Privacy Policy

Version: 2026 Global Full-Compliance Deep Enhanced Edition

This edition is comprehensively upgraded to include the latest transparency requirements under the EU Digital Services Act (DSA), differentiated US state privacy clauses (including California, Texas, Virginia and other states), AI-generated content disclosure requirements (where applicable), and detailed in-app purchase and ad fraud enforcement rules. It also reflects 2026 global data sovereignty trends, recent app store policy changes, regional compliance details, technical execution standards, and risk control measures. The objective is full legal coverage across mainstream monetization models and global multi-region operations.

Part I: Privacy Policy

1. Specific Data Collection Granularity and Purpose

We strictly follow the principle of data minimization. Data is collected only through compliant methods and solely for maintaining IAA (ad monetization) and IAP (in-app purchase) system operation, user experience optimization, and fraud prevention. We do not collect unrelated personal information.

• Device fingerprints and identifiers: including but not limited to IDFA (iOS), GAID (Android), OAID (Android in China market), device brand/model, screen resolution, OS version, language settings, battery status, system clock offset (for timezone cheating detection and cross-region price fraud prevention), and encrypted unique device identifiers not directly linked to real-world identity.
• Network environment data: IP address (used only for regional compliance filtering and jurisdiction adaptation, not precise geolocation), mobile carrier name, Wi-Fi status, network type (4G/5G/Wi-Fi), for service stability and regional compliance control.
• Behavioral trajectory (IAA & UX):
  • Ad behavior: ad impression ID, click timestamp, conversion path, rewarded video watch duration and early-exit status, ad dwell time. Used for ad effectiveness optimization and ad fraud prevention. Data is used for internal analytics and synchronized to monetization partners only when necessary and de-identified.
  • App/game logic events: core loop trigger frequency, payment prompt CTR, onboarding drop-off points, feature usage frequency. Used to optimize interaction flows and functional layout. We do not collect private operation content.
• Financial transaction data (IAP):
  • We receive receipts only through official App Store / Google Play APIs.
  • We do not process or store bank card number, CVV, payment password, card expiration date, or equivalent sensitive payment data.
  • Recorded fields include order ID, purchase item names and quantity, payment currency, payment amount, country code, transaction timestamp, sandbox order status, and order result (success/failure/refund), for order verification, refund handling, financial reconciliation, and payment fraud prevention.

All collected data is encrypted and stored on compliant infrastructure. Access is restricted to authorized personnel and fully auditable.

2. Deep Third-Party Sharing Architecture (Data Mapping)

For lawful monetization, service optimization, and anti-fraud, we share only necessary data with compliant third-party ecosystems, under strict principles of minimality, encrypted transfer, and traceable control. Sensitive personal information is not shared.

• Mediation / Ad Monetization Layer: AppLovin MAX, Google AdMob, Unity LevelPlay, ironSource, Meta Audience Network, Mintegral, Pangle (TikTok for Business), Liftoff Monetize (formerly Vungle), InMobi, Chartboost, AdColony, Smaato, Yandex Ads, Ogury. Purpose: RTB bidding, fill-rate optimization, monetization efficiency. Shared data scope: de-identified device and ad event metrics, not real identity linkage.
• Attribution and Anti-Fraud (MMP): AppsFlyer, Adjust, Singular, Kochava, Branch (where applicable). Purpose: install attribution, fake install detection, ad theft prevention. Shared scope: de-identified device signals and attribution data for fraud validation.
• Payment processors: Apple Inc., Google LLC. Purpose: in-app purchase transaction processing and order validity verification. Shared scope: order-level data excluding sensitive payment credentials.

We sign confidentiality and data processing agreements with all partners, define usage scope/retention/security responsibility, and periodically audit partner compliance. If a partner violates data handling obligations, cooperation is terminated and liability pursued. Users can review third-party sharing lists in-app and may withdraw certain authorizations (withdrawal may affect ad monetization and some services).

3. Global Region-Specific Legal Statements

We adapt to global privacy frameworks with 2026 updates and apply differentiated clauses for major jurisdictions.

