Privacy Policy

Privacy Policy for Match Tile 3: Zen

Operator: ,

("we," "us," or "our") respects your privacy. This Privacy Policy explains what personal data we collect when you download, install, register an account in, and play the mobile game Match Tile 3: Zen (the "Game"), how we use it, who we share it with, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The categories of data we collect are also disclosed in the Data Safety section of our Google Play store listing, which we keep consistent with this Policy.

By creating an account in or otherwise using the Game, you confirm that you have read and understood this Policy.

1. Information We Collect

We may collect the following categories of personal data:

• Account identifiers (provided by you). Because Match Tile 3: Zen uses a self-registered account system, you must provide an email address or mobile phone number and a password (or one-time verification code) to create and access your account. You may also choose to provide a display name.
• Device and technical identifiers (collected automatically). Mobile device model, operating-system version and language, app version, IP address, time-zone setting, crash logs, and Android Advertising ID (AAID). The AAID is a resettable, user-controlled identifier — see Section 4 on how to reset or delete it.
• Commercial information. Records of in-app purchases (item, amount, transaction time, Google Play order number such as GPA.xxxx). All payment-card details are handled exclusively by Google through Google Play Billing; we do not receive or store full card numbers, CVV, or bank-account numbers.
• Internet or game-activity information. Levels played, level-completion data, hint/shuffle/grid booster usage, session length, settings you choose, in-game progress and save data, and similar gameplay telemetry used to operate, analyze, and improve the Game.
• Coarse location. Country/region inferred from your IP address. We do not collect precise GPS coordinates.
• Customer-support correspondence. Information you send us when you contact support (e.g., your message, screenshots, and the email address from which you wrote).
• Inferences. Aggregated insights derived from the above (e.g., difficulty preference, churn signals) used to balance the Game.

We do not knowingly collect, and you should not provide, the following sensitive personal information: government identification numbers, financial-account credentials, precise geolocation, racial/ethnic origin, religious beliefs, union membership, genetic data, biometric identifiers, health data, or data concerning sexual orientation.

2. How and Why We Use Personal Data

We use personal data for the following purposes (legal bases under UK GDPR Article 6 noted in brackets):

• To create, operate, secure, and maintain your Game account, including authenticating logins and recovering forgotten passwords [contract performance];
• To deliver the Game's core features, save your progress, and synchronize purchases across re-installs [contract performance];
• To process and fulfil in-app purchases through Google Play Billing [contract performance / legal obligation];
• To provide customer support and respond to your inquiries [contract performance];
• To send transactional notices (e.g., purchase receipts, security alerts, account-deletion confirmations) [contract performance];
• To monitor crashes, debug issues, balance level difficulty, and improve gameplay [legitimate interests];
• To detect, prevent, and respond to fraud, abuse, cheating, and security incidents [legitimate interests / legal obligation];
• To comply with applicable law in England and Wales and the United Kingdom, and to enforce our Terms of Service [legal obligation / legitimate interests];
• To send optional promotional communications, only where you have opted in (you may withdraw consent at any time) [consent].

We will not use your personal information for materially different purposes without first providing notice and, where required, obtaining your consent.

3. How We Share Personal Data

We do not sell your personal data. We disclose personal data only as follows:

• Service providers (processors). Cloud hosting, account-system infrastructure, customer-support tooling, crash-reporting, analytics, and similar vendors who process data on our behalf under written agreements that prohibit independent use or onward disclosure. See Section 4 for the SDK categories involved.
• Google (Google Play Billing). All payment data is handled by Google LLC under its own terms and privacy policy.
• Legal compliance. When required to comply with a subpoena, court order, lawful government request, or applicable law, or to defend our legal rights.
• Protection of rights. When we believe in good faith that disclosure is necessary to protect the safety, rights, or property of , our players, or the public.
• Corporate transactions. In a merger, acquisition, financing, reorganization, or sale of all or part of our assets, your information may be transferred. We will provide notice and, where required by law, obtain your consent.
• With your explicit consent in any other case.

4. Third-Party SDKs, Analytics, and Advertising

To operate the Game we may integrate third-party software development kits ("SDKs") that perform one or more of the following functions: crash and performance reporting, gameplay analytics, install attribution, push notifications, in-app advertising, and ad mediation. Each SDK provider acts under its own privacy policy. The categories of data they may collect include device identifiers (such as the Android Advertising ID), IP address, coarse location inferred from IP, app/device characteristics, and event-level usage data.

The current, authoritative list of SDKs in use, the categories of data they collect, and the purposes for which they are used is published in the Data Safety section of our Google Play store listing. We keep that disclosure synchronized with our actual integrations as we add or remove SDKs, and that listing supersedes any out-of-date examples that may appear elsewhere.

