PRIVACY POLICY
Amphoteric LTD | Effective date: 2 March 2026
1. Who We Are
This Privacy Policy explains how Amphoteric LTD ("we", "us", "our") processes personal data when you use the mobile game Crom's Escape (the "Game").
Amphoteric LTD is the data controller for the purposes described in this Policy.
Contact:
Amphoteric LTD
Email:
info@amphotericstudio.com
2. What Data We Process
We only process personal data that is necessary to operate and improve the Game.
2.1 Automatically Collected Data
When you use the Game, the following technical data may be processed:
- Device information (device model, operating system version)
- IP address (used for security and regional compliance purposes)
- Android Advertising ID (only with consent, where applicable)
- Gameplay data (level progress, in-game events, session duration)
- Crash logs and diagnostic data (via Firebase Crashlytics)
2.2 Google Play Games (Optional Login)
If you choose to sign in with Google Play Games Services:
- Display name
- Player ID
- Avatar URL
Your email address and account credentials are managed by Google and are not stored on our own servers.
2.3 Cloud Save and Leaderboards
If you use Google Play cloud save or leaderboards:
- Game progress data
- High scores
These are linked to your Google Play account and stored on Google's infrastructure.
2.4 In-App Purchases
All payments are processed by Google Play Billing.
We do not receive or store payment card details.
We may receive confirmation of successful transactions and purchased items.
3. Legal Basis for Processing (UK GDPR)
We rely on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing gameplay features (including cloud save, leaderboards) | Article 6(1)(b) — Performance of a contract |
| Personalised advertising (if enabled) | Article 6(1)(a) — Consent |
| Analytics (if enabled) | Article 6(1)(a) — Consent |
| Security, fraud prevention, crash reporting | Article 6(1)(f) — Legitimate interests |
Where consent is required, you may withdraw it at any time in the Game's privacy settings.
4. Children's Privacy
The Game is rated PEGI 3 and may be accessible to children.
We apply the principles of the UK Age Appropriate Design Code:
- No direct collection of children's contact details
- No location tracking
- No behavioural profiling of children
- For users identified as under 13, advertising is configured as non-personalised (using Google's TFCD/TFUA settings)
Analytics and personalised advertising are only activated where valid consent has been obtained in accordance with applicable law.
We do not knowingly collect personal data directly from children beyond what is necessary to provide the Game.
5. Third-Party Services and Data Recipients
The Game integrates services provided by Google and Unity.
Depending on the specific service used, these providers may act either:
- As an independent data controller, or
- As a processor acting on our behalf.
Integrated services include:
- Google Play Games Services
- Google Play Billing
- Unity Ads (Unity Technologies)
- Firebase Analytics
- Firebase Crashlytics
Further details are available in the respective privacy documentation of Google and Unity.
We do not sell personal data.
6. International Data Transfers
Some data may be processed outside the United Kingdom, including in the United States.
Where personal data is transferred internationally, appropriate safeguards are used, such as:
- The UK International Data Transfer Addendum to the EU Standard Contractual Clauses, and/or
- Adequacy decisions recognised under UK law (where applicable).
These mechanisms ensure an appropriate level of data protection.
7. Data Retention
We retain personal data only as long as necessary:
- Cloud save data: Until you delete it or your Google Play account remains active
- Analytics data: Up to 14 months (Google default retention)
- Crash logs: Approximately 90 days
- Advertising-related data: Managed by Google in accordance with its own retention policies
Local data stored on your device remains until you uninstall the Game or clear app data.
8. Your Rights (UK GDPR)
You have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Request erasure (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time
Self-Service Deletion
Within the Game under:
Settings → Delete Data
This removes:
- Local game progress
- Cloud save data (via Google Play integration)
- Leaderboard entries
For other requests, contact:
info@amphotericstudio.com
We respond within 30 days.
You also have the right to lodge a complaint with the UK Information
Commissioner's Office (ICO):
https://ico.org.uk
9. Security Measures
We implement appropriate technical and organisational measures to protect personal data, including:
- Encrypted data transmission (HTTPS)
- Access controls and multi-factor authentication for administrative accounts
- Restricted access to developer consoles
No system can guarantee absolute security, but we take reasonable steps to protect your information.
10. Data Breach Procedures
In the event of a personal data breach:
- We assess the risk to users
- We notify the ICO within 72 hours where required
- We inform affected users where legally necessary
11. Automated Decision-Making
We do not carry out automated decision-making that produces legal or similarly significant effects on users under Article 22 UK GDPR.
12. California Privacy (CCPA/CPRA)
For users in California:
- We do not sell personal information
- Advertising identifiers may be shared with advertising partners in accordance with Google's Restricted Data Processing settings
- You may exercise applicable rights by contacting us
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Material changes will be communicated via an in-app notice.
The current version is always available in the Game settings and on our website.
14. Contact
Amphoteric LTD
Email:
info@amphotericstudio.com
We respond to privacy inquiries within 30 days.
Last updated: 31 March 2026