Privacy Policy - Ball Sort World

Privacy Policy for Ball Sort World

Operator: ,

("we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect when you download, install, register an account in, and play the mobile game Ball Sort World (the "Game"), how we use that information, with whom we share it, how long we keep it, and the rights you have under applicable laws — including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the California Online Privacy Protection Act (CalOPPA), the Children's Online Privacy Protection Act (COPPA), and (for users in the EEA, the United Kingdom, and Switzerland) the EU/UK General Data Protection Regulation ("GDPR"). The categories of data we collect and share are also disclosed in the Data Safety section of our Google Play store listing, which we keep consistent with this Policy.

By creating an account in or otherwise using the Game, you confirm that you have read and understood this Policy.

1. Information We Collect

The categories of personal information we may collect (using the categories defined in Cal. Civ. Code § 1798.140) are:

Account identifiers (provided by you). Because Ball Sort World uses a self-registered account system, you must provide an email address or mobile phone number and a password (or one-time verification code) to create and access your account. You may also choose to provide a display name.
Device and technical identifiers (collected automatically). Mobile device model, operating-system version and language, app version, IP address, time-zone setting, crash logs, and Android Advertising ID (AAID). The AAID is a resettable, user-controlled identifier — see Section 4 on how to reset or delete it.
Commercial information. Records of in-app purchases (item, amount, transaction time, Google Play order number such as GPA.xxxx). All payment-card details are handled exclusively by Google through Google Play Billing; we do not receive or store full card numbers, CVV, or bank-account numbers.
Internet or game-activity information. Levels played, level-completion data, hint/undo usage, session length, settings you choose, in-game progress and save data, and similar gameplay telemetry used to operate, analyze, and improve the Game.
Coarse location. Country/region inferred from your IP address. We do not collect precise GPS coordinates.
Customer-support correspondence. Information you send us when you contact support (e.g., your message, screenshots, and the email address from which you wrote).
Inferences. Aggregated insights derived from the above (e.g., difficulty preference, churn signals) used to balance the Game.

We do not knowingly collect, and you should not provide, the following sensitive personal information: government identification numbers, financial-account credentials, precise geolocation, racial/ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, health data, or data concerning sexual orientation.

2. How and Why We Use Information

We use the information described above for the following business purposes (Cal. Civ. Code § 1798.100; GDPR Art. 6 legal bases noted in brackets):

To create, operate, secure, and maintain your Game account, including authenticating logins and recovering forgotten passwords [contract performance];
To deliver the Game's core features, save your progress, and synchronize purchases across re-installs [contract performance];
To process and fulfil in-app purchases through Google Play Billing [contract performance / legal obligation];
To provide customer support and respond to your inquiries [contract performance];
To send transactional notices (e.g., purchase receipts, security alerts, account-deletion confirmations) [contract performance];
To monitor crashes, debug issues, balance level difficulty, and improve gameplay [legitimate interests];
To detect, prevent, and respond to fraud, abuse, cheating, and security incidents [legitimate interests / legal obligation];
To comply with applicable U.S. federal, state (including California), and other laws and to enforce our Terms of Service [legal obligation / legitimate interests];
To send optional promotional communications, only where you have opted in (you may withdraw consent at any time) [consent].

We will not use your personal information for materially different purposes without first providing notice and, where required, obtaining your consent.

3. How We Share Personal Information

We do not sell your personal information for money, and we do not "share" it for cross-context behavioral advertising as defined under the CCPA/CPRA. We disclose information only as follows:

Service providers (processors). Cloud hosting, account-system infrastructure, customer-support tooling, crash-reporting, analytics, and similar vendors who process data on our behalf under written agreements that prohibit independent use or onward disclosure. See Section 4 for the SDK categories involved.
Google (Google Play Billing). All payment data is handled by Google LLC under its own terms and privacy policy.
Legal compliance. When required to comply with a subpoena, court order, lawful government request, or applicable law, or to defend our legal rights.
Protection of rights. When we believe in good faith that disclosure is necessary to protect the safety, rights, or property of , our players, or the public.
Corporate transactions. In a merger, acquisition, financing, reorganization, or sale of all or part of our assets, your information may be transferred. We will provide notice and, where required by law, obtain your consent.
With your explicit consent in any other case.

