Privacy Policy
This Privacy Policy explains how Nevzat Atilla Ozder ("we", "us", "our") collects, uses, shares, and protects information when you use our mobile games (the "Apps") and when you visit our website (the "Site").
We publish multiple Apps over time. This Policy applies to all Apps we publish unless an App displays a different privacy policy.
1) Data Controller (who is responsible)
- Data Controller: Nevzat Atilla Ozder
- Address: Cavus Mah. Muhtesem Sk. 6B/16 Sile / Istanbul, Turkiye
- Email: support@atillaozder.com
- DPO: No DPO appointed.
2) Quick summary
- No user accounts: We do not create in-app accounts or require login.
- Purchases: Apple processes in-app purchases; we do not collect payment card details.
- Ads: We show ads via Google AdMob and Unity Ads.
- Tracking / personalized ads: We may show personalized ads only if you allow iOS App Tracking Transparency (ATT) and provide any required consent. Otherwise, we aim to show non-personalized ads where available.
- Analytics & diagnostics: We use Firebase for analytics, crash reporting (Crashlytics), performance monitoring, remote config, and messaging (push notifications).
- International processing: Our service providers may process data in the United States and other countries.
3) What information we collect
We and our service providers may collect the following categories of data depending on your device settings and how you use the Apps:
A) Identifiers (including "User ID" / "Device ID")
- Device ID: may include the iOS Advertising Identifier (IDFA) only if you allow Tracking via Apple's ATT prompt.
- User ID: an identifier assigned by our SDKs (for example, an app instance identifier) to support analytics, diagnostics, ad delivery/measurement, and fraud prevention.
- IP address (commonly collected by SDKs for security, analytics, diagnostics, and fraud prevention).
- Device/app info such as device model, operating system version, app version, language, and timezone.
Important clarification: "User ID" here refers to an SDK/app identifier, not your Apple ID. We do not ask for or collect login credentials in the Apps.
B) Usage Data (including "Product Interaction", "Advertising Data", and "Other Usage Data")
- Product Interaction: app opens, sessions, screens viewed, and gameplay/app events.
- Advertising Data: ad impressions, clicks, and related ad interaction and measurement signals.
- Other Usage Data: general usage patterns used to understand and improve the Apps.
Firebase features used: Analytics, Crashlytics, Performance Monitoring, Remote Config, Messaging.
Important: We do not send user-provided text to analytics events.
C) Diagnostics
- Crash Data: crash logs and related diagnostics via Firebase Crashlytics.
- Performance Data: performance traces/signals via Firebase Performance Monitoring.
D) Location
- Coarse Location: country/region may be inferred from IP address or similar signals used by analytics/ads SDKs.
E) Push notifications (optional)
- If you enable push notifications, a push notification token (via Firebase Cloud Messaging) is used to deliver notifications to your device.
F) Purchases (In-App Purchases)
- Purchases are processed by Apple via the App Store.
- We do not collect payment card details.
- We use Apple's In-App Purchase APIs to unlock content.
- We do not store purchase data on our own servers.
4) What we do not collect
We follow data minimization principles and collect only the information reasonably necessary for the purposes described in this Policy.
Based on current App design, we do not collect:
- account credentials (no username/password in-app),
- user-generated content,
- contacts, photos, camera, microphone, health data,
- precise GPS location.
5) How we use information
We use information to:
- provide and operate the Apps (including enabling purchased content),
- monitor performance, fix bugs, and improve gameplay and stability,
- protect against fraud, abuse, and security incidents,
- show ads and measure ad performance,
- send push notifications if you opt in.
Profiling / automated decisions: Our advertising partners may use limited profiling to show relevant ads (where permitted). However, we do not use automated decision-making that produces legal effects or similarly significant effects on you (for example, decisions about your legal status, credit, employment, or eligibility for essential services).
6) Legal bases and processing grounds (GDPR/UK GDPR and Turkiye KVKK)
A) For users in the EEA/UK (GDPR / UK GDPR)
We process personal data under these legal bases:
- Consent: for tracking and personalized advertising where required (including IDFA under ATT), and for push notifications (device-level permission).
- Legitimate interests: for analytics, performance monitoring, crash reporting, and security to improve and protect the Apps (balanced against your rights).
- Contract / performance of a contract: to provide paid features/content you purchase through Apple's in-app purchases.
B) For users in Turkiye (KVKK - Law No. 6698)
For users in Turkiye, we process personal data in accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK") and related legislation and decisions of the Personal Data Protection Authority. Your rights under KVKK are described in Section 15.
We obtain granular consent (opt-in) for specific processing purposes as required by KVKK. Cross-border transfers of personal data comply with KVKK requirements, including obtaining explicit consent where required by law or relying on other lawful transfer mechanisms recognized by the Personal Data Protection Authority.
VERBIS note: Depending on our scale and legal criteria, we may have an obligation to register with the Data Controllers' Registry (VERBIS). If registration is required for us, we will comply. (Even if registration is not required, KVKK obligations may still apply.)
Enforcement note: In accordance with updated enforcement requirements (including Decision No. 2025/2451), we will notify the Personal Data Protection Authority within 72 hours of becoming aware of any data breach, and affected individuals as soon as possible thereafter.
7) App Tracking Transparency (ATT), IDFA, and ad personalization
- If an App uses the IDFA for advertising that qualifies as "tracking," iOS will display Apple's ATT prompt.
- If you choose "Ask App Not to Track," we will not access the IDFA for tracking purposes.
- Personalized ads are enabled only when you allow ATT and provide any required consent. Otherwise, we aim to show non-personalized ads where available.
- You can change tracking permission in iOS at any time:
Settings → Privacy & Security → Tracking.
