Privacy Policy | Tianji Haohai - Global Data Protection & Compliance

1. Overview and Jurisdictional Scope

Beijing Tianji Haohai Culture Communication Co., Ltd. ("Company", "we", "us", or "our") is committed to protecting the privacy and security of users ("you" or "user") across our global mobile application ecosystem. This Privacy Policy serves as a comprehensive disclosure of our data processing activities and governs your use of our mobile applications, games, websites, and technical services (collectively, the "Service").

Our operations are designed to meet or exceed international data protection standards. Depending on your residency, specific regional protections may apply:

European Economic Area (EEA) & UK: Adherence to the General Data Protection Regulation (GDPR) and UK GDPR.
United States: Compliance with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other state-level regulations (e.g., VCDPA, CPA).
China: Compliance with the Personal Information Protection Law (PIPL) and Data Security Law.
Brazil: Alignment with the Lei Geral de Proteção de Dados (LGPD).

By accessing the Service, you acknowledge that you have read and understood the practices described herein.

2. Comprehensive Data Inventory

We collect various categories of information to provide, maintain, and optimize our Services. The data collected depends on the specific Service used and the permissions granted via your device settings.

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you interact with our support teams, register an account, or complete contact forms:

Identity Data: Full name, username, or similar identifiers.
Contact Data: Email address, phone number, and physical mailing address (where applicable for rewards or physical goods).
Correspondence: Transcripts of communications with our technical support or business interaction centers.

2.2 Information Collected Automatically

When you access our mobile applications, we automatically capture technical telemetry to ensure system stability and performance:

Technical Identifiers

IP Address, Media Access Control (MAC) address, International Mobile Equipment Identity (IMEI), and unique Advertising IDs (IDFA for iOS and GAID for Android).

Device Characteristics

Hardware model, Operating System (OS) version, browser type, CPU/GPU architecture, screen resolution, and available memory/storage status.

Usage Metrics

In-app navigation paths, feature engagement frequency, session duration, click-through rates, and interaction with virtual economies.

2.3 Precision Location Data

With your explicit consent, we may collect precise GPS location data to provide localized content or features. You may withdraw this consent at any time through your device's operating system settings.

3. Legal Bases for Processing (GDPR/UK GDPR)

If you are a resident of the EEA or UK, we process your personal data only when we have a valid legal basis under Article 6 of the GDPR:

Contractual Necessity: To fulfill our obligations under our Terms of Service (e.g., providing game features or processing in-app purchases).
Legitimate Interests: To improve our products, perform fraud prevention, and ensure network security, provided these interests are not overridden by your rights.
Legal Obligation: To comply with applicable laws, such as tax regulations or court orders.
Consent: Where you have provided clear and affirmative consent for a specific purpose (e.g., personalized advertising).

4. Purpose of Information Processing

The Company utilizes collected data for specific, disclosed business purposes:

Service Provision: Managing user accounts, enabling multiplayer features, and synchronizing progress across devices.
Monetization & Optimization: Processing payments through Google/Apple, and optimizing the balance of virtual economies.
Security & Anti-Fraud: Monitoring for unauthorized reverse engineering, botting, or cheating to maintain a fair environment.
Analytics & R&D: Performing statistical analysis to identify technical bottlenecks and inform the development of new features.
Advertising: Delivering contextual or personalized advertisements based on user profiles (subject to consent).

5. Disclosures to Third Parties & SDKs

We do not sell your personal information in the traditional sense of exchanging it for money. However, we share data with vetted service providers who assist in our operations:

5.1 SDK & Analytics Partners

Google AdMobUnity AdsAppLovin MAX ironSourceMeta Audience NetworkMintegral FirebaseAppsFlyerAdjust

5.2 Infrastructure & Cloud Providers

Our data is hosted on highly secure, distributed infrastructure provided by Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Cross-Border Transfer Protections We use Standard Contractual Clauses (SCCs) as the legal mechanism for transferring data between jurisdictions. We ensure that our partners provide an equivalent level of protection as required by your local laws.

6. Data Integrity and Security Protocols

6.1 Retention Schedule

We retain information as long as your account is active or as needed to provide you the Service. Specifically:

Analytical Data: Purged or anonymized after 26 months.
Crash Logs: Automatically deleted after 90 days.
Financial Records: Retained for 7 years for tax and audit compliance.

6.2 Technical Safeguards

We implement a "Defense in Depth" strategy to protect your information:

Encryption Standards

All data in transit is protected via TLS 1.3. Data at rest is encrypted using AES-256 industry-standard algorithms.

Zero-Trust Access

Internal access to production data is restricted via Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).

7. Rights of Data Subjects

Depending on your location, you have the following rights regarding your personal information:

Right to Access: Request a copy of the data we hold about you.
Right to Deletion: Request the permanent erasure of your personal information ("Right to be Forgotten").
Right to Portability: Receive your data in a structured, machine-readable format.
Right to Object: Oppose the processing of your data for direct marketing or profiling.
Right to Opt-Out (CCPA/CPRA): Opt-out of the "sharing" or "sale" of your personal information for targeted advertising.

To exercise any of these rights, please contact our DPO at support@tianjihh.com. We will respond to all valid requests within 30 days.

8. Protection of Minors

We do not knowingly collect personal information from children under the age of 13 (or the applicable age in your jurisdiction). If we become aware that a child has provided us with personal information without parental consent, we will take immediate steps to delete such data and terminate the associated account. Parents who believe their child has provided data to us should contact us at support@tianjihh.com.

9. Governance and Contact

Beijing Tianji Haohai has appointed a Data Protection Officer (DPO) responsible for overseeing our privacy strategy and compliance.

Primary Contact: support@tianjihh.com

Physical Address: Room 211, Building 14, Longwangzhuang, Tongzhou District, Beijing, China

GLOBAL PRIVACY POLICY