytics services to monitor, analyze, and improve the performance and use of the Mobile Game. These services help us understand user behavior, identify issues, and enhance gameplay.

Mobile Analytics Providers (Firebase Analytics)

We use mobile analytics SDKs, including Firebase Analytics provided by Google LLC, to understand how players engage with the Mobile Game, diagnose crashes, and improve performance. These tools may collect device identifiers, technical logs, interaction data, feature usage information, and diagnostic events. Firebase Analytics does not collect information such as your name, email address, or other directly identifying personal information.

You can learn more about Firebase Analytics by reviewing Google's Privacy Policy at: https://policies.google.com/privacy.

Sentry (Crash Reporting & Error Diagnostics)

We use Sentry, a diagnostics and crash-reporting service provided by Functional Software, Inc. ("Sentry"), to identify, track, and resolve technical issues within the Mobile Game. Sentry may collect information such as device identifiers, operating system version, app state prior to an error, performance data, stack traces, technical logs, and crash reports. This information helps us detect bugs, improve stability, and ensure the security and performance of the Mobile Game. Sentry does not process information such as your name, email address, or other directly identifying personal details.

You can learn more about Sentry’s privacy practices at: https://sentry.io/privacy/.

Advertising

We use advertising service providers to display in-game or contextual advertisements. These providers may process device identifiers and usage data necessary to deliver and measure advertising content.

Unity Ads

Unity Ads (Unity Technologies) may collect and process information to deliver and optimize advertising services. For more information, please refer to: https://unity3d.com/legal/privacy-policy.

IronSource

IronSource may collect and process information required to deliver and measure advertisements. Their privacy policy is available at: https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/.

Payments

The Mobile Game may offer paid features or in-app purchases. All payments are processed directly by the Apple App Store or Google Play. Claynosaurz does not collect or store payment card information. Payment data is processed exclusively by the respective platform provider in accordance with its privacy policies and industry standards, including PCI-DSS. Apple and Google may process and retain limited transaction information, such as purchase history, app identifiers, and billing country, in accordance with their own privacy policies.

Apple’s privacy policy: https://www.apple.com/legal/privacy/en-ww/.

Google’s privacy policy: https://www.google.com/policies/privacy/.

Blockchains

Claynosaurz does not publish personal information to the Sui blockchain. Only pseudonymous information—such as a public wallet address or transaction hash—is transmitted to the blockchain as technically required for Game Asset functionality. No information capable of directly identifying a user (such as name, email address, or account credentials) is written to or stored on any blockchain network.

We take measures to ensure that there is no visible or publicly accessible link between a player's Mobile Game account and their public wallet address. Any data that appears on the blockchain is fully anonymized and cannot be associated with an individual unless the user voluntarily discloses such information elsewhere. Claynosaurz does not publish, correlate, or expose any mapping between user identities and public wallet addresses.

Public blockchain data is not considered personal information processed by Claynosaurz, as such information is not linked or linkable to an identified or identifiable individual by the Company. Claynosaurz does not determine the purposes or means of processing data written to public blockchain networks, which operate independently and autonomously.

Because blockchain networks are decentralized and public, information written to them may be visible to anyone; however, such data consists only of non-identifying technical information and cannot be used to determine a player’s identity without information that Claynosaurz does not make publicly available.

To enable blockchain functionality, we may work with third-party providers who process information required for wallet creation, blockchain interaction, or Game Asset activity. These providers may process public wallet addresses, embedded-wallet identifiers, device metadata, or transaction-related information solely to enable secure wallet and blockchain features.

Dynamic (Embedded Wallet Services)

Embedded wallets in the Mobile Game are provided by Dynamic Labs, Inc. ("Dynamic"). Dynamic supports non-custodial wallet creation, authentication, fraud prevention, and compliance monitoring. Dynamic may process your public wallet address, embedded wallet identifier, device metadata, and security-related usage information. Dynamic does not hold or control private keys.

Dynamic’s Privacy Policy is available at: https://www.dynamic.xyz/privacy-policy.

Development Partners (Gameloft SE & Gameloft Saigon)

We work with Gameloft SE (France) and its affiliated development studio Gameloft Saigon (Vietnam) as technical partners for the development, operation, and improvement of the Mobile Game. Gameloft acts as a data processor and processes personal information solely on behalf of Claynosaurz and in accordance with our instructions.

International transfers of personal information to Vietnam are performed under the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum, as applicable. These safeguards ensure an equivalent level of protection for personal information in accordance with GDPR and UK GDPR requirements.

With Consent

Claynosaurz may share personal information for purposes not described elsewhere in this Privacy Policy when we have provided notice to the user and obtained their consent. Where consent is required by law, such sharing will not occur unless the user has explicitly agreed. Users may withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

International Data Transfers

Your personal information may be transferred to, and processed in, countries outside of your place of residence, including Canada and the United States. These countries may have data protection laws that differ from those of your jurisdiction.

