en
GDPR Privacy Policy

GDPR Privacy Policy for Games

Last updated: April 2026

CharStudio OÜ (“CharStudio”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our games, websites, and services (“Services”).

1. Information We Collect

We may collect the following categories of personal data:

a) Device and Technical Data

  • Device identifiers (IDFA, GAID)

  • IP address

  • Device type, OS, language

  • Approximate location (country/region)

b) Usage Data

  • Game progress and gameplay activity

  • Session duration and frequency

  • Interaction with ads and in-app purchases

c) User-Provided Data

  • Support messages

  • Usernames or identifiers (if applicable)

2. How We Use Your Data

We use personal data to:

  • Provide, operate, and maintain our Services

  • Improve gameplay, features, and performance

  • Deliver advertising (personalized or non-personalized depending on consent)

  • Process in-app purchases

  • Detect fraud, abuse, and technical issues

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Performance of a contract – to provide and operate the Services

  • Legitimate interests – for analytics, service improvement, and fraud prevention

  • Consent – for personalized advertising and tracking technologies where required

Where consent is required, we request it through a Consent Management Platform (CMP).

4. Advertising and Consent

We use advertising services to support our games.

  • In the EEA, we request user consent before processing personal data for personalized advertising.

  • If consent is not given, only non-personalized ads are shown.

Users can withdraw or modify their consent at any time through in-app privacy settings.

5. App Tracking Transparency (iOS)

On iOS devices, we request permission to track users across apps and websites in accordance with Apple’s App Tracking Transparency (ATT) framework.

Tracking is only enabled if the user grants permission.

6. Third-Party Services

We use third-party services that may process personal data, including:

  • Google AdMob (advertising)

  • AppLovin MAX (advertising mediation, which may integrate multiple advertising networks)

  • Unity Ads (advertising)

  • Firebase Analytics (analytics and performance)

  • Singular (attribution and marketing analytics)

  • Beamable (backend infrastructure and game services)

  • Google Cloud (cloud hosting and infrastructure)

  • Amazon Web Services (AWS) (cloud hosting and infrastructure)

Our advertising mediation platform may include additional advertising partners over time. These partners may change and are not exhaustively listed.

These third-party services may act as independent data controllers or processors and are required to comply with applicable data protection laws.

7. Data Sharing

We may share personal data with:

  • Advertising partners

  • Analytics providers

  • Payment processors

  • Cloud infrastructure providers

We do not sell personal data under GDPR definitions.

8. International Data Transfers

Your personal data may be transferred outside the European Economic Area (EEA), including to the United States.

We ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.

10. Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to object to processing

  • Right to data portability

  • Right to withdraw consent at any time

You also have the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact us.

11. Data Deletion Requests

Users can request deletion of their personal data at any time.

To submit a data deletion request, please contact us via email: support (at) charstudio.com with the subject line “Data Deletion Request”.

We will process such requests in accordance with applicable data protection laws.

12. Children’s Privacy

Our Services are not directed to children under 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children.

13. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Services after changes means you accept the updated policy.

15. Contact Information

CharStudio OÜ

Maakri tn 23a

Tallinn, Estonia

For privacy-related inquiries, please contact us via our website.

Send your CV to hiring@charstudio.com. We will get back to you as soon as possible.