This Privacy Policy explains how Gung Park ("we", "us", "our") collects, uses, shares, and protects information when you play our mobile games — including Anime TCG Merge Battle, Football Shields Flip, and any other titles we publish — or otherwise interact with our services on Android, iOS, or our website. By using our games, you agree to the practices described below.
Introduction
Gung Park is an independent mobile game studio that develops, publishes, and operates games for Android and iOS through Google Play and the Apple App Store. We are committed to protecting your privacy and being transparent about the data our games handle.
This policy applies to all of our games (collectively, the "Services"), our website at gungpark.studio, and any related online or offline interactions you have with us. Please read it carefully. If you do not agree with this policy, do not download, install, or use our Services.
Where required by law, we will obtain your consent before collecting or processing certain types of personal information. You can change your privacy choices at any time using the in-game settings, your device settings, or by contacting us at the address provided in Section 17.
Information we collect
We collect different categories of information depending on the game, the platform, and how you interact with our Services. Most of this data is collected automatically and is not personally identifying on its own.
2.1 Information you provide directly
- Account & profile data — display name, avatar selection, and preferences you set inside the game.
- Purchase information — when you buy in-app items, the platform (Google Play / App Store) processes the payment. We receive a confirmation, the purchased item, the transaction ID, and the price/currency, but we do not receive your full payment card or banking details.
- Support communications — if you contact us by email or in-game support, we receive your message, contact address, and any attachments you choose to send.
- Survey or feedback responses — if you participate in optional surveys or beta tests.
2.2 Information collected automatically
- Device information — device model, manufacturer, operating system and version, language, time zone, country, screen resolution, total/available RAM and storage, battery state, and network type (Wi-Fi / cellular).
- Identifiers — Google Advertising ID (GAID) on Android, Identifier for Advertisers (IDFA) on iOS where the user has granted App Tracking Transparency permission, App Set ID, Firebase Installation ID, and other reset-able mobile identifiers. We do not collect persistent hardware identifiers such as IMEI or MAC address.
- Gameplay & performance data — game sessions, level progress, score, in-game currency balance, items purchased, features used, crash logs, frames-per-second, and performance traces.
- Network data — IP address (used for country-level geolocation, fraud detection, and ad/server routing), and approximate location derived from IP. We do not collect precise GPS location.
- Microphone audio — certain games include voice-recording mechanics (for example, voice input that drives in-game animal sounds). When you grant microphone permission, audio is processed locally on your device for the gameplay feature and is not uploaded to our servers unless you explicitly choose to share a recording (e.g., via a "share clip" button). You can revoke microphone permission at any time in your device settings.
- Ad interactions — whether you saw, clicked, or completed a rewarded ad; ad placement; ad network; and approximate revenue (eCPM) reported by the ad network.
2.3 Information from third parties
- Attribution data — when you install one of our games after clicking an ad, our mobile measurement partner (AppsFlyer) provides us with the campaign, ad network, and creative that led to the install, plus a non-precise click/install timestamp.
- Analytics & measurement data — aggregated metrics (retention, ARPU, ARPPU, LTV) computed by Firebase Analytics, Google Analytics 4, and our ad-network dashboards.
How we collect it
We collect information through:
- The game client itself, which uses SDKs (Software Development Kits) for analytics, crash reporting, advertising, and attribution.
- Platform stores — Google Play and the Apple App Store provide install events, purchase confirmations, and basic device information when you download or update our games.
- Server logs — when our games communicate with our backend (for cloud saves, leaderboards, configuration, or live ops), our servers record technical information such as IP address, request time, and response status.
- Cookies & similar technologies on our website — our marketing site uses minimal first-party cookies for basic functionality and, where lawful, anonymized analytics.
How we use your information
We use the information described above for the following purposes:
- Operate the games — load levels, save progress, sync cloud data, run leaderboards, deliver in-app purchases, and let you continue from where you left off.
- Improve and develop new features — understand which mechanics players enjoy, fix bugs, optimize performance, balance difficulty, A/B test new content, and design new games.