Your controls over advertising and identifiers:

• Android 12 or later: open Settings > Privacy > Ads and tap Delete advertising ID. After deletion, your AAID will be replaced by a string of zeros and apps cannot use it for ad personalization.
• Older Android versions: open Settings > Google > Ads and enable Opt out of Ads Personalization.
• Reset your AAID at any time from the same screen.
• For more information about online advertising and your choices in the UK, visit the ICO guidance on advertising and marketing.

5. Data Retention

We keep personal information only as long as necessary for the purposes described above or as required by law:

• Active account data (login credentials, profile, save data): kept while your account is active, plus up to 180 days after deletion request to allow account-recovery in the event of accidental deletion or compromise, after which it is permanently deleted or anonymized.
• Purchase and tax records: retained for up to 6 years in line with UK accounting, tax, and company-law recordkeeping requirements; payment-card data is never stored by us.
• Crash logs and gameplay analytics: kept in identifiable form for up to 24 months, then aggregated or anonymized.
• Customer-support correspondence: retained for up to 3 years.
• Information subject to a legal hold: retained for the duration of the relevant proceeding, then deleted.

6. Data Security

We use commercially reasonable technical and organizational safeguards designed to protect your information, including:

• Transport encryption (TLS 1.2 or higher) for all data sent between the Game and our servers;
• Encryption at rest for credentials and other sensitive fields, with hashed-and-salted password storage;
• Role-based access controls and least-privilege principles for our personnel;
• Periodic security review and vulnerability remediation.

No system is 100% secure. If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) where required under UK GDPR, and affected individuals where required by law.

7. International Data Transfers and Storage Location

We are based in England, United Kingdom. Personal information we collect may be processed and stored in the United Kingdom and in other countries where our service providers operate. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place under UK GDPR, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism recognised under UK law.

8. Children's Privacy

Match Tile 3: Zen is not directed at children under 13, the minimum age of digital consent in the United Kingdom under the UK GDPR. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at and we will investigate and, where appropriate, delete the data without undue delay. We design the Game with the ICO's Age Appropriate Design Code in mind. Parents may also use Google Play Family Link and purchase-approval settings to prevent unauthorised in-app purchases.

9. Account and Data Deletion

You may request deletion of your account and associated personal information at any time. We provide both an in-app option and a web-accessible request channel, in line with Google Play's account-deletion requirements:

• In-app: open Settings → Account → Delete Account in the Game and follow the on-screen confirmation.
• By email: send a request from the email address associated with your account to with the subject line "Account Deletion Request" and include your in-game player ID or registered email/phone for verification.

What we delete: your login credentials, profile, saved game progress, customer-support history tied to your account, and any other personal information we hold about you that is not subject to a legal retention requirement.

What we may retain (in limited form):

• Purchase, refund, and tax records — retained as required by UK law (generally up to 6 years);
• Aggregated or de-identified analytics that can no longer reasonably be linked to you;
• Records necessary to detect or prevent fraud, abuse, or security incidents (e.g., a list of banned device hashes);
• Information we are required to keep under a legal hold or in response to a lawful government request.

Timing: we will acknowledge your request within 2 business days and complete deletion within 30 days of verification, unless a longer period is required by law. After deletion, your account cannot be recovered. We will confirm completion by email.

10. Your Rights under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of access — obtain confirmation of whether we process your data and a copy of it;
• Right to rectification — have inaccurate or incomplete data corrected;
• Right to erasure — request deletion in the circumstances set out in UK GDPR Article 17 (see Section 9);
• Right to restrict processing — request that we restrict processing in the circumstances set out in UK GDPR Article 18;
• Right to data portability — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where applicable;
• Right to object — object to processing based on our legitimate interests, including direct marketing;
• Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing;
• Right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

To exercise any of these rights, email with your name, registered account details, and the right you wish to exercise. We may ask for information to verify your identity. We will respond within one month, extendable by a further two months for complex requests, in line with UK GDPR Article 12.

11. Marketing and Do Not Track

We will only send you promotional communications where you have opted in, and you may opt out at any time. Some browsers send a "Do Not Track" signal; there is no uniform industry standard for responding to such signals, and we do not currently respond to them. Third-party SDKs integrated into the Game (see Section 4) may collect information about your activity over time; this Policy is the authoritative statement of our data practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last Updated" date at the top of this page will always reflect the most recent revision. For material changes, we will provide at least 30 days' prior notice via in-game notice or email (where we have one). Your continued use of the Game after the updated Policy takes effect constitutes acceptance of the changes.

13. Contact Us

Data controller:
Address:
Email:
Phone:
Response time: Initial acknowledgment within 1–2 business days; UK GDPR requests handled within one month.

14. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Disputes relating to this Policy are subject to the exclusive jurisdiction of the courts of England and Wales, except where mandatory data-protection law entitles you to bring proceedings before the courts or supervisory authority of your habitual residence.