For users located in the European Economic Area (EEA), we comply with the General Data Protection Regulation ("GDPR"). When transferring personal data from the EEA to countries that have not been deemed to provide an adequate level of protection by the European Commission, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs).

For users located in the United Kingdom, we comply with the United Kingdom General Data Protection Regulation ("UK GDPR"). When transferring personal data outside the UK to countries that do not provide an adequate level of protection, we rely on the UK International Data Transfer Addendum to the SCCs or other approved transfer mechanisms.

We take steps to ensure that the recipients of your personal information provide a level of protection equivalent to that required under applicable data protection laws.

Data Retention

We retain personal information only for as long as necessary to provide the Mobile Game, fulfill the purposes for which the information was collected, comply with legal obligations, resolve disputes, and maintain security. Data written to a blockchain may persist indefinitely.

Information collected for parental consent or related to minors is retained only as long as necessary to verify consent or comply with legal obligations.

Security

We implement reasonable and appropriate technical and organizational measures designed to safeguard personal information against loss, misuse, or unauthorized access. However, no method of transmission or storage is entirely secure. You are responsible for securing your device, your account credentials, and access to your email, as loss of access may result in permanent loss of access to your embedded wallet.

GDPR Privacy

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.

You have the right under this Privacy Policy, and by law if you are within the EU, to:

• Request access to your Personal Data. This includes the right to receive a copy of the Personal Data we hold about you.
• Request correction of the Personal Data that we hold about you, including the right to have any incomplete or inaccurate information corrected.
• Object to processing of your Personal Data where we are relying on a legitimate interest as the legal basis for our processing or where we process your Personal Data for direct marketing purposes.
• Request erasure of your Personal Data when there is no good reason for us to continue processing it.
• Request the transfer of your Personal Data in a structured, commonly used, machine-readable format to you or a third party of your choice.
• Withdraw your consent at any time where we rely on consent to process your Personal Data.

You also have the right to lodge a complaint with your local data protection authority.

Claynosaurz does not engage in automated decision-making or profiling that produces legal or similarly significant effects on users, as defined under Articles 21 and 22 of the GDPR.

Exercising Your GDPR Data Protection Rights

You may exercise your rights of access, rectification, cancellation, and opposition by contacting us. We may ask you to verify your identity before responding to such requests, and we will respond as soon as reasonably possible.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

CCPA/CPRA Privacy Notice (California Privacy Rights)

This privacy notice section for California residents supplements the information contained in our Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. The following categories of personal information may be collected from California residents:

• Category A: Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, or similar identifiers) – Collected: Yes.
• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) (e.g., name, signature, address, telephone number, and certain financial information) – Collected: Yes.
• Category C: Protected classification characteristics under California or federal law (e.g., race, religion, medical condition) – Collected: No.
• Category D: Commercial information (e.g., records of products or services purchased or considered) – Collected: Yes.
• Category E: Biometric information – Collected: No.
• Category F: Internet or other similar network activity (e.g., interaction with our Service or advertisement) – Collected: Yes.
• Category G: Geolocation data (approximate physical location) – Collected: No.
• Category H: Sensory data – Collected: No.
• Category I: Professional or employment-related information – Collected: No.
• Category J: Non-public education information – Collected: No.
• Category K: Inferences drawn from other personal information – Collected: No.
• Category L: Sensitive personal information (e.g., email used for authentication, age) – Collected: Yes.

Under CCPA/CPRA, personal information does not include publicly available information from government records, deidentified or aggregated consumer information, or information excluded from the CCPA/CPRA’s scope (such as certain health or financial information subject to sector-specific laws).

Sources of Personal Information

We obtain the categories of personal information listed above from the following sources:

• Directly from you (for example, from forms you complete or purchases you make).
• Indirectly from you (for example, from observing your activity on our Service).
• Automatically from your device (for example, through cookies and SDKs).
• From service providers (for example, analytics providers, payment processors, and advertising partners).

Use of Personal Information

We may use or disclose personal information we collect for business or commercial purposes, including operating our Service, providing support, fulfilling the reason you provided the information, responding to law enforcement requests, internal administration and auditing, detecting security incidents, and other one-time uses. For more details, see the “How We Use Personal Data” section of this Privacy Policy.

Disclosure of Personal Information

We may disclose certain categories of personal information for business or commercial purposes, including: Identifiers; Personal information categories listed in the California Customer Records statute; Commercial information; and Internet or other similar network activity. When we disclose personal information for a business or commercial purpose, we enter a contract that describes the purpose and requires the recipient to keep that personal information confidential and not use it for any purpose except performing the contract.

