VastFill Games Inc (hereinafter referred to as "the Company," "we," "us," or "our") is committed to safeguarding the privacy and security of user data in the digital entertainment ecosystem. By accessing or using any of our services—including but not limited to gaming platforms, developer-operated games, social interaction modules, and value-added service functions—you are deemed to have carefully read, fully understood, and voluntarily agreed to all data processing practices stipulated in this Privacy Protection Policy (hereinafter referred to as the "Policy"). Your continuous use of our services after any subsequent revisions to this Policy will constitute acceptance of the updated terms.
This Policy comprehensively regulates the entire lifecycle of personal data in all our interactive service scenarios, including the collection, storage, processing, utilization, transmission, and protection of personal information, aiming to provide transparent and reliable privacy guarantees for users.
We adopt a "minimum necessary" principle for data collection, gathering information through multiple channels while implementing strict management of sensitive data. The specific scope is as follows:
When you register an account, activate service functions, or interact with our services, you may voluntarily provide the following information as required:
Identity Verification Information: Full legal name, valid government-issued identification documents (required to meet age verification and regulatory compliance requirements).
Contact Details: Verified email address, primary mobile phone number, residential address (may be required for prize redemption, service delivery, etc.).
Account Security Information: Custom unique username, encrypted login password, biometric verification data (if you choose to enable), and profile pictures or custom avatars.
Demographic Attributes: Confirmed date of birth, self-reported gender identity, and geographic location information (associated with service eligibility verification).
Financial Related Information: Payment card details (encrypted storage), billing address, transaction records (including purchase history, redemption records, etc.).
User-Generated Content: In-game chat messages, social interaction content (such as comments, likes, shares), and multimedia materials uploaded or shared through the platform.
During your use of our services, the system will automatically collect technical and behavioral data to ensure service quality and optimize user experience, including:
Device Configuration Information: Hardware parameters (model, processor, memory, storage capacity), operating system version, unique device identifiers (e.g., IMEI, UUID), and device network configuration.
User Behavior Analytics Data: Gameplay habits (e.g., preferred game types, game duration per session), functional module usage frequency, click-through rates of interactive elements, and session start/end times.
System Operation Data: System crash logs, error code records, application response speed, network latency, and server interaction status.
Location-Related Data: GPS precise coordinates (only when you actively enable location permissions), and approximate geographic location inferred through IP address, network provider information, etc.
With your explicit consent or in accordance with cooperative agreements, we may obtain relevant data from trusted third-party institutions, including:
Social Media Platforms: Basic profile information (e.g., name, profile picture) from accounts you choose to link (such as Facebook, Google, Apple ID), subject to the authorization scope specified by the social platform.
Cooperative Service Providers: Fraud risk assessment reports, user identity verification results (to enhance account security), and service quality evaluation data.
Advertising Cooperation Partners: Effectiveness data of promotional campaigns (e.g., click volume, conversion rate), and non-identifiable user engagement statistics for advertisements (to optimize ad targeting without disclosing personal information).
Sensitive data (including biometric information, government-issued ID numbers, financial account passwords, etc.) will only be collected when strictly necessary—such as enabling biometric login for account security, or submitting ID numbers to comply with regulatory requirements for anti-money laundering and age verification. All sensitive data will be subject to enhanced encryption and access control measures.
We strictly limit the use of user data to the scope necessary for service provision and improvement, with clear and specific usage purposes as follows:
• Create and maintain user accounts, verify user identity to ensure account security.
• Process financial transactions (including payments, refunds, prize redemptions) in a secure and compliant manner.
• Support the operation of multiplayer online game modes, social interaction functions (e.g., friend invitations, team formation), and cross-device service synchronization.
• Provide targeted customer support, respond to user inquiries, and handle complaint requests.
• Analyze user behavior data to identify pain points in gameplay and optimize game difficulty, interface design, and functional layout.
• Conduct data-driven research and development to launch new features or game products that align with user needs.
• Monitor system performance, troubleshoot technical issues, and ensure the stability and smoothness of services.
• Provide personalized recommendations (e.g., game recommendations, event reminders) based on user preferences and usage habits (you can disable personalized recommendations through account settings).
• Establish and improve fraud prevention systems to detect and block abnormal login attempts, malicious transactions, and account theft behaviors.
• Implement anti-cheating mechanisms in games to maintain fair gameplay and combat cheating, hacking, and other disruptive behaviors.
• Ensure compliance with the Company's Terms of Service, sweepstakes rules, and other internal management systems.
• Fulfill legal obligations stipulated by applicable laws and regulations (such as age verification, tax reporting, anti-money laundering requirements).
