Privacy Policy

This privacy policy applies to the Fluff Journey mobile application (hereinafter referred to as "Application"), developed by Tatiana Losik (hereinafter referred to as "Service Provider"). The Application is a free service provided "AS IS" for mobile devices running iOS and Android. Registration in the Application is optional.

Who this Privacy Policy applies to

This Privacy Policy is intended for a general audience aged 13 and older. The Application is not directed at, and is not intended for, children under the age of 13.

Data Controller and contact

For the purposes of the EU/UK General Data Protection Regulation (GDPR) and equivalent laws, the data controller for the Application is:

What information does the Application obtain and how is it used?

The information collected depends on whether you choose to play the Application anonymously or to register an account.

When you play anonymously (no account):
You may use the Application without creating an account. In anonymous mode, the Application does not require you to provide any personally identifying information in order to play. Some information is still collected automatically by the Application and its analytics components, as described below under "Information collected automatically". This information is used to operate the Application, diagnose problems, and improve features.

When you register an account:
If you choose to register an account in order to save your progress and synchronize it across devices, the Application collects information you supply during registration. Registration is performed through Firebase Authentication using your email address, or through Sign in with Apple (on iOS). The Service Provider may use the information you provide to operate the Application and to send you service-critical notifications relating to your account or the Application. The Service Provider does not use this information to send marketing or promotional communications.

What data is stored when you register an account?

When you create an account, the following information is stored by the Service Provider on Firebase (Google Cloud) infrastructure:

• your authentication identifier (the email address you used to register, or the opaque identifier provided by Sign in with Apple);
• your in-game progress, including completed levels and quest progress;
• your in-game star currency balance and items purchased in the in-game shop;
• self-report category entries you create in the Application;
• your player's in-game position;
• your build inventory and placements.

All communication between the Application and Firebase is encrypted in transit using HTTPS / TLS.

Information collected automatically

In addition, the Application may collect certain information automatically, including, but not limited to:

• the type of mobile device you use;
• your mobile operating system and its version;
• your device language;
• the IP address of your mobile device (collected transiently by Firebase and Unity for network routing and security);
• on Android only, the Google Advertising ID (GAID), which is collected by default by the Firebase Analytics dependency;
• information about the way you use the Application (in-app events such as feature usage and engagement metrics).

This information is collected by Firebase Analytics and Unity Analytics. On iOS, the Application does not collect the IDFA (Identifier for Advertisers), and no App Tracking Transparency (ATT) prompt is shown, because the Application does not perform any tracking across other companies' apps or websites.

Does the Application collect precise real-time location information?

This Application does not gather precise information about the location of your mobile device.

Does the Application use Artificial Intelligence (AI) technologies?

The Application does not use Artificial Intelligence (AI) technologies to process your data or provide features.

Tracking and advertising

The Application does not display advertisements. The Application does not contain any advertising SDKs, mobile measurement / attribution SDKs (such as AppsFlyer or Adjust), or other components designed to track you across other companies' apps or websites. The Google Advertising ID (GAID) collected on Android is used only as part of Firebase Analytics' default behavior for app analytics, and is not used to deliver personalized advertising to you.

Do third parties see and/or have access to information obtained by the Application?

Yes — the Application relies on a small set of third-party services to function. Each of these services has its own privacy policy that governs how it handles data:

• Firebase Authentication (Google) — used to manage your account login. Privacy policy
• Firebase Firestore (Google) — used to store your game progress, currency, purchases, self-reports, quest progress, build inventory, and related game state. Privacy policy
• Firebase Cloud Storage (Google) — used to store player-related files associated with your account. Privacy policy
• Firebase Analytics (Google) — used to collect usage analytics and basic device information. On Android, this component is responsible for collecting the Google Advertising ID. Privacy policy
• Unity Analytics (Unity Technologies) — used to collect standard player engagement metrics for the game engine. Privacy policy
• Sign in with Apple (AppleAuth SDK) — used solely for secure iOS / macOS login authentication. Privacy policy
• Google Play Services (Android) — provided by the operating system to enable Firebase functionality. Privacy policy

The Application does not contain any third-party advertising or monetization SDKs.

In addition, the Service Provider may disclose User Provided and Automatically Collected Information:

• as required by law, such as to comply with a subpoena, or similar legal process;
• when they believe in good faith that disclosure is necessary to protect their rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
• with their trusted service providers who work on their behalf, do not have an independent use of the information disclosed to them, and have agreed to adhere to the rules set forth in this privacy statement.

