Privacy Policy of Bow of Lila
PLEASE READ THIS PRIVACY POLICY ("Policy") CAREFULLY. It describes how Bow of Lila ("Company", "we", "us", or "our") collects, uses, discloses, and safeguards the information of players ("you", "your", or "user") who download, install, access, or play any version of the game ("Game") on any platform (mobile, PC, console, cloud, browser, or other).
By installing, accessing, or continuing to use the Game, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must discontinue use of the Game immediately.
This Policy applies to all personal data and non-personal data collected through:
(a) the Game itself;
(b) any Company-operated websites, forums, or sub-domains;
(c) customer support channels;
(d) surveys, contests, or sweepstakes;
(e) social media pages or integrations;
(f) third-party storefronts (Apple App Store, Google Play, Steam, PlayStation