![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M 13.333 9.167 L 13.333 11.667 C 13.333 12.587 12.587 13.334 11.667 13.334 L 1.667 13.334 C 0.747 13.334 0 12.587 0 11.667 L 0 9.167 M 3.75 5.833 L 6.667 8.75 L 9.583 5.833 M 6.668 8.334 L 6.668 0" fill="transparent" height="13.333999816894533px" id="guuz5WeYk" stroke-dasharray="" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" stroke="rgb(22, 46, 5)" transform="translate(3.5 3.5)" width="13.333px"/></svg>)
Controller
We are Nova Sphere Limited trading as All Aces Games with the registered office at 62, Regent House, Bisazza Street, SLM1640 Sliema, Malta. Company number: C108762
Lead supervisory authority
Information and Data Protection Commissioner (IDPC), Malta — idpc.org.mt
Data Protection contact
privacy@allaces.games
Data Protection Officer contact
dpo@allaces.games
Scope
Our games, our website, our support channels.
Last updated
29 May 2026
Who we are
This Privacy Policy explains how All Aces Games Ltd (collectively 'we', 'us' or 'our') handles personal data of players (collectively 'you') of our mobile games or people who use our services. We are the controller of the personal data we collect.
Who this policy is for
Our games are for adults (18+). We don't knowingly collect data from children. If you believe a child has used our games, please see our Children's Privacy Notice and let us know at privacy@allaces.games.
What we collect
Category
Examples
Source
Account & profile
Player ID, display name, avatar, country, language, age confirmation, login provider.
You; Apple/Google when you sign in.
Device & technical
Device model and OS, advertising identifier (IDFA/GAID — only if you allow tracking), IP address, network type, app version, crash logs, performance metrics.
Automatically from your device.
Gameplay
Level progress, scores, in-game choices, items purchased, time-spent metrics, matchmaking data.
Automatically while you play.
Purchases
The fact you bought a virtual item, the amount, the receipt token from Apple/Google. We don't see your card or bank details.
Apple/Google billing.
Advertising
Ad impressions, clicks, viewed-rewarded-video events, attribution data, ad-network identifiers.
Ad SDKs (see Section 5).
Support & communications
Emails, in-game support tickets, attachments you choose to send.
You.
Marketing
Email subscription status, marketing-message engagement (if you opt in).
You.
Why we use it, and our legal basis
Purpose
What this looks like
Legal basis (GDPR Art.6)
Operate the game
Create your account, save your progress, run multiplayer features, sync across devices.
Performance of the contract with you (Art. 6(1)(b)).
Process in-app purchases
Verify receipts with Apple/Google, deliver virtual items, keep purchase history.
Performance of the contract (Art. 6(1)(b)).
Keep the game secure
Detect cheats, fraud, account takeover, abuse of our systems.
Performance of the contract / legitimate interests (Art. 6(1)(b),(f)).
Customer support
Respond to your tickets and emails, troubleshoot issues.
Performance of the contract / legitimate interests (Art. 6(1)(b),(f)).
Analytics and improvement
Understand how the game is used, fix bugs, prioritise features.
Legitimate interests (Art. 6(1)(f).
Personalised advertising.
Showing ads tailored to your interests; attribution; measurement; frequency capping.
Your consent (Art. 6(1)(a)).
Marketing emails
Sending you product news, tips, offers.
Your consent (Art. 6(1)(a)).
Legal compliance
Tax records of purchases, responding to legal requests, enforcing our Terms.
Legal obligation / legitimate interests (Art. 6(1)(c),(f)).
Who we share data with
We share personal data with the recipients listed in our List of Third-Party Data Recipients (a separate document, kept in sync with this Policy). In summary, we share data with:
• Platform operators — Apple and Google, for delivery of our game and billing of in-app purchases.
• Analytics and crash reporting providers — Google (Firebase/Crashlytics), Sentry.
• Advertising and attribution providers — Google (AdMob), Unity Ads, AppLovin MAX, Meta Audience Network, AppsFlyer.[JW1]
• Cloud and infrastructure providers — for hosting, backups, content delivery.
• Professional advisers — auditors, lawyers, accountants, on a need-to-know basis.
• Authorities — where we are legally required, or to defend our rights.
• A buyer or successor — if we are involved in a merger, sale or restructuring.
We don't sell your personal data in the ordinary sense. Some of our advertising SDKs may constitute a 'sale' or 'share' under CCPA (in California) — see the California Privacy Addendum for how to opt out.
International transfers
Some of our service providers are based outside the European Economic Area, including in the United States. Where we transfer personal data outside the EEA, we rely on one of the following safeguards under Chapter V of the GDPR:
• an adequacy decision of the European Commission (for example, the EU–US Data Privacy Framework for certified US recipients); or
• the European Commission's Standard Contractual Clauses (SCCs), where appropriate combined with supplementary technical, contractual and organisational measures.
You can request a copy of the safeguards we have in place by emailing privacy@allaces.games.
How long we keep your data
We are going to process your personal data as long as it is necessary to provide our services to you or as long as it is necessary to fulfill another lawful purpose. You can request us to stop processing your personal data at any time by sending us an e-mail at privacy@allaces.games.
Your rights
Right
What it means
Access
Ask us for a copy of the personal data we hold about you.
Rectification
Ask us to correct data that's wrong or out of date.
Erasure
Ask us to delete your data. Some data must be kept for legal reasons.
Restriction
Ask us to pause processing your data in certain situations.
Objection
Object to processing based on legitimate interests, including objection to personalised advertising at any time.
Portability
Ask for a machine-readable copy of certain data you gave us.
Withdraw consent
If processing relies on your consent, you can withdraw it at any time without affecting prior lawful processing.
Complaint
Lodge a complaint with the IDPC (idpc.org.mt) or your local data-protection authority.
To exercise any right, email privacy@allaces.games. We will respond within one month, extendable by two further months for complex requests. We won't charge a fee unless your request is manifestly unfounded or excessive.
Security
We use technical and organisational measures to protect your data. No system is perfectly secure; please use a strong, unique password and tell us at privacy@allaces.games if you suspect a security issue.
Kacper
10. Cookies and SDKs
Our games use software development kits (SDKs) and our website uses cookies. See our Cookie Policy for the categories we use, who they are operated by, and how to manage your preferences.
11. Region-specific information
If you live in California, see our California Privacy Addendum for additional disclosures and rights under the California Consumer Privacy Act / California Privacy Rights Act.
12. Changes to this policy
We may update this policy. The 'Effective' date at the top tells you when. If we make a material change, we will tell you in the game or by email at least 14 days before it takes effect.
13. How to reach us
For any privacy question, request or complaint, email privacy@allaces.games or write to Nova Sphere Limited trading as All Aces Games at 62, Regent House, Bisazza Street, SLM1640 Sliema, Malta. You can also complain to the Information and Data Protection Commissioner (IDPC), Floor 2, Airways House, High Street, Sliema SLM 1549, Malta, or to the data-protection authority in the country where you live.