Legal basis for processing (for users in the EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the Service Provider relies on the following legal bases under the GDPR / UK GDPR to process your personal data:

• Performance of a contract (Art. 6(1)(b)) — for processing data that is necessary to provide the account-based features of the Application (registration, cloud save, cross-device synchronization).
• Legitimate interests (Art. 6(1)(f)) — for analytics, diagnostics, security, fraud prevention, and improving the Application. You have the right to object to such processing.
• Consent (Art. 6(1)(a)) — where required by applicable law, for example for certain advertising-related identifiers under Android's Privacy Sandbox. You may withdraw consent at any time.

International data transfers

The Firebase and Google Cloud services used by the Application are operated by Google on globally distributed infrastructure. Your information may be transferred to, and processed in, countries other than your country of residence, including the United States. Where required by law, such transfers are protected by appropriate safeguards, including the European Commission's Standard Contractual Clauses (SCCs) entered into between the Service Provider and its processors and the relevant Google entities.

What are my opt-out rights?

You can halt the collection of information by the Application in any of the following ways:

• uninstall the Application using the standard uninstall process available on your mobile device or via the relevant mobile application marketplace — this removes all locally stored data;
• use the in-app "Delete account / data" function to delete your account and the associated server-side data;
• contact the Service Provider at fluffjourneydevs@gmail.com to request deletion of your data.

What is the data retention policy and how can you manage your information?

The Service Provider retains User Provided data (your account and the data associated with it) for as long as you use the Application and for a reasonable time thereafter. The Service Provider retains Automatically Collected information for up to 24 months, in line with Firebase Analytics default retention settings, after which it may be stored in aggregate form only. Local save data is removed when you uninstall the Application.

If you would like the Service Provider to delete User Provided Data that you have provided via the Application, please use the in-app "Delete account" function, or contact the Service Provider at fluffjourneydevs@gmail.com. The Service Provider will respond within a reasonable time, and in any event no later than 30 days from receiving a verifiable request. Please note that some or all of the User Provided Data may be required in order for the Application to function properly.

Your rights

If you are located in the EEA, the UK, or Switzerland, you have the following rights under the GDPR / UK GDPR:

• the right of access — to obtain confirmation that the Service Provider processes your personal data, and a copy of it;
• the right to rectification — to ask the Service Provider to correct inaccurate or incomplete data;
• the right to erasure ("right to be forgotten") — to ask the Service Provider to delete your personal data;
• the right to restrict processing — to ask the Service Provider to limit how your data is used;
• the right to data portability — to receive your data in a structured, commonly used, machine-readable format;
• the right to object — to object to processing based on the Service Provider's legitimate interests;
• the right to withdraw consent — at any time, where processing is based on your consent;
• the right to lodge a complaint with the supervisory authority in your country of residence.

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the right to know what personal information is collected about you, to request deletion of that information, and to opt out of the "sale" of personal information. The Service Provider does not sell your personal information.

To exercise any of these rights, please contact the Service Provider at fluffjourneydevs@gmail.com.

How does the Application address children's privacy?

The Service Provider does not use the Application to knowingly solicit data from or market to children under the age of 13.

The Application does not address anyone under the age of 13. The Service Provider does not knowingly collect personally identifiable information from children under 13 years of age. In the case the Service Provider discovers that a child under 13 has provided personal information, the Service Provider will immediately delete this from their servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact the Service Provider (fluffjourneydevs@gmail.com) so that they will be able to take the necessary actions.

Registration in the Application is intended only for users aged 13 and older. By creating an account, you confirm that you are at least 13 years old. Users under 13 should not register an account, but may continue to play the Application anonymously, in which case no personal data is collected beyond what is necessary for the Application to function.

How is your information kept secure?

The Service Provider is concerned about safeguarding the confidentiality of your information. The Service Provider provides physical, electronic, and procedural safeguards to protect information that is processed and maintained. For example, access to this information is limited to authorized personnel who need it in order to operate, develop, or improve the Application. All communication between the Application and the Service Provider's back-end services is encrypted in transit using HTTPS / TLS. No sensitive data is stored unencrypted on your device; authentication tokens are managed securely by the Firebase SDK. Please be aware that, although the Service Provider endeavors to provide reasonable security for the information processed and maintained, no security system can prevent all potential security breaches.

How will you be informed of changes to this Privacy Policy?

This Privacy Policy may be updated from time to time for any reason. The Service Provider will notify you of any changes to the Privacy Policy by updating this page with the new Privacy Policy. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.

This privacy policy is effective as of 2026-05-22.

How do you give your consent?

By using the Application, you are giving your consent to the Service Provider processing of your information as set forth in this Privacy Policy now and as amended in the future. "Processing" means using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining, and disclosing information.

How can you contact us?

If you have any questions regarding privacy while using the Application, or have questions about the practices, please contact the Service Provider via email at fluffjourneydevs@gmail.com.