4. Third-Party SDKs, Analytics, and Advertising

To operate the Game we may integrate third-party software development kits ("SDKs") that perform one or more of the following functions: crash and performance reporting, gameplay analytics, install attribution, push notifications, in-app advertising, and ad mediation. Each SDK provider acts under its own privacy policy. The categories of data they may collect include device identifiers (such as the Android Advertising ID), IP address, coarse location inferred from IP, app/device characteristics, and event-level usage data.

The current, authoritative list of SDKs in use, the categories of data they collect, and the purposes for which they are used is published in the Data Safety section of our Google Play store listing. We keep that disclosure synchronized with our actual integrations as we add or remove SDKs, and that listing supersedes any out-of-date examples that may appear elsewhere.

Your controls over advertising and identifiers:

Android 12 or later: open Settings > Privacy > Ads and tap Delete advertising ID. After deletion, your AAID will be replaced by a string of zeros and apps cannot use it for ad personalization.
Older Android versions: open Settings > Google > Ads and enable Opt out of Ads Personalization.
Reset your AAID at any time from the same screen.
Industry opt-out tools: DAA WebChoices and NAI Consumer Opt-Out.

5. Data Retention

We keep personal information only as long as necessary for the purposes described above or as required by law:

Active account data (login credentials, profile, save data): kept while your account is active, plus up to 180 days after deletion request to allow account-recovery in the event of accidental deletion or compromise, after which it is permanently deleted or anonymized.
Purchase and tax records: retained for up to 5 years in line with U.S. and California tax/financial recordkeeping requirements; payment-card data is never stored by us.
Crash logs and gameplay analytics: kept in identifiable form for up to 24 months, then aggregated or anonymized.
Customer-support correspondence: retained for up to 3 years.
Information subject to a legal hold: retained for the duration of the relevant proceeding, then deleted.

6. Data Security

We use commercially reasonable technical and organizational safeguards designed to protect your information, including:

Transport encryption (TLS 1.2 or higher) for all data sent between the Game and our servers;
Encryption at rest for credentials and other sensitive fields, with hashed-and-salted password storage;
Role-based access controls and least-privilege principles for our personnel;
Periodic security review and vulnerability remediation.

No system is 100% secure. If a personal-information breach occurs that affects your rights, we will notify affected California residents in accordance with Cal. Civ. Code § 1798.29 / § 1798.82 and other applicable breach-notification laws within the legally required timeframe.

7. International Data Transfers and Storage Location

We are based in the State of California, United States. Personal information we collect is processed and stored on servers located in the United States and may be processed by service providers in other countries on our behalf. If you are located outside the United States, by using the Game you understand that your information will be transferred to and processed in the United States, which may have data-protection laws different from those in your jurisdiction.

For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where applicable) or another lawful transfer mechanism, with supplementary measures where necessary.

8. Children's Privacy (COPPA)

Ball Sort World is not directed to children under the age of 13 in the United States, nor to children under the applicable age of digital consent in their jurisdiction (16 by default in the EEA, lower in some Member States). We do not knowingly collect personal information from such children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at and we will investigate and, where appropriate, delete the information without delay. Parents may also block in-app purchases through Google Play's parental controls and Google Family Link.

9. Account and Data Deletion

You may request deletion of your account and associated personal information at any time. We provide both an in-app option and a web-accessible request channel, in line with Google Play's account-deletion requirements:

In-app: open Settings → Account → Delete Account in the Game and follow the on-screen confirmation.
By email: send a request from the email address associated with your account to with the subject line "Account Deletion Request" and include your in-game player ID or registered email/phone for verification.

What we delete: your login credentials, profile, saved game progress, customer-support history tied to your account, and any other personal information we hold about you that is not subject to a legal retention requirement.

