Legal & Privacy
Privacy Policy
How Arrow Puzzle Master collects, uses, and protects your personal information — and what rights you hold over it.
Effective Date — May 11th, 2026
Privacy is not a checkbox — it is a commitment we make to every person who plays Arrow Puzzle Master. This document explains, in plain terms, what data we gather when you engage with our app, why we need it, where it goes, and the controls you have over it. We collect only what is necessary, retain it only as long as required, and protect it with industry-standard safeguards.
What These Terms Mean
The following definitions apply throughout this Privacy Policy:
- Application
- Arrow Puzzle Master — the mobile puzzle game provided by the Company
- Company
- The entity that develops and operates Arrow Puzzle Master, referred to as "we," "us," or "our"
- Personal Data
- Any information that identifies or can reasonably be used to identify a natural person
- Usage Data
- Data generated automatically when you interact with the Application (session duration, features used, performance metrics)
- Device
- Any smartphone, tablet, or computer you use to access Arrow Puzzle Master
- Service Provider
- A third-party company or individual that processes data on our behalf to support our operations
- Advertising Identifier
- A resettable, non-permanent ID assigned by your device's operating system for ad-targeting purposes (GAID on Android, IDFA on iOS)
- You
- The individual accessing or using Arrow Puzzle Master
What Data Do We Gather?
Automatically Collected Information
Our systems automatically record technical data each time you launch Arrow Puzzle Master. This includes:
- Network identifiers — IP address, connection type (Wi-Fi, cellular)
- Device specifications — hardware model, operating system version, screen resolution
- Advertising identifiers — GAID (Android) and IDFA (iOS), both user-resettable
- Session metrics — gameplay duration, levels attempted, time-per-puzzle, feature interactions
- Diagnostic data — crash logs, error traces, and performance telemetry
- Mobile carrier info — network operator and unique device identifiers for troubleshooting
Information You Provide Voluntarily
Certain data is collected only when you actively choose to share it:
- PayPal account details (email address and display name) — provided solely for processing prize withdrawals and never stored beyond the transaction window
- In-app preferences — settings you configure within the puzzle game
- Support communications — messages you submit via our help channel
We operate on a data-minimalism principle: if a piece of information is not necessary to make Arrow Puzzle Master work correctly for you, we do not collect it.
Why Do We Need Your Data?
Every category of data we collect serves a specific, documented purpose:
- Service delivery — running game servers, syncing puzzle progress, and maintaining uptime
- Account management — processing registrations, handling preferences, and authenticating users
- PayPal withdrawals — fulfilling prize payouts securely to your linked PayPal account
- Communications — responding to support inquiries, sending product updates, and push notifications you opt into
- Analytics & improvement — studying gameplay patterns to identify bugs, balance difficulty, and develop new features
- Advertising — delivering relevant ads through our monetization partners
- Legal compliance — meeting obligations under applicable data protection and consumer protection laws
- Business continuity — facilitating potential mergers, acquisitions, or restructuring events
When Is Your Information Shared?
We do not sell your personal data. Sharing occurs only under these limited, defined circumstances:
| Recipient | Reason | Safeguards |
|---|
| Service Providers |
Analytics, hosting, crash reporting, and payment processing |
Contractual Data Processing Agreements (DPAs) |
| Ad Partners |
Delivering and measuring in-app advertisements |
Limited to advertising identifiers; no sensitive data shared |
| Corporate Affiliates |
Internal operations within our corporate family |
Subject to this same Privacy Policy |
| Business Transferees |
Mergers, acquisitions, or asset sales |
Prior notice given; same privacy standards required |
| Legal Authorities |
Court orders, subpoenas, or legal obligations |
Minimum data disclosed; legal review required |
| With Your Consent |
Any purpose you explicitly approve |
Consent obtained before sharing |
Your PayPal email address is never sold, rented, or shared beyond what is strictly necessary to process your withdrawal. It is shared with PayPal's systems only during the transaction itself.
Why Does the App Need Permissions?