• EU (GDPR) & UK (UK-GDPR):
  • Lawful basis: contract performance, explicit consent, and legitimate interests (such as anti-fraud and service optimization), aligned with GDPR/UK-GDPR Article 6.
  • EU/UK representative: [Reserved for legal representative contact and registered address in EU/UK]. This representative receives access/correction/deletion/consent withdrawal requests with a response target of no more than 7 working days.
  • DSA transparency supplement: we disclose ad delivery rules, algorithmic recommendation logic, moderation standards, and transparency reports with data flow and partner details; if UGC is involved, moderation and complaint handling standards are published.
  • User rights: access, rectify, erase, withdraw consent, data portability, and complaint rights to EDPB/competent authorities and UK ICO.
• United States (CCPA/CPRA/VCDPA and state variations):
  • No sale of personal information: we do not sell personal information to advertisers, brokers, or third parties.
  • Sharing notice: device ID sharing for ad personalization may be classified as "sharing" in some state laws; users may opt out at any time.
  • Do Not Track: when DNT / tracking limitation is enabled, behavioral tracking for personalized ads is halted; only essential service data is retained.
  • California (CPRA): rights to disclosure of 12-month collection/use/sharing records, deletion requests, and targeted-ad opt-out; responses within 45 working days.
  • Texas (state privacy adaptation): strengthened data access rights, no unreasonable barriers for access requests, no sharing of sensitive data (e.g., biometric or financial data) without written authorization where required.
  • Virginia (VCDPA): rights to correction and opt-out of certain sharing; response/completion target within 30 working days.
  • Other states: operational adaptation extends to Washington, Colorado, and other updated state frameworks.
• Brazil (LGPD): explicit consent before collection, clear purpose disclosure, rights to access/correction/deletion/withdrawal, dedicated compliance owner, local data handling requirements where applicable, and regulated cross-border transfer controls.
• China: compliance with PIPL, Data Security Law, and cross-border data transfer rules; explicit consent, localized storage where required, no illegal sensitive-data over-collection, regulator cooperation.
• India: compliance with DPDP Act; written consent baseline, data collection boundary clarity, DPO operation, deletion rights, and cross-border transfer handling subject to competent authority requirements.
• Saudi Arabia: compliance with Personal Data Protection Law, localization requirements where applicable, supervised under competent authority requirements.
• Canada & Japan: adaptation to PIPEDA and APPI with data rights protection, audit cooperation, and 2026 data sovereignty update alignment.

4. Subscription Transparency (Automatic Renewal)

If the app includes auto-renewing subscriptions, we follow Apple/Google rules and regional legal requirements:

• We collect only required subscription data: billing period, remaining trial time, status (active/expired/paused), and renewal time.
• Pre-subscription disclosure: period (weekly/monthly/yearly), price, trial duration (if any), renewal rules, cancellation paths, and no hidden terms.
• Charge reminder: reminder at least 24 hours before renewal via in-app popup and/or system notification, including amount, timing, and direct cancellation path.
• Subscription management: users can cancel via in-app settings and App Store/Google Play subscription management pages at any time.
• Trial policy: trial can be canceled during trial period to avoid charge. Where premium features are trial-only, they end immediately after cancellation/trial expiration according to product design.

5. AI-Generated Content Disclosure (If Applicable)

• Clear labeling: AI-generated content (text/audio/image/interactive scene) is clearly labeled as "AI-generated" to distinguish from human-created content.
• Content compliance: prohibited categories include violence, pornography, vulgarity, disinformation, politically illegal content, and discriminatory content; dual process of AI filtering plus human review is applied.
• Liability scope: AI content is assistive and does not constitute guaranteed advice. Infringing AI outputs are removed and handled under applicable law.
• Data safety: model training data is lawfully obtained and authorized non-sensitive data; personal privacy data is not used for model training without lawful basis and consent where required.

6. Children and Age-Appropriate Safeguards

6.1 In-App Ad Format Compliance Disclosure

Where monetization is enabled, app products may integrate multiple ad formats including App Open Ads, Rewarded Video Ads, Interstitial Ads, and Banner Ads. These formats are implemented under platform policies, regional legal requirements, and fraud-prevention controls. Ad event data collection and sharing in relation to these formats follows the same data minimization, encryption, and compliance mapping described in this policy.

6.2 Children and Age-Appropriate Safeguards

• Our services are not intended to knowingly collect personal data from children in violation of applicable law (such as COPPA-like frameworks where applicable).
• If a minor uses paid features without guardian authorization, guardian-supported verification and lawful refund pathways are provided according to store policy and local law.
• If unlawful child data processing is identified, relevant data is deleted or restricted as required by law.

