Owlyfit Privacy Policy

Effective Date: 03.07.2025

Welcome, and thank you for playing Owlyfit (the “Game”). This policy explains how we collect, use, share, and protect your information when you install or play the Game on Android or iOS devices, and how you can exercise your privacy rights.

1. Who We Are

At Vasilev Labs UG (“we”, “us”, “our”) we value your privacy and are committed to lawful, fair, and transparent processing of personal data. We are the data controller responsible for your personal data under applicable privacy laws. We are based at Theresienstr. 56, 80333 Munich, Germany. You can contact us at [email protected] and find more information about us here.

2. Data we collect ourselves

In order to improve game stability and user experience, we operate our own analytics pipeline. This pipeline is hosted using Amason Web Services in the eu-central-1 region. It may collect following data:

• App version (e.g. 1.0.0)
• Event type (e.g. button clicks, level completions)
• Event timestamp

No device identifiers, IP addresses, user IDs, or any other personal data are ever captured.

GDPR & CCPA: Because these data cannot be linked to any individual, they fall outside the scope of “personal information” under the GDPR and CCPA/CPRA. Accordingly, no additional consent or DSAR/opt-out mechanisms are required for this analytics processing.

3. Data Collected by Our Partners

We use the following external services to provide advertising, game progress sync and in-app purchases. Below is a summary of the categories of data they collect, the purposes for which they collect it, and links to their privacy policies for more detail.

Service	Data Categories Collected	Purpose	Privacy Policy
Google AdMob	• Identifiers (Advertising ID, App-Set ID) • Usage & diagnostic data (ad interactions, crash logs)	Personalized advertising Fraud prevention	Google Privacy Policy
Google Play Games Services Apple iCloud	• Game-progress records	Progress sync across devices	Play Games Privacy Apple Privacy Policy
Google Play Billing Apple StoreKit	• Purchase tokens (Google) or receipts (Apple) • Product IDs & order details	Purchase processing	Google Privacy Policy Apple Privacy Policy

iOS Tracking & App Tracking Transparency For iOS 14.5 and later, we use Apple's App Tracking Transparency (ATT) framework. Before any tracking identifier (e.g. IDFA) is accessed or sent to our advertising partners, you will see the system ATT prompt. You may grant or deny permission; you can change your choice at any time under Settings > Privacy > Tracking on your device. If you deny permission, no IDFA will be collected or used for personalized ads. We have also declared Apple SKAdNetwork identifiers in our iOS Info.plist to enable privacy-preserving install attribution when IDFA is unavailable. For more details, see Apple's SKAdNetwork documentation.

4. Legal Bases, Purposes & Consent Mechanisms

We process personal data in accordance with the EU General Data Protection Regulation (GDPR) for users in the EU/EEA and UK. For users outside these regions, we rely on legitimate interests and contractual necessity as described below.

GDPR Legal Bases (EU/EEA & UK):
We rely on your consent for personalized ads. For fraud prevention, we rely on legitimate interests. For game progress sync (Play Games, iCloud) and in-app purchases, we rely on contractual necessity.

Purposes of Processing: As summarized in Sections 2 and 3, data are used for personalized advertising, fraud prevention, game progress synchronization, and purchase processing.

Consent & Choice in the EU/EEA & UK:
• We display rearded ads only (ads that show up only when the users choose to watch them in exchange for some in-game reward). We use Google's User Messaging Platform (UMP) to load and record your consent only when you first choose to watch a rewarded ad. By default, no ads are loaded and no information is shared until that action is taken.
• Until you grant consent, we process only strictly necessary data under legitimate interests and contractual necessity.
• You can withdraw or change your consent choices at any time via the Game's Privacy Settings screen (note: you have to be connected to the internet in order to do it).

5. “Do Not Sell or Share” (CCPA/CPRA)

Under California law, “sale” or “sharing” of personal information includes providing your mobile Advertising Identifier (IDFA/GAID) to third parties for cross-context behavioral advertising. You may opt out of the sale or sharing of your Advertising Identifier at any time via the Game's Privacy Settings screen (note: you have to be connected to the internet in order to do it). We will not discriminate against you for exercising these rights.

6. Data Retention

We do not store any personal data ourselves. Third-party services retain your data as follows (please see their privacy policies for full details):
• AdMob: User-level data for 90 days;
• Game progress: as long as your account exists
• Purchase receipts: per platform policy

7. Data Subject Rights

If you are in the EU/EEA, UK, or California, you have the right to:

• Access, correct, delete, or port your personal information
• Restrict or object to our processing
• Withdraw your consent at any time

To exercise these rights, please see the relevant instructions below:

• Google AdMob data
  Manage your ad-personalization preferences at adssettings.google.com, or submit a formal DSAR to Google at Google’s DSAR portal.
• In-App Purchase records
  We do not retain your purchase history ourselves.
  • On Android, view/download your orders at play.google.com/store/account/orderhistory.
  • On iOS, manage your purchases at reportaproblem.apple.com.
• Game progress (Play Games & iCloud)
  You can instantly delete all your synced game data in-app via the “Delete My Progress” option in Settings.

You may also always submit a general request to [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority (e.g. the Berlin Data Protection Authority at https://www.datenschutz-berlin.de).

8. Children's Privacy

We do not target or knowingly collect personal data from children under 16. If we learn we have inadvertently collected personal data from a child under 16 without verified parental consent, we will delete it immediately. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at [email protected] so that we will be able to take the necessary actions.

9. Security Measures

All third-party services we use implement industry-standard safeguards, including HTTPS/TLS in transit, encryption at rest, access controls, and regular security audits.
We have implemented procedures to detect, contain, and investigate any suspected personal data breach. In the event of a breach, we will notify both the relevant supervisory authority and affected users in accordance with GDPR Articles and any applicable locallaw.

10. International Transfers

We do not process personal data ourselves. Data collection and processing are carried out by our third-party providers in various locations, including within the EU, the United States, and other jurisdictions. We rely on EU Standard Contractual Clauses and applicable adequacy decisions to safeguard any transfer of data outside the European Economic Area.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Any changes will be posted on this page with the updated effective date.