Arrow Puzzle Master requests only the system permissions essential to its features. Here is a full account of each permission, its purpose, and what data it touches:
| Permission | Purpose | Data Involved |
|---|
INTERNET | Connect to game servers, ad networks, and update services | Network traffic data |
ACCESS_NETWORK_STATE | Detect network availability to optimize performance | Connection type and status |
ACCESS_WIFI_STATE | Identify Wi-Fi for stable data-heavy operations | Wi-Fi status, signal strength |
AD_ID | Deliver personalized advertisements | Resettable advertising identifier |
VIBRATE | Haptic feedback during puzzle interactions | None |
ACCESS_ADSERVICES_TOPICS | Provide topic-based ad interest signals (Privacy Sandbox) | Interest category signals only |
ACCESS_ADSERVICES_ATTRIBUTION | Measure ad campaign effectiveness | Attribution metrics (no PII) |
BIND_GET_INSTALL_REFERRER_SERVICE | Identify which campaign drove app installation | Referrer and campaign identifiers |
BIND_APPHUB_SERVICE | Optimize ad delivery via AppHub | Ad parameters and impression data |
ACCESS_ADSERVICES_AD_ID | Comply with Android Privacy Sandbox ad ID API | Ad service identifiers |
FOREGROUND_SERVICE | Maintain critical game processes when app is backgrounded | None |
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION | Secure internal broadcast communication | None |
Where Does Your Data Go?
Our Server Infrastructure
Arrow Puzzle Master operates its primary game server and analytics pipeline at:
https://bmzbt.arrowper.com/
This endpoint handles core gameplay delivery, puzzle progress synchronization, leaderboard updates, and player support requests. Anonymized usage metrics are also processed here — no personally identifiable information is stored in the analytics layer.
Endpoint Security Standards
- All connections use TLS 1.2 or higher encryption — data in transit is fully protected
- Role-based access controls ensure only authorized engineering personnel can access raw data
- Data minimization is enforced at every processing stage
- Regular penetration testing and vulnerability scans are conducted on all endpoints
- All third-party data handlers must sign Data Processing Agreements (DPAs) before receiving any user data
Is Your Data Safe?
We apply industry-standard security measures across every layer of our infrastructure:
Technical Controls
- TLS 1.2+ encryption for all data in transit
- Encryption at rest for stored personal data
- Strict role-based access policies
- Automated anomaly detection systems
Organizational Controls
- Scheduled security audits and penetration tests
- Employee privacy training and access governance
- Contractual security requirements for all partners
- Incident response procedures for breach scenarios
No electronic transmission or digital storage system can guarantee absolute security. While we apply commercially reasonable protections, we encourage you to use strong, unique credentials and report any concerns to meccawksa@gmail.com.
How Long Do We Store Your Data?
Retention follows the principle of necessity: we keep personal data only while it is actively required to fulfill the purposes described in this policy.
90 days
After 90 consecutive days of account inactivity, your Personal Data is permanently and irreversibly deleted from our active systems.
- Usage Data tied to active accounts is retained only for the duration required for the relevant operational purpose
- Aggregated, fully anonymized analytics data may be retained longer for product development purposes
- Upon deletion request, we purge your data within the timeframe required by applicable law
International Data Transfers
Arrow Puzzle Master serves players worldwide. Your data may be transferred to and processed on servers located in countries other than your country of residence — including countries that may have different data protection standards than your own.
Regardless of where processing occurs, we ensure that:
- All transfers are protected by TLS 1.2+ encryption
- Contractual safeguards (Standard Contractual Clauses or equivalent) are in place for cross-border transfers
- Hosting providers and partners are vetted to meet or exceed our minimum security and privacy requirements
Our Partners
Advertising Network
Arrow Puzzle Master monetizes through the AppLovin mediation network. Ad partners receive only the minimum data necessary for ad delivery and measurement — strictly no sensitive personal information.
Shared with Ad Partners
- Resettable advertising identifiers (GAID / IDFA)
- Device model, OS version, screen size
- Session frequency and engagement duration
- Ad impression and click metrics
- Country code and language preference
Never Shared with Ad Partners
- Email address or phone number
- PayPal account details
- Puzzle progress or gameplay history
- Account credentials
- Precise geolocation data
Ad Partner Privacy Policies
What About Children?
13+
Arrow Puzzle Master is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at meccawksa@gmail.com. We will promptly investigate and, where confirmed, delete the data without delay.