7. Data Retention and Deletion Schedule

We retain personal data only for as long as necessary to provide services, prevent abuse, fulfill legal obligations, and resolve disputes. Retention duration depends on data type, processing purpose, and jurisdiction-specific requirements.

• Operational analytics events: generally retained for a limited period required for service optimization and fraud pattern analysis.
• Ad event and monetization logs (IAA): retained for billing reconciliation, anti-fraud investigation, and audit traceability.
• Order and receipt records (IAP): retained as required for accounting, tax compliance, refund handling, and legal dispute defense.
• Support and complaint records: retained for request resolution, quality control, and compliance evidence.
• Where retention periods expire, data is deleted, anonymized, or irreversibly de-identified unless further retention is legally required.

8. International Data Transfer and Transfer Safeguards

When cross-border transfers are necessary for service delivery, monetization settlement, security operations, or infrastructure continuity, we apply legally recognized transfer safeguards and contractual controls.

• For EEA/UK-origin data, we rely on recognized transfer mechanisms such as adequacy decisions and/or approved contractual safeguards where applicable.
• For jurisdictions requiring government filing, security assessment, or standard contract registration, transfer is handled only after required procedures are completed.
• Transfers are encrypted in transit and restricted by role-based access controls.
• Third-party importers are contractually bound to confidentiality, purpose limitation, and incident notification obligations.

9. Cookie, SDK, and Consent Preference Management

Depending on product distribution channel, device platform, and region, we may rely on SDK identifiers, local storage, and similar technologies for core service delivery, analytics, attribution, and advertising controls.

• Where law requires consent before non-essential tracking, we provide a consent mechanism and record consent status.
• Users can update preferences through in-app privacy controls, device settings, or platform-level tracking controls.
• On iOS, ATT status is respected and forwarded to applicable SDK partners.
• On Android, advertising ID controls and privacy sandbox requirements are respected where applicable.
• Withdrawal of consent may reduce personalization quality and certain ad-supported functionality.

10. Security Controls and Incident Response

We maintain organizational and technical safeguards designed to protect confidentiality, integrity, and availability of processed data.

• Security measures include encryption, access segregation, least-privilege controls, logging, and periodic security assessment.
• We apply controlled development and release processes to reduce unauthorized access and data leakage risk.
• If a security incident affecting personal data occurs, we trigger internal response procedures, contain impact, investigate root cause, and notify users/regulators where legally required.
• Incident reports are retained for auditability and long-term security improvement.

11. Data Subject Request Workflow and Verification

To protect account and data security, rights requests (access, correction, deletion, portability, restriction, objection, consent withdrawal) may require identity verification before execution.

• Verification may include account ownership evidence, purchase reference, device/session proof, or legally acceptable identity evidence.
• Authorized agents may submit requests with valid authorization documents and identity proof as required by local law.
• Requests are processed within statutory timelines applicable to the requester's jurisdiction.
• Where requests are unfounded, excessive, repetitive, or conflict with legal obligations, we may lawfully limit processing and provide explanation.

12. Legal Basis Mapping by Processing Scenario

We document lawful grounds for each major processing scenario to ensure accountability and auditable compliance execution.

• Core service operation: contract performance and legitimate service continuity interests.
• Payment and order validation: contract performance, legal obligation, and anti-fraud legitimate interests.
• Security monitoring and abuse prevention: legitimate interests and legal compliance obligations.
• Personalized advertising/analytics where required: consent and consent-withdrawal controls.
• Regulatory cooperation and legal defense: legal obligation and lawful claims protection.

13. Policy Updates, Versioning, and Notification

We may update this Privacy Policy to reflect legal, operational, technical, or product changes. Material updates will be communicated through reasonable channels such as in-app notice, website update, or other legally recognized methods.

• New policy versions become effective on the date indicated in the published version.
• Where explicit consent is legally required for changed processing purposes, renewed consent is requested before processing.
• Continued use after effective date may be treated as acknowledgment to the extent allowed by law.

14. Contact for Privacy Requests and Complaints

If you have any question, feedback, complaint, or rights request, contact us at:

• Business Support: support@ngocambient.com
• Customer / Privacy Contact: contact@ngocambient.com
• Address: Hoa Lac High-Tech Park, Hanoi, Vietnam