Sharing of Personal Information

We may share personal information with service providers, payment processors, our affiliates, business partners, and third-party vendors to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide.

Sale of Personal Information

Claynosaurz does not sell personal information as that term is commonly understood. However, certain disclosures made through advertising or analytics SDKs may be considered a “sale” or “sharing” under the CPRA’s broad definitions. California residents may opt out of these practices as described in this section.

Sale of Personal Information of Minors Under 16 Years of Age

We do not knowingly sell the personal information of consumers we actually know are less than 16 years of age. If we learn that a child under the age of 13 (or 16) has provided us with personal information, we will delete that information. We do not condition a child’s participation on providing more personal information than is reasonably necessary.

Your Rights under the CCPA/CPRA

If you are a California resident, you have the following rights under the CCPA/CPRA:

• The right to notice of which categories of personal data are being collected and the purposes for which they are used.
• The right to know/access the personal information we collect, use, disclose, sell, or share.
• The right to say no to the sale or sharing of personal data (opt-out).
• The right to correct inaccurate personal data.
• The right to delete personal data, subject to certain exceptions.
• The right to limit the use and disclosure of certain sensitive personal information.
• The right not to be discriminated against for exercising any of your rights.

Exercising Your CCPA/CPRA Data Protection Rights

To exercise any of your rights under the CCPA/CPRA, you or your authorized representative can contact us at legal@claynosaurz.com. Your request must provide sufficient information to allow us to verify your identity or authority and describe your request in enough detail for us to respond appropriately.

We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary, with prior notice to you.

Do Not Sell My Personal Information

We do not sell personal information in the traditional sense, but we may allow service providers to use personal information for business purposes such as advertising, marketing, and analytics, which may be deemed a sale under CCPA/CPRA. You have the right to opt out of such sale or sharing by following instructions we provide within the Service or by contacting us.

Limit the Use or Disclosure of My Sensitive Personal Information

If you are a California resident, you have the right to limit the use and disclosure of your sensitive personal information to that use which is necessary to perform the services or provide the goods reasonably expected by an average consumer. We collect, use, and disclose sensitive personal information only as necessary to provide the Service.

"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track (DNT) signals. Some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your browser preferences to inform websites that you do not want to be tracked.

Your California Privacy Rights (California's Shine the Light law)

Under California Civil Code Section 1798, California residents with an established business relationship with us may request information once a year about sharing their personal data with third parties for the third parties’ direct marketing purposes. To make such a request, please contact us using the contact information provided in this Privacy Policy.

California Privacy Rights for Minor Users

California Business and Professions Code Section 22581 allows California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted. To request removal of such data, please contact us using the contact information provided in this Privacy Policy and include the email address associated with your account. Note that this request does not guarantee complete or comprehensive removal of content or information posted online, and the law may not permit or require removal in certain circumstances.

Children’s Privacy

You must be at least thirteen (13) years old to use the Mobile Game. If you are under eighteen (18), a parent or legal guardian must review and accept the Terms of Service on your behalf, and we may require their email to confirm consent. If we learn that we have collected personal information from a child under thirteen without verifiable parental consent, we will delete the information.

Parents or legal guardians may contact us to access or delete a minor’s information.

Cookies and Tracking Technologies

The Mobile Game and any accompanying web resources may use cookies, mobile SDKs, device identifiers, and similar tracking technologies for operational, security, analytics, and advertising purposes. These technologies help us authenticate users, maintain session integrity, understand how players engage with the Mobile Game, improve performance, detect fraud or misuse, and deliver or measure the effectiveness of in-game advertising.

Mobile analytics and advertising partners may process device identifiers (such as IDFA on iOS or Google Advertising ID on Android), technical logs, usage information, and interaction data to support analytics, reporting, and ad delivery. These partners may also use SDKs or similar tools to track interactions within the Mobile Game.

You may manage certain tracking preferences by adjusting your device settings, including disabling personalized advertising (“Limit Ad Tracking” on iOS or “Opt Out of Ads Personalization” on Android). Disabling these features may limit or affect the personalized content or advertisements you receive but will not disable all tracking technologies used for core functionality, security, or analytics.

For web-based resources associated with the Mobile Game, cookies may be used to remember user preferences, enable certain features, and analyze traffic. You may modify your browser settings to manage or block cookies, though doing so may affect the performance of certain features.

The Mobile Game and related web resources do not respond to "Do Not Track" signals, as a standard interpretation of such signals has not been adopted by the online industry.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updates take effect upon posting within the Mobile Game or on our website. Continued use of the Mobile Game following an update constitutes acceptance of the revised Policy.

We comply with the App Store Review Guidelines and Google Play Developer Policies regarding the collection, use, and sharing of user data.