Privacy Policy

This Privacy Policy describes how IdleArc ("we", "us", or "our") collects, uses, and shares information about you when you use the IdleArc website (idlearc.com) and our mobile and web application (together, the "Services").

IdleArc is operated by Mikhael Studio. For the purposes of the EU and UK General Data Protection Regulation (GDPR), Mikhael Studio is the "data controller" responsible for your personal data. See "Contact Us" below for how to reach us.

We collect the following types of information:

• Account Information: When you create an account, we collect your email address and username.
• Gameplay Data: We collect information about your in-game progress, including character stats, items, achievements, and game settings.
• Purchase Information: When you make an in-app purchase, we receive a confirmation and entitlement details from the app store so we can grant your purchase. We do not receive or store your payment card details.
• Device & Log Information: We may collect your device type, operating system, unique device identifiers, IP address, and technical log data (such as timestamps and error reports) needed to run and secure the Services.
• Communications: If you contact us (e.g., by email), we keep your messages and contact details to respond.

We use the information we collect to:

• Provide, maintain, and improve the Services
• Create and manage your account
• Save and sync your game progress across devices
• Process and grant your in-app purchases
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities to improve the Services
• Detect, investigate, and prevent cheating, fraud, abuse, and other illegal activities
• Comply with our legal obligations

If you are in the European Economic Area (EEA) or the UK, we process your personal data on the following legal bases:

• Performance of a contract: to create your account, provide the Services, save your progress, and grant your purchases.
• Legitimate interests: to secure the Services, prevent cheating and fraud, monitor for errors, and improve the game — balanced against your rights.
• Consent: for any optional cookies or communications that require it. You can withdraw consent at any time (see "Cookies" and "Your Rights").
• Legal obligation: to keep records required by law (for example, tax and accounting records for purchases).

We do not sell your personal data, and we do not share it for third-party advertising. We share information only with service providers ("processors") who help us run the Services, and only as needed:

• App stores (Apple App Store, Google Play): in-app purchases are processed by Apple or Google; their respective privacy policies apply. We do not directly collect or store payment information.
• Hosting & infrastructure (OVH): our servers and databases are hosted on OVH infrastructure.
• Error & performance monitoring (Better Stack): we send technical error and diagnostic data to help us find and fix problems.
• Email delivery: we use an email service provider to send account and support emails.

We may also disclose information if required by law, or to protect the rights, safety, and security of our players and the Services.

Some of our service providers may process your data in countries outside your own, including outside the EEA or UK. Where this happens, we rely on appropriate safeguards — such as European Commission adequacy decisions or Standard Contractual Clauses — to protect your information in line with applicable data protection law.

We keep your personal data only for as long as we need it:

• Account & gameplay data: for as long as your account is active. When you delete your account, we delete or anonymize this data, except where we must keep it longer (see below). Short-lived encrypted backups may persist for a limited rotation period before being overwritten.
• Purchase records: retained for as long as required by tax and accounting law.
• Technical & error logs: retained for a limited period and then deleted.
• Support communications: kept for as long as needed to handle your request and our records.

Our website uses cookies — small text files stored on your device — so that it can function. We currently use only strictly necessary, first-party cookies. We do not use analytics, advertising, or third-party tracking cookies on the website.

We load fonts from Bunny Fonts, a privacy-first provider that does not set cookies or track you. Under the EU ePrivacy Directive, strictly necessary cookies are exempt from prior consent, but you can still block cookies through your browser settings (the website may not work correctly without them).

If we ever introduce analytics or advertising cookies, we will ask for your consent before setting them, and you will be able to accept, reject, or choose individual categories. You can review or change your choices at any time using the Cookie settings link, and withdrawing consent is as easy as giving it.

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit using SSL/TLS
• Secure storage of data on protected servers
• Regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

The Services are not directed to children under the age of 13 (or under the minimum age required in your country, such as 16 in parts of the EEA). We do not knowingly collect personal information from children below that age. If we become aware that we have collected such information, we will take steps to delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at the email address below.

Depending on where you live (including the EEA and UK), you have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Rectification: ask us to correct inaccurate or incomplete information.
• Erasure: delete your account and associated data at any time through the app settings, or ask us to delete your data. Account deletion permanently removes your game progress and personal information from our servers.
• Restriction & Objection: ask us to restrict, or object to, certain processing (including processing based on our legitimate interests).
• Data Portability: request a copy of your data in a portable, machine-readable format.
• Withdraw consent: where we rely on consent, you can withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us using the information below. We will respond within the time required by law (generally one month under the GDPR). You also have the right to lodge a complaint with a data protection supervisory authority. Our lead authority is the Polish President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, "UODO") — uodo.gov.pl — and if you live elsewhere in the EEA you may also complain to your own local authority.

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing; where automated checks flag possible cheating or fraud, a person reviews the case before any significant action (such as an account ban).

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website and in the app, and by updating the "Last updated" date above. We encourage you to review this Privacy Policy periodically.

If you have any questions about this Privacy Policy or our privacy practices, or to exercise your rights, please contact the data controller:

Mikhael Studio Michał Stefański
Pod Sosenkę 14, 32-061 Rybna, Poland
NIP: 9442268201
Email: [email protected]