- Detect fraud, cheating, and abuse — block bots, modified clients, fraudulent in-app purchases, and ad fraud.
- Show ads & measure their performance — display banner, interstitial, and rewarded video ads through our advertising partners, attribute installs from ad campaigns, and measure ad revenue.
- Communicate with you — respond to support requests, deliver important service notices, and (if you opt in) send updates about new releases.
- Comply with legal obligations — respond to lawful requests, enforce our Terms, and protect our rights, property, and the safety of our players.
Legal basis for processing (EEA, UK & similar jurisdictions)
If you are in the European Economic Area, the United Kingdom, Switzerland, or another jurisdiction with similar laws, we rely on the following legal bases under the GDPR (or local equivalent) to process your personal data:
| Purpose | Legal basis |
|---|---|
| Operating the game, saving progress, in-app purchases | Performance of a contract |
| Bug reports, crash analytics, security, fraud prevention | Legitimate interests |
| Personalized ads, marketing analytics, attribution | Consent (where required) |
| Tax records, legal claims, regulatory requirements | Legal obligation |
You have the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
Third-party services & SDKs
To run a modern mobile game, we rely on a set of trusted third-party providers. Each provider is bound by their own privacy policy and, where applicable, a data-processing agreement with us. The list below covers the main SDKs that may be embedded in one or more of our games:
| Provider | Purpose | Data accessed |
|---|---|---|
| Google Firebase (Analytics, Crashlytics, Remote Config, Cloud Messaging) | Analytics, crash reporting, remote feature flags, push notifications | Device info, app events, crash stack traces, Firebase Installation ID |
| Google AdMob | Banner / interstitial / rewarded ads | GAID/IDFA, IP address, ad interaction events |
| AppLovin MAX (with mediated networks) | Ad mediation across multiple ad networks | GAID/IDFA, IP address, ad interaction events, eCPM |
| Unity Ads | Rewarded video ads | GAID/IDFA, IP address, ad interaction events |
| Meta Audience Network & Facebook SDK | Ads, install attribution, install events | GAID/IDFA, app events, IP address |
| AppsFlyer | Mobile attribution & marketing measurement | Install referrer, GAID/IDFA, IP, in-app events |
| Google Analytics 4 / BigQuery | Aggregated analytics & reporting | Pseudonymous user ID, app events, device metadata |
| Google Play Billing / Apple StoreKit | In-app purchase processing | Purchase token, transaction ID, item ID, price |
| Unity Engine services | Game runtime, crash reporting, performance metrics | Engine telemetry, device info |
Not every game contains every SDK. For example, an offline-only game may not contain attribution or remote-config SDKs. Where your local law requires us to obtain consent before activating these SDKs (for example, the GDPR's ePrivacy rules or App Tracking Transparency on iOS), we will ask you for consent the first time you launch the game.
Advertising & analytics
Our games are ad-supported. We work with third-party ad networks to deliver banner, interstitial, and rewarded ads. Depending on your jurisdiction and consent choices, ads may be either:
- Personalized — tailored to you using your advertising identifier and approximate context, or
- Non-personalized — shown based only on coarse, non-identifying signals such as the country and game.
We also use mobile measurement partners (such as AppsFlyer) to understand which marketing campaigns drive installs. This is done using non-precise install referrer data and reset-able advertising identifiers, never your name, email, or precise location.
Children's privacy
Our games are not directed to children under the age of 13 (or under 16 in jurisdictions where that is the applicable age, including most of the EEA). We do not knowingly collect personal information from children below the applicable age.
Where a game is rated for general audiences and may attract a mixed audience including children, we configure our SDKs accordingly:
- We mark traffic as child-directed where appropriate (Google Play Families policy and COPPA tagging).
- Personalized advertising and remarketing are disabled for users we believe to be children.
- We disable analytics features that depend on advertising identifiers when serving child-directed sessions.
If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us at the email in Section 17 and we will delete the information promptly.