What we may retain (in limited form):

Purchase, refund, and tax records — retained as required by U.S. federal and California tax law (up to 5 years);
Aggregated or de-identified analytics that can no longer reasonably be linked to you;
Records necessary to detect or prevent fraud, abuse, or security incidents (e.g., a list of banned device hashes);
Information we are required to keep under a legal hold or in response to a lawful government request.

Timing: we will acknowledge your request within 2 business days and complete deletion within 30 days of verification, unless a longer period is required by law. After deletion, your account cannot be recovered. We will confirm completion by email.

10. Your Rights as a California Resident (CCPA / CPRA)

If you are a California resident, you have the following rights under Cal. Civ. Code § 1798.100 et seq.:

Right to Know — what categories and specific pieces of personal information we have collected about you, the sources, purposes, and the categories of third parties with whom we have disclosed it (covering the prior 12 months).
Right to Delete — request deletion of personal information we hold about you, subject to statutory exceptions (e.g., information necessary to complete a transaction, comply with a legal obligation, or detect fraud).
Right to Correct — request correction of inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioral advertising. If that ever changes, we will update this Policy and provide a "Do Not Sell or Share My Personal Information" mechanism.
Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information for purposes other than those expressly permitted by the CCPA/CPRA.
Right to Non-Discrimination — we will not deny service, charge a different price, or provide a lower quality of service because you exercised any of these rights.

How to submit a request: email with your full name, the registered email/phone of your account, the right you want to exercise, and any information needed to verify your identity. We may ask you for additional information to verify the request. We will respond within 45 days and may extend by another 45 days where reasonably necessary, with notice. Authorized agents may submit requests on your behalf with written permission or a valid power of attorney.

11. Your Rights in the EEA, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, the United Kingdom, or Switzerland, the GDPR (or UK GDPR / Swiss FADP, as applicable) gives you the following rights with respect to your personal data:

Access — obtain confirmation of whether we process your data and a copy of it;
Rectification — have inaccurate or incomplete data corrected;
Erasure ("right to be forgotten") — request deletion in the circumstances set out in GDPR Art. 17 (see Section 9 for our deletion process);
Restriction — request that we restrict processing in the circumstances set out in GDPR Art. 18;
Data Portability — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller;
Object — object to processing based on our legitimate interests, including for direct-marketing purposes;
Withdraw Consent — where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing;
Lodge a Complaint with your national data-protection authority. A list of EEA authorities is at edpb.europa.eu; UK residents may contact the ICO at ico.org.uk.

For all EEA/UK/Swiss requests, contact . We will respond within one month, extendable by two further months for complex requests, in line with GDPR Art. 12.

12. CalOPPA Compliance and Do-Not-Track

In accordance with the California Online Privacy Protection Act (Cal. Bus. & Prof. Code § 22575): (a) most browsers offer a "Do Not Track" ("DNT") signal, but no common industry standard yet exists for how to respond — we currently do not respond to DNT signals; (b) third-party SDKs integrated into the Game (see Section 4) may collect information about your activity over time and across services; (c) this Policy describes our practices in full and is the authoritative statement of how we handle your information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last Updated" date at the top of this page will always reflect the most recent revision. For material changes, we will provide at least 30 days' prior notice via in-game notice or email (where we have one). Your continued use of the Game after the updated Policy takes effect constitutes acceptance of the changes.

14. Contact Us

Address:
Email:
Phone:
Response time: Initial acknowledgment within 1–2 business days; CCPA / GDPR requests handled within statutory deadlines (45 days / 1 month respectively).

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of California, U.S.A., without regard to conflict-of-law principles. Disputes arising out of or relating to this Privacy Policy are subject to the exclusive jurisdiction of the state or federal courts located in Alameda County, California, except where mandatory consumer-protection or data-protection law in your country of residence (including the GDPR) entitles you to bring proceedings before the courts or supervisory authority of your habitual residence.