• Send important service notifications (e.g., account security alerts, service suspension/upgrade announcements, changes to terms and policies).
• Deliver promotional information about games, events, and value-added services (you can opt out of non-essential promotional messages through email unsubscription or account setting adjustments).
• Conduct user satisfaction surveys, market research, and collect feedback to continuously improve service quality.
We adhere to the principle of "no active sharing or selling of personal data" and only disclose or share user data in the following limited and legitimate scenarios:
To ensure the normal operation of services, we may share necessary data with third-party service providers who have signed strict privacy protection agreements, including:
Cloud Storage Providers: Such as AWS, Google Cloud, Azure, etc., who only provide data storage services and are prohibited from using the data for other purposes.
Payment Processing Institutions: Such as Stripe, PayPal, and official app store payment channels, who only process transaction information to complete payment services.
Analytics & Marketing Tools Providers: Such as Google Analytics, AppsFlyer, etc., who assist in analyzing service usage data and optimizing marketing activities (data provided is usually desensitized).
Customer Support Platforms: Such as Zendesk, Intercom, etc., who access relevant user information only when providing customer service to respond to inquiries.
All cooperative partners are required to comply with this Policy and relevant laws and regulations, and we will supervise their data processing activities to ensure the security of user data.
We may disclose user data when required by law or judicial order, including:
• Responding to valid court orders, subpoenas, search warrants, or requests from government regulatory agencies.
• Fulfilling tax declaration and reporting obligations as required by tax authorities.
• Cooperating with law enforcement agencies in investigations of illegal activities (such as fraud, cybercrime) to protect public interests and the legitimate rights and interests of others.
In the event of corporate mergers, acquisitions, asset transfers, bankruptcy liquidation, or other major business restructuring, user data may be transferred as part of the business assets. In such cases, we will require the acquiring party to continue to comply with this Policy and other privacy protection commitments, and notify users of the transfer through prominent channels in advance (unless prohibited by law or judicial order).
We adopt industry-leading security technologies and management systems to build a multi-layered data security defense system, protecting user data from unauthorized access, disclosure, modification, or destruction:
Data Transmission Encryption: Adopt Transport Layer Security (TLS) 1.3 protocol to encrypt all data transmitted between user devices and our servers, preventing data interception during transmission.
Data Storage Encryption: Use Advanced Encryption Standard (AES-256) to encrypt sensitive data (such as identity information, financial data) stored in servers, and implement segmented storage and access control.
Account Security Protection: Support multi-factor authentication (MFA), set up abnormal login detection mechanisms (e.g., alerting for logins from unfamiliar devices/locations), and regularly prompt users to update passwords.
System Security Defense: Deploy firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to resist network attacks; conduct regular vulnerability scans and penetration testing to identify and fix security risks in a timely manner.
Access Control Mechanism: Implement role-based access control (RBAC), restricting data access rights to only those employees who need it for work; record all data access operations for audit purposes.
Compliance Certification: Maintain SOC 2 compliance certification for data centers, ensuring that infrastructure and operational processes meet international security standards.
Personnel Training & Supervision: Conduct regular privacy protection and data security training for employees, signing confidentiality agreements with relevant personnel; establish disciplinary mechanisms for violations of data security regulations.
We retain user data only for the period necessary to achieve the purposes specified in this Policy, and will actively delete or anonymize data that is no longer needed. The specific retention periods are as follows:
Active Account Data: Retained for 36 months from the date of your last account activity (e.g., login, transaction, gameplay). If the account is inactive for more than 36 months, we will anonymize the data or delete it after notifying you in advance (where required by law).
Financial Transaction Records: Retained for 84 months (7 years) to comply with tax laws, financial regulatory requirements, and dispute resolution needs.
Customer Support Records: Retained for 24 months from the date of resolution of the support request, to facilitate follow-up inquiries and service quality improvement.
Marketing Preference Data: Retained indefinitely until you actively revoke your consent (e.g., opt out of marketing communications), after which the relevant data will be deleted or deactivated.
When data reaches the end of its retention period, we will adopt secure data disposal methods, including permanent deletion of electronic data and physical destruction of storage media containing sensitive data (if applicable), to ensure that the data cannot be recovered.
You enjoy comprehensive rights to control your personal data in accordance with applicable laws and regulations. We provide convenient channels for you to exercise these rights:
Right of Access: Request to obtain a copy of the personal data we hold about you.
Right of Correction: Request to modify or supplement inaccurate or incomplete personal data.
Right to Erasure: Request to delete your account and the associated personal data (subject to retention requirements under applicable laws).
Right to Restrict Processing: Request to restrict or suspend the processing of your personal data in specific scenarios (e.g., when the accuracy of the data is disputed).