Data retention
We keep your information only for as long as necessary for the purposes described in this policy:
- Gameplay data — kept for as long as your game profile is active. If you uninstall the game and do not return for 18 months, we may anonymize or delete the associated profile.
- Analytics events — pseudonymous events are retained in Firebase / BigQuery for up to 14 months; aggregated reports may be kept indefinitely.
- Crash & diagnostic logs — typically retained for 90 days, then deleted.
- Purchase records — kept for the period required by tax and consumer-protection laws (typically 5–10 years depending on jurisdiction).
- Support tickets — kept for up to 3 years after resolution.
Security
We protect your information using a combination of technical and organizational safeguards, including:
- Encryption in transit (HTTPS / TLS) for all client–server communication.
- Encryption at rest for our databases and backups.
- Access controls, multi-factor authentication, and audit logging on our internal tools.
- Geographic IP allowlisting, brute-force protection, and netfilter rules on our infrastructure (mail server, source-control server, build servers).
- Routine security review of third-party SDKs before integration.
No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security. We will notify you of any breach affecting your personal information in accordance with applicable law.
International data transfers
Gung Park is based in Vietnam. Some of our service providers operate servers in the United States, the European Economic Area, and other regions. When personal information is transferred outside your country, we rely on appropriate safeguards such as:
- Standard Contractual Clauses adopted by the European Commission;
- UK International Data Transfer Agreements;
- Reliance on adequacy decisions; or
- Your explicit consent, where appropriate.
Your rights
Subject to your local law, you have one or more of the following rights with respect to the personal information we hold about you:
- Access — request a copy of the personal information we hold about you.
- Rectification — ask us to correct information that is inaccurate or incomplete.
- Deletion ("right to be forgotten") — ask us to delete your personal information, subject to limited exceptions (e.g., legal record-keeping).
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on our legitimate interests, including direct-marketing profiling.
- Withdraw consent — at any time, where processing is based on consent.
- Lodge a complaint — with your local data-protection authority.
To exercise any of these rights, please email us using the details in Section 17. We will respond within the timeframe required by your local law (typically 30 days).
Region-specific rights
14.1 California (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, the categories of sources, the business purpose, and the categories of third parties with whom we share it. You also have the right to request deletion, correction, and to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell personal information for money. To opt out of sharing for personalized advertising, follow the in-game ad-consent prompt or use the Global Privacy Control (GPC) signal in your browser.
14.2 European Economic Area, UK & Switzerland
You have all rights described in Section 13 plus the right to lodge a complaint with your local supervisory authority. Our representative for GDPR purposes can be reached via the contact details in Section 17.
14.3 Brazil (LGPD)
You have rights of access, correction, anonymization, deletion, portability, and information about sharing, similar to those described in Section 13.
14.4 South Korea (PIPA)
You may request access, correction, deletion, and suspension of processing. You may also withdraw consent at any time.
14.5 Vietnam (PDPD)
You have rights of access, correction, deletion, restriction, objection, and the right to obtain a copy of your data, in accordance with Decree 13/2023/ND-CP on Personal Data Protection.
Opt-out & choices
You always have the following choices:
- Reset advertising ID — Android: Settings → Privacy → Ads. iOS: Settings → Privacy & Security → Tracking.
- Disable personalized ads — toggle "Opt out of Ads Personalization" on Android; deny App Tracking Transparency on iOS.
- Revoke microphone or notification permission — in your device settings.
- Delete your game data — in-game Settings → Account → Delete data, or by emailing us.
- Uninstall the game — which stops further collection from your device, though previously collected data is governed by our retention rules.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page;
- Post an in-game notice for significant changes;
- Where required, ask for fresh consent before the change takes effect.
Continued use of our Services after the effective date of an updated policy constitutes acceptance of the changes.
Contact us
If you have questions, requests, or complaints about this Privacy Policy or our handling of your personal information, please contact us:
Gung Park — Privacy Team
We aim to respond to all privacy requests within 30 days. If we cannot resolve your concern, you have the right to contact your local data protection authority.