Plinko Tycoon

Privacy Policy

Last updated: 2026-05-10 · Effective: 2026-05-10

This policy explains what data we collect, why, how we use it, and your rights. We aim for plain English. If anything is unclear, email us at supportplinkotycoon@gmail.com.

Contents

1. Who We Are
2. What We Collect
3. How We Use Data
4. Legal Bases (GDPR)
5. Who We Share With
6. Retention
7. Your Rights
8. US State Rights
9. Children
10. Security
11. International Transfers
12. Third-Party Services
12A. Apple ATT
12B. Google Play Data Safety
13. Changes
14. Contact

1. Who We Are

Plinko Tycoon ("we", "us") is the data controller for the personal information collected through the Service. Contact: supportplinkotycoon@gmail.com.

2. What We Collect

Account data

Username (chosen by you);
Hashed password (we never store passwords in plaintext — they are one-way bcrypt hashes);
Email address — only if you provide one for support or marketing;
Account creation date and last-login timestamp.

Gameplay data

Progress, levels, currencies, items owned, pets, stickers, trophies, and other state needed to operate the game;
Settings and preferences;
Friend relationships, friend requests, blocks, and chat messages you send/receive;
Trade and purchase history within the game economy;
Events you trigger (e.g., pet pulls, tournament scores, bonus claims) used to calculate rewards and detect suspicious activity.

Device & technical data

IP address and approximate location derived from it (country/region level);
Browser/app type and version, operating system, screen size;
Session cookies (see Cookie Policy);
Server-side logs (request paths, status codes, timestamps) used for security, debugging, and analytics.

Purchase data

If you make in-app purchases, our payment processor (e.g., Apple, Google, or a web payment provider) handles your payment instrument. We receive a transaction confirmation and the SKUs you bought. We do not store full credit-card numbers on our servers.

Information we do NOT collect

Government IDs, social-security numbers, or similar national identifiers;
Biometric data;
Precise GPS location;
Microphone or camera input.

3. How We Use Data

Operate the Service — authenticate you, save progress, pair you with friends, deliver chat messages, run tournaments, etc.
Support — respond to your messages, troubleshoot, restore lost progress.
Safety & integrity — detect cheating, fraud, account-sharing, abuse, and policy violations; ban bad actors.
Improve the game — measure feature usage, balance the economy, identify and fix bugs.
Comply with law — respond to legal process, enforce our Terms, and protect rights.

4. Legal Bases for Processing (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases:

Contract — to provide the Service you signed up for.
Legitimate interests — to keep the Service safe, prevent fraud, and improve the game; we balance these against your rights and freedoms.
Consent — for optional marketing emails or non-essential cookies (where required); you may withdraw consent at any time.
Legal obligation — to comply with applicable law and lawful requests.

We do not sell personal information. We share data only with:

Service providers who process data on our behalf under contract — hosting (Fly.io), payment processors (Apple, Google, web payment providers), email delivery, error logging, and similar infrastructure;
Other players, in features you choose to use — your username, avatar, level, trophies, and chat messages are visible to friends and on leaderboards;
Legal recipients when required by law or to protect rights, property, or safety (ours, yours, or others');
A successor, in the event of merger, acquisition, financing, or sale of assets, with notice to you.

6. Retention

We keep account data for as long as your account is active. When you delete your account (see Account Deletion), we delete or anonymize your personal data within 30 days, except where we are required to keep records for legal, tax, fraud-prevention, or dispute-resolution purposes. Anonymized analytics data may be retained indefinitely.

7. Your Rights (GDPR / UK GDPR / similar laws)

Subject to applicable law, you may:

Access the personal data we hold about you;
Request correction of inaccurate data;
Request deletion of your personal data;
Object to or restrict certain processing;
Request a portable copy of data you provided to us;
Withdraw consent where processing is based on consent;
Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email supportplinkotycoon@gmail.com. We may need to verify your identity to protect your account.

8. California & US State Privacy Rights (CCPA / CPRA et al.)

If you are a resident of California or another US state with applicable consumer-privacy laws, you have rights similar to those above, including the right to know, the right to delete, and the right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell personal information and do not engage in cross-context behavioral advertising. To exercise your rights, contact us at supportplinkotycoon@gmail.com. We will not discriminate against you for exercising these rights.

9. Children

The Service is not directed to children under 13 (or under 16 in the EEA, unless local law allows a lower age with verifiable parental consent). We do not knowingly collect personal information from children below those ages. If we learn that we have collected personal information from a child without parental consent, we will delete it. If you believe a child has provided us with personal information, please contact supportplinkotycoon@gmail.com so we can take action.

10. Security

We use industry-standard technical and organizational measures, including bcrypt password hashing, HTTPS in transit, SQLite encryption-at-rest options where available, server-side authorization for all sensitive actions, and rate limits. No system is perfectly secure; we cannot guarantee absolute security, but we work hard to protect your data and will notify you of any breach affecting your account where required by law.

11. International Data Transfers

The Service is hosted on infrastructure that may be located outside your country of residence (currently the United States). Where personal data is transferred from the EEA/UK/Switzerland to a country not recognized by the relevant authority as offering an adequate level of protection, we rely on standard contractual clauses or another lawful transfer mechanism.

12. Third-Party Services & Links

The Service may include or link to third-party services (Apple, Google, payment processors, etc.). Those services have their own privacy policies; please review them. We are not responsible for third parties' privacy practices.

12A. Apple App Tracking Transparency

On Apple platforms (iOS / iPadOS), Apple requires apps to request permission before tracking users across apps and websites owned by other companies (the "ATT" prompt). Today, Plinko Tycoon does not engage in any cross-app or cross-site tracking, does not use the IDFA, and does not work with third-party advertising or attribution SDKs. We therefore do not present the ATT prompt today. If we ever add tracking that requires ATT, we will update this policy and present Apple's prompt before any tracking begins.

12B. Google Play Data Safety Summary

For users who install Plinko Tycoon through Google Play, this summary mirrors what we declare in the Play Console "Data Safety" form. Detail is in the sections above; this is a quick reference.

Data collected: user IDs (account username, friend code, hashed password); app activity (in-game actions, progress, purchase events); app info & performance (crash logs, diagnostics, app version); device or other IDs (session token, IP address).
Data shared with third parties: none for advertising. Service providers (hosting, payment processing, error logging) receive only the data needed to perform their function, under contract.
Data sold: no.
Data used for advertising: no.
Security: all data is transmitted over HTTPS. Passwords are stored only as bcrypt hashes.
Data deletion: users can request deletion at any time. See Account & Data Deletion.
Google Play Families Policy: not applicable — Plinko Tycoon is not directed at children under 13.

13. Changes

We may update this policy. When we do, we will update the "Last updated" date and, for material changes, we will notify you in-game or by email. Continuing to use the Service after the effective date constitutes acceptance of the updated policy.

14. Contact

Email: supportplinkotycoon@gmail.com. Please mark the subject "Privacy Request" so we can route your message quickly.

Privacy Policy

1. Who We Are

2. What We Collect

Account data

Gameplay data

Device & technical data

Purchase data

Information we do NOT collect

3. How We Use Data

4. Legal Bases for Processing (GDPR / UK GDPR)

5. Who We Share Data With

6. Retention

7. Your Rights (GDPR / UK GDPR / similar laws)

8. California & US State Privacy Rights (CCPA / CPRA et al.)

9. Children

10. Security

11. International Data Transfers

12. Third-Party Services & Links

12A. Apple App Tracking Transparency

12B. Google Play Data Safety Summary

13. Changes

14. Contact