Kantrip
Legal · Privacy

Privacy Policy

This Privacy Policy explains how Kantrip LTD collects, uses, discloses and protects personal data in connection with our websites, games and related applications and services. Please read it carefully.

Effective 1 June 2026 Last updated 1 June 2026 Version 1.0

01Who we are & scope

Kantrip LTD ("Kantrip", "we", "us" or "our") is a company registered in England and Wales (company number 17180476), with its registered office at 66 Paul Street, London, England, EC2A 4NA. We are registered with the UK Information Commissioner's Office (ICO) under registration number Contact for Info. We act as the "controller" of personal data processed under this Policy, meaning we determine the purposes and means by which such data is processed.

This Policy applies to personal data we process when you visit our websites, download or play any of our games, or otherwise interact with the applications, products and services we make available (together, the "Services"), including games distributed through third-party application marketplaces such as the Apple App Store and Google Play.

Our games are made available to a global audience through these marketplaces. Wherever you are located, we process your personal data in accordance with this Policy and with the data protection laws that apply to you, including the UK General Data Protection Regulation ("UK GDPR") and, where relevant, the EU General Data Protection Regulation ("EU GDPR") and applicable US state privacy laws. Sections 15 and 16 set out additional information for users in the EEA and the United States.

Where a specific game or Service has its own supplementary privacy notice, that notice operates alongside this Policy and prevails to the extent of any conflict.

02Personal data we collect

We collect and process the following categories of personal data, depending on how you interact with the Services.

Information you provide

  • Account & contact data — where you create an account, join a waitlist or contact us, such as your username, email address and any correspondence you send to us.
  • Support data — information contained in support requests, bug reports and feedback you submit.

Information collected automatically

  • Device & technical data — device model, operating system and version, language settings, network information, and unique device or installation identifiers.
  • Gameplay & usage data — game progress, scores, settings, session length, in-game events and feature interactions.
  • Diagnostic data — crash logs, performance data and error reports used to maintain and improve stability.
  • Identifiers for advertising & analytics — where permitted, mobile advertising identifiers (such as Apple's IDFA or Google's Advertising ID) and similar analytics identifiers, subject to the consent and permission mechanisms of your device and platform.

Transaction data

  • Purchase data — records of in-app purchases, including the items purchased and confirmation of payment. Payments are processed by the relevant application marketplace; we do not collect or store your full payment card details.
Note

We do not intentionally collect special category data (such as data revealing health, ethnicity or beliefs). Please do not submit such information to us.

03How we collect it

We obtain personal data: (a) directly from you, when you provide it; (b) automatically, through your use of the Services and through cookies, software development kits ("SDKs") and similar technologies integrated into our games and websites (see Section 6); and (c) from third parties, including application marketplaces, analytics and advertising partners, and service providers acting on our behalf.

04How we use your data

We process personal data for the following purposes:

  • to provide, operate and maintain the Services, including saving game progress and delivering features you request;
  • to process in-app purchases and provide the corresponding entitlements;
  • to measure, understand and improve the performance, stability and design of our games;
  • to provide customer support and respond to your enquiries;
  • to detect, prevent and address fraud, cheating, security incidents and other prohibited or unlawful activity;
  • where permitted, to deliver and measure advertising and to communicate updates about our Services (see Section 7); and
  • to comply with our legal obligations and enforce our terms and agreements.

05Legal bases for processing

Under the UK GDPR and the Data Protection Act 2018 (and, for users in the EEA, the EU GDPR), we rely on the following legal bases:

  • Performance of a contract — to provide the Services you request and to process your purchases.
  • Legitimate interests — to operate, secure and improve our Services, to understand how they are used, and to protect against fraud and abuse, provided such interests are not overridden by your rights and freedoms. Where we rely on legitimate interests, you may ask us for a summary of our balancing assessment using the contact details in Section 19.
  • Consent — for certain analytics, advertising identifiers and marketing communications, where required. You may withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation — where processing is necessary to comply with applicable law.

For certain processing — such as preventing fraud and ensuring the security of our networks and information — we may also rely on the "recognised legitimate interests" basis under the UK GDPR, as amended by the Data (Use and Access) Act 2025.

06Cookies, SDKs & similar technologies

Our websites and games use cookies, SDKs, local storage and similar technologies to operate the Services, remember your settings, measure performance, and — where you have given any required consent — to support analytics and advertising.

Some of these technologies are strictly necessary to deliver the Services and cannot be switched off. Others are optional and are used only where the law permits, which in most cases means with your consent. Where required, we present a consent mechanism (such as a cookie banner or an in-app permission prompt) so that you can accept or decline optional technologies, and you can change your choice at any time through your device settings or our in-product controls.

Certain low-risk analytics technologies used solely to measure and improve how the Services perform may be operated on an opt-out basis, as permitted under UK law following the Data (Use and Access) Act 2025. You can opt out of these using the controls described above.

07Advertising & analytics

Some of our games are supported by advertising. Where we or our partners use advertising identifiers (such as the IDFA or Google Advertising ID) or process data to deliver and measure ads, we do so only where you have given any consent or permission required by your device, platform or applicable law. On Apple devices, we use the advertising identifier (IDFA) for tracking purposes only where you have opted in through Apple's App Tracking Transparency (ATT) prompt. On Android, you can opt out of personalised advertising and reset your advertising identifier through your device privacy settings.