Right to Object: Object to the processing of your personal data for marketing or other non-essential purposes.
Depending on your country or region of residence, you may enjoy additional data protection rights granted by local laws:
California Residents (CCPA/CPRA): Right to request disclosure of the categories and specific contents of personal data collected; right to request deletion of personal data; right to opt out of the sale or sharing of personal data (we do not sell personal data); right to non-discrimination for exercising data rights.
European Economic Area (EEA) Residents (GDPR): Right to data portability (request to obtain your data in a structured, machine-readable format); right to withdraw consent at any time (without affecting the validity of processing based on prior consent); right to lodge a complaint with the local data protection authority.
Canadian Residents (PIPEDA): Right to access and correct personal data held by the Company; right to request an explanation of the purpose of data processing; right to report privacy violations to the Office of the Privacy Commissioner of Canada.
To protect your data security, please follow the following procedures when exercising your rights:
Submission Channel: Submit your request through the dedicated privacy management portal in your account settings, or send an email to the official privacy inquiry address.
Identity Verification: We will verify your identity through secure methods (e.g., verifying registered email, mobile phone number, or answering security questions) to ensure that the request is initiated by you personally.
Processing Timeframe: We will review and respond to your request within 45 business days. If the request is complex or involves a large amount of data, we may extend the processing time by up to 15 days and will notify you of the extension and the reasons for it.
Fee Standards: We do not charge fees for standard data rights requests. However, we reserve the right to charge reasonable fees for excessive, repetitive, or unfounded requests (based on the actual cost of processing) or to refuse such requests in accordance with the law.
Our services are strictly restricted to users who have reached the age of 18 (or the age of majority stipulated by the laws of their place of residence, whichever is higher). We do not intentionally collect, store, or process personal data of minors.
If we discover through proactive screening, user reports, or other means that we have inadvertently collected data from minors, we will immediately suspend the processing of such data and delete it completely within a reasonable time frame (without requiring prior notice, in accordance with the principle of protecting minors' rights). If you are a parent or guardian and find that a minor has used our services and provided personal data, please contact us immediately, and we will assist in deleting the relevant data after verifying your identity and guardianship rights.
If your personal data needs to be transferred to a country or region outside your place of residence (e.g., transferring data of EU residents to servers located in the United States), we will ensure that the transfer complies with applicable cross-border data transfer regulations and adopts sufficient security safeguards, including:
• Adopting the EU Standard Contractual Clauses (SCCs) recognized by the European Commission;
• Transferring data to countries or regions that have obtained an "adequacy decision" from the European Commission (indicating that their data protection standards are deemed sufficient);
• Requiring the receiving party to sign a privacy protection agreement that meets the requirements, ensuring that the data is protected at a level equivalent to that specified in this Policy.
Our services may contain links to third-party platforms or integrate third-party service modules (e.g., social media login buttons, third-party advertisements, in-game payment channels). This Policy does not apply to the data processing practices of these third parties.
We recommend that you carefully review the privacy policies, terms of service, and other relevant documents of third-party platforms before using their services, and make independent judgments on whether to use such third-party services. We are not responsible for the privacy protection behaviors of third parties that are beyond our control.
We may revise this Policy from time to time to adapt to changes in laws and regulations, technological developments, and business adjustments. The specific update process is as follows:
Notification of Material Changes:
If the revision involves material changes (e.g., expanding the scope of data collection, changing the purpose of data use, adjusting the rules for data sharing), we will notify you through multiple prominent channels (including but not limited to email notifications, in-app pop-up reminders, announcements on the official website) at least 30 days before the effective date of the revised Policy.
Effectiveness of Updates:
The revised Policy will take effect on the announced effective date. Your continued use of our services after the effective date will be deemed acceptance of the revised Policy. If you do not accept the revised Policy, you should stop using our services immediately and request to delete your account if necessary.
Version Archive:
We will retain the historical versions of this Policy and provide access to the historical versions through the official website or account settings, so that you can review the changes.
If you have any questions, concerns, or requests related to this Policy, or need to report a privacy violation, please contact us through the following official channels:
Dedicated Privacy Email: [email protected]
Response Commitment: We will send an acknowledgment of receipt to you within 2-3 business days after receiving your inquiry. For complex requests (e.g., data access, account deletion), we will process them in accordance with the timeframes specified in Section 7.3 and notify you of the progress and results in a timely manner.
Identity Verification Reminder: For requests involving the disclosure, modification, or deletion of sensitive data (e.g., account deletion, access to financial records), we will conduct strict identity verification to prevent unauthorized individuals from accessing or tampering with your data.