Users in the European Economic Area: the age threshold may be higher depending on local law (up to 16 in some Member States). We comply with jurisdiction-specific requirements.
What Rights Do You Have?
Depending on where you reside, one or more of the following data protection frameworks grants you specific rights. We honor every request made in good faith.
GDPR — European Economic Area & UK Residents
- Access — request a copy of all personal data we hold about you
- Rectification — correct inaccurate or incomplete personal data
- Erasure ("Right to be Forgotten") — request deletion where legally supported
- Restriction — limit the manner in which we process your data
- Object — object to processing based on legitimate interests or for direct marketing
- Portability — receive your data in a structured, machine-readable format
- Lodge a Complaint — contact your national supervisory authority
CCPA / CPRA — California Residents
- Right to Know — learn what categories of personal information we collect, use, disclose, and sell
- Right to Delete — request erasure of personal information we have collected from you
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out of Sale / Sharing — prevent sale or sharing of your personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive PI — restrict certain uses of sensitive personal information
- Right to Non-Discrimination — exercise these rights without receiving reduced or degraded service
VCDPA — Virginia Residents
- Access — confirm whether we process your personal data and obtain a copy
- Correct — fix inaccuracies in your personal data
- Delete — request deletion of personal data you have provided or we have collected
- Data Portability — receive your data in a portable, commonly used format
- Opt-Out — opt out of targeted advertising, sales of personal data, or profiling for significant decisions
- Appeal — appeal our response to your request if you believe it was handled incorrectly
To exercise any right listed above, email meccawksa@gmail.com with the subject line "Privacy Rights Request". We will verify your identity and respond within the timeframe required by applicable law (typically 30–45 days).
How Can You Opt Out?
Advertising Personalization
You can limit personalized advertising directly from your device settings — no account required:
- Android: Settings → Google → Ads → "Opt out of Ads Personalization" (or "Delete advertising ID" on Android 12+)
- iOS: Settings → Privacy & Security → Tracking → disable "Allow Apps to Request to Track," then Settings → Privacy & Security → Apple Advertising → disable "Personalized Ads"
Sale of Personal Data
To opt out of data sales (as defined under CCPA/CPRA), send an email to meccawksa@gmail.com with the subject line "Do Not Sell My Data". Your request will be processed within 15 business days.
Marketing Communications
To stop receiving promotional emails or push notifications, use the unsubscribe link in any email we send, or disable notifications in your device's app settings for Arrow Puzzle Master.
Data Breach Notification
In the unlikely event of a security breach that affects your personal information, we are committed to acting swiftly and transparently:
- We will notify affected users within 72 hours of discovering a breach where required by law
- Notification will be delivered via the email address registered to your account or through a prominent in-app notice
- The notification will describe: the nature of the breach, the categories of data affected, the likely consequences, and the measures we have taken or are taking
- We will also notify the relevant supervisory authority where legally required (e.g., under GDPR)
- If you suspect unauthorized access to your account, contact us immediately at meccawksa@gmail.com
Do Not Track Signals
Some browsers and mobile operating systems include a "Do Not Track" (DNT) feature that signals your preference not to be tracked across apps and websites.
Currently, there is no uniform industry standard for how mobile apps must respond to DNT signals. As a result, Arrow Puzzle Master does not alter its data collection practices in response to DNT signals at this time.
However, you can achieve equivalent privacy controls using the opt-out mechanisms described in the How Can You Opt Out? section above. We will update this section if and when a standardized DNT response becomes legally required.
Will This Policy Change?
We may update this Privacy Policy periodically to reflect changes in our practices, applicable law, or the features of Arrow Puzzle Master. When we do:
- The revised policy will be published at this URL with an updated "Effective Date"
- For material changes — changes that meaningfully affect your rights or our data practices — we will notify you via email or a prominent in-app notice at least 7 days before the changes take effect
- Your continued use of Arrow Puzzle Master after the effective date constitutes acceptance of the updated policy
- If you object to any change, you may delete your account and cease using the Application before the new policy takes effect
How to Reach Us
We take privacy questions seriously. Whether you have a question, a request, or a concern, our team is here to help.
48 hrs
We commit to acknowledging every privacy-related inquiry within 48 hours, and to providing a substantive response within the timeframe required by your local law.