You can control or reset advertising identifiers, and limit ad tracking, through the privacy settings on your device. We do not serve personalised or behavioural advertising to users we know to be under 18, and advertising and tracking technologies are not enabled by default for such users (see Section 13).

We use analytics to understand how our Services are used so that we can improve them. We aggregate or pseudonymise analytics data where practicable.

We work with advertising, monetisation, analytics and attribution partners who process data under their own privacy policies. An up-to-date list of the partners we currently use is available on request using the details in Section 19.

08Automated decision-making & profiling

We may use automated processing — for example, to detect fraud or cheating, to keep gameplay fair, or to measure advertising — but we do not make decisions that produce legal effects concerning you, or that similarly significantly affect you, based solely on automated processing without a lawful basis and appropriate safeguards.

Where any such solely-automated decision is made, you have the right to be informed, to obtain human intervention, to express your point of view, and to contest the decision, as provided under the UK GDPR (as amended by the Data (Use and Access) Act 2025) and the EU GDPR. To exercise these rights, contact us using the details in Section 19.

09Disclosure & sharing

We do not sell your personal data. We may share personal data with:

  • Service providers and processors — including hosting, analytics, crash-reporting, customer-support and advertising partners who process data on our instructions under appropriate contractual safeguards. A current list of the principal categories of partners we use is available on request.
  • Application marketplaces — to the extent necessary to distribute our games and process purchases.
  • Professional advisers and authorities — where required to comply with law, legal process or a lawful request, or to establish, exercise or defend legal claims.
  • Successors — in connection with a merger, acquisition, financing or sale of assets, subject to this Policy.

10App stores & third-party platforms

Our games are distributed through third-party application marketplaces, and your use of those platforms is governed by their own terms and privacy policies. Those platforms independently collect and process data (including payment and account information) in their capacity as separate controllers. We encourage you to review the privacy practices of the Apple App Store, Google Play and any other platform through which you access our Services.

11International transfers

We and our service providers may process personal data in countries outside the United Kingdom and the EEA. Where we transfer personal data internationally, we put in place appropriate safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or transfers to jurisdictions recognised as providing an adequate level of protection. You may request further information about these safeguards using the details in Section 19.

12Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, tax or reporting requirements. When personal data is no longer required, we will delete or anonymise it.

Retention periods vary according to the category of data and the purpose of processing. In general:

  • Account & contact data is retained while your account is active and for a reasonable period afterwards.
  • Gameplay & usage data is retained for as long as needed to provide and improve the Services, and is then deleted or aggregated.
  • Diagnostic data is retained for a limited period sufficient to investigate and resolve issues.
  • Transaction records are retained for the period required by applicable tax and accounting law.
  • Support correspondence is retained for as long as needed to handle your request and for a reasonable period afterwards.

13Children's privacy

Our games are intended for a general audience and are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13 (or the higher age of digital consent that may apply in your country) without verifiable parental consent where required.

Where a game is, in practice, likely to be accessed by children, we design our data practices in line with the UK Age Appropriate Design Code (the "Children's Code"). This means, among other things, that we apply high-privacy default settings, do not profile children for targeted or behavioural advertising, minimise the data we collect from them, do not use design techniques that nudge children into providing more data or weakening their privacy settings, and apply age-assurance measures that are proportionate to the risks of the processing.

If you believe a child has provided us with personal data without appropriate consent, please contact us and we will take reasonable steps to delete it.

14Your rights

Subject to applicable law, you have the right to: request access to your personal data; request rectification of inaccurate data; request erasure; restrict or object to certain processing; request portability of data you provided to us; and withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us using the details in Section 19. We may need to verify your identity before responding, and we will respond within the time limits set by applicable law (generally within one month).

If you have a concern, we ask that you contact us first so that we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office ("ICO"), the UK supervisory authority, at ico.org.uk. Users in the EEA may instead complain to their local supervisory authority (see Section 15).

15EEA users

Where you are located in the European Economic Area, the EU GDPR applies to our processing of your personal data, and references in this Policy to the UK GDPR should be read as including the EU GDPR. The legal bases and rights described above apply equally under the EU GDPR.

You have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or the place of the alleged infringement.

16US & California users

We do not sell your personal data, and we do not share it for cross-context behavioural advertising in a way that would require an opt-out where you are a user we know to be under the relevant age threshold. Depending on your state of residence, you may have the right to know what personal data we collect, to access or delete it, to correct it, and to be free from discrimination for exercising these rights. To exercise these rights, contact us using the details in Section 19. We will verify your request as required by applicable law, and you may use an authorised agent where permitted.

17Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

18Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.

19Contact us

If you have any questions about this Policy or wish to exercise your rights, please contact us:

Kantrip LTD
Registered in England & Wales — company number 17180476
Registered office: 66 Paul Street, London, England, EC2A 4NA
ICO registration number: Contact for Info
privacy@kantrip.dev

We have not appointed a Data Protection Officer, as we are not required to do so; the contact above is the correct route for all privacy enquiries.