Privacy Policy

Controller

Elegant Fish ApS (“we”, “us”, “our”)

Registered office: C/O Legaldesk.dk ApS, Njalsgade 21F, 2, 2300 København S, Denmark

CVR: 45939146

Privacy contact / DPO: privacy@elegantfish.io

This Privacy Policy explains how we collect, use, share, transfer, and secure personal data when you use our websites, games, forums, and related services (“Services”).

1. Categories of data we process

• Account & identifiers: platform/user IDs (Apple/Google), device ID, Elegant Fish player ID.
  
  

• Device & technical: device model, OS, app version, language, IP address, time zone, crash logs, diagnostics.
  
  

• Usage & telemetry: session timestamps, feature usage, progression, non-precise region (derived from IP).
  
  

• Purchases: receipts, transaction identifiers, product, currency, spend, anti-fraud signals.
  
  

• Preferences: notifications, marketing opt-ins, gameplay settings.
  
  

• Location: precise location only if you opt in; otherwise we may infer coarse region from IP.
  
  

• Support content: messages you send to support, bug reports.
  
  

• User content (if enabled): forum posts, in-game names, chat.
  
  

2. Purposes and legal bases

• Provide and operate the Services (create/maintain accounts; gameplay; purchases; customer support; crash prevention).
  
  

  • Legal basis: Contract necessity (GDPR Art. 6(1)(b)); legal obligation for tax/records.
    
    

• Security & fraud prevention (abuse/cheat detection, service integrity).
  
  

  • Legal basis: Legitimate interests (Art. 6(1)(f)).
    
    

• Analytics & product improvement (KPIs, balancing, telemetry).
  
  

  • Legal basis:
    
    

    • Consent where analytics rely on cookies/SDKs not strictly necessary (web/app).
      
      

    • Legitimate interests for minimal, privacy-preserving, strictly necessary analytics.
      
      

• Personalized advertising & marketing (ad personalization, remarketing, push/email).
  
  

  • Legal basis: Consent (Art. 6(1)(a)). You may withdraw at any time in settings or via the consent banner.
    
    

• Legal compliance (enforcement, requests from authorities, bookkeeping).
  
  

  • Legal basis: Legal obligation (Art. 6(1)(c)).
    
    

We do not use your personal data to make decisions that produce legal or similarly significant effects based solely on automated processing. If we ever do, we will tell you and explain your rights.

3. Cookies and SDKs

We use cookies and mobile SDKs to run the Service, measure usage, fix bugs, and—if you consent—personalize ads and perform analytics. On web, you can manage choices via our cookie banner; in apps, via in-app privacy/settings or your OS advertising settings (e.g., “Allow Apps to Request to Track” / “Reset Advertising ID”).

4. Third-party recipients (processors/controllers)

We share data with:

• Platform stores (controllers): Apple App Store, Google Play (billing, fraud, receipts).
  
  

• Analytics & crash reporting (processors): Firebase (Analytics, Crashlytics, Remote Config). Privacy: https://policies.google.com/privacy
  
  

• Advertising (controllers/processors, only if you consent): Meta Audience Network (https://www.facebook.com/privacy/policy/), others if listed in-app/within the consent tool.
  
  

• Customer support tools (if used), cloud hosting/CDN, and anti-cheat providers.
  
  

• Authorities or advisers where required by law or to establish/exercise/defend legal claims.
  
  

We require processors to provide appropriate safeguards and only process on our instructions.

5. International transfers

Where data is transferred outside the EEA/UK/Switzerland, we use European Commission Standard Contractual Clauses (SCCs) (and UK IDTA/Addendum where applicable), and implement supplementary safeguards. Where a recipient participates in the EU-US Data Privacy Framework, we may rely on that adequacy decision for transfers to the United States. Contact us to obtain a copy of relevant transfer safeguards.

6. Retention

We keep personal data only as long as needed for the purposes above:

• Account & gameplay data: life of account + up to 36 months for queries/disputes.
  
  

• Analytics events: typically 14–26 months (service-dependent).
  
  

• Crash logs/diagnostics: 90–180 days.
  
  

• Purchase records: 5–10 years (legal obligation, accounting/tax).
  When no longer needed, we delete or irreversibly anonymize data.
  
  

7. Security

We apply appropriate technical and organisational measures, including access controls, encryption in transit, secure development practices, and vendor due diligence. No system is perfectly secure; we monitor and improve safeguards continuously.

8. Your rights (EEA/UK)

You can request to access, correct, or delete your data; restrict or object to processing (including at any time to direct marketing); and receive a copy of data you provided in a portable format. Where processing relies on consent, you may withdraw it at any time (this won’t affect prior lawful processing).
We may need to verify your identity. We aim to respond within 1 month.
You can complain to the Danish Data Protection Agency (Datatilsynet) or your local authority. See: https://www.datatilsynet.dk

Requests: privacy@elegantfish.io

9. Children

Our Services are not directed to children under 13 (US) and to children under the digital consent age in their EEA country (13–16). We do not knowingly collect personal data from such children without verifiable parental consent. If you believe a child has provided personal data, contact us and we will remove it.

10. How to contact us

• Privacy/DPO: privacy@elegantfish.io
  
  

• General support: support@elegantfish.io
  
  

• Postal: Elegant Fish ApS, C/O Legaldesk.dk ApS, Njalsgade 21F, 2, 2300 København S, Denmark

11. Changes to this policy

We may update this policy. We will post the new version with an updated “Last Updated” date and, where changes are material, provide in-product notice or request consent again where required.

Last Updated: October 16, 2025