8) U.S. state privacy laws (opt out of targeted ads)
Some U.S. state privacy laws provide the right to opt out of the "sale" or "sharing" of personal information for targeted advertising (also called cross-context behavioral advertising). This includes rights under the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), and similar laws in other U.S. states.
You can control targeted advertising in these ways:
- In-app privacy choices: Where applicable, we display an AdMob U.S. state privacy choices message at app start that may allow you to choose whether your data is used for targeted advertising (depending on region and availability).
- iOS Tracking (ATT): You can disable tracking permission in
Settings → Privacy & Security → Tracking. - Email request (supported): Email support@atillaozder.com with the subject "US Privacy Opt-Out" and include the App name. We will respond and apply your request where required and technically feasible.
Note: If you do not see the in-app privacy message in your region/device scenario, you can still email us for help and opt-out handling. We do not discriminate against users for exercising privacy rights.
9) Sharing of information
We do not sell or share (as those terms are defined under CCPA/CPRA) your personal information for monetary or other valuable consideration, including for cross-context behavioral advertising. We may share information with:
A) Service providers (processors)
We use third-party services to provide analytics, diagnostics, ads, and messaging. These providers process data under their own policies and/or on our behalf.
While we select service providers with care, each provider processes data under its own privacy policy and terms. We are not responsible for the independent data processing activities of our third-party service providers beyond what is required by applicable law.
- Firebase (Google) - analytics, Crashlytics, performance monitoring, remote config, messaging: Firebase Privacy
- AdMob (Google) - advertising and measurement: AdMob Privacy
- Unity Ads (Unity) - advertising and measurement: Unity Privacy Policy
B) Legal and safety reasons
We may disclose information if reasonably necessary to comply with law, respond to lawful requests, protect users, prevent fraud/abuse, or enforce our terms.
10) International transfers
Our servers and/or our service providers' servers may be located in the United States and other countries. This includes processing by partners such as Google (Firebase/AdMob) and Unity (Unity Ads), as listed in Section 9.
If you are in the EEA/UK, transfers outside your region may be protected by safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms, depending on the provider and circumstances.
For users in Turkiye, cross-border transfers are conducted in accordance with KVKK requirements, including obtaining explicit consent where required by law or relying on other lawful transfer mechanisms recognized by the Personal Data Protection Authority.
11) Data retention
We keep information only as long as needed for the purposes described in this Policy:
- Google/Firebase Analytics retention: 14 months (as configured in our Firebase/Google Analytics settings).
- Crash reporting / diagnostics (Crashlytics): retained according to Firebase configuration and as needed to investigate and resolve stability issues.
- Performance Monitoring / Remote Config / Messaging data: retained according to Firebase configuration and operational needs.
- Push notification tokens: retained while notifications are enabled and/or until the token becomes invalid (e.g., app reinstall), subject to platform behavior.
- Support emails: retained as reasonably necessary to respond and for recordkeeping and legal compliance.
12) Security
We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information. No method of transmission or storage is 100% secure.
13) Do Not Track signals (DNT)
Our Apps are mobile applications and do not respond to web browser "Do Not Track" signals.
14) Children's privacy
Our Apps are intended for general audiences and are not designed to knowingly collect personal information from children under 13. If you believe a child provided personal data to us, contact support@atillaozder.com and we will take appropriate steps (including deletion where feasible).
Children's Privacy Policy: Click Here
15) Your rights and how to exercise them (GDPR/UK GDPR and KVKK)
A) EEA/UK users (GDPR/UK GDPR)
Depending on your location, you may have rights such as access, correction, deletion, restriction, objection, portability, and the right to withdraw consent. You may also have the right to lodge a complaint with your local data protection authority.
B) Users in Turkiye (KVKK - Law No. 6698, Article 11)
For users in Turkiye: You have rights under Article 11 of KVKK, including (among others) the right to:
- learn whether your personal data is processed,
- request information if processed,
- learn the purpose of processing and whether it is used in accordance with that purpose,
- know third parties to whom personal data is transferred (domestic/abroad),
- request correction of incomplete/incorrect data,
- request deletion or destruction under applicable conditions,
- request notification of correction/deletion to third parties to whom data was transferred,
- object to a result against you arising from analysis exclusively by automated systems,
- request data portability (receive your personal data in a structured, commonly used format),
- request restriction of processing, and
- request compensation for damages arising from unlawful processing.
C) U.S. residents
If you are a resident of a U.S. state with applicable privacy legislation, you may have the following rights:
- Right to know what personal information is collected about you.
- Right to delete personal information we hold about you.
- Right to opt out of the sale or sharing of your personal information for targeted advertising.
- Right to non-discrimination for exercising your privacy rights.
We do not use or disclose sensitive personal information for purposes other than those permitted by applicable law.
To exercise these rights, see the instructions below or refer to Section 8 for opt-out methods.
How to exercise rights (email only)
To exercise your rights, email support@atillaozder.com and include:
- the App name,
- your device platform (iOS),
- the type of request (access/deletion/etc.),
- any details that help us locate data (approximate dates, screenshots of settings such as ATT choices).
No account deletion note (Apple)
We do not create user accounts in our Apps. If you request deletion, we will delete or restrict personal data we control where feasible. Some data may be held by our service providers (e.g., advertising/analytics providers) under their own retention settings; we will assist by applying available controls and/or directing you to relevant provider controls where appropriate.
16) Third-party links
Our Apps or Site may contain links to third-party websites/services. Their privacy practices are governed by their own policies.
17) Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new "Last updated" date. If changes are material, we may provide additional notice (such as an in-app notice).
18) Contact
- Nevzat Atilla Ozder
- Cavus Mah. Muhtesem Sk. 6B/16 Sile / Istanbul, Turkiye
- Email: support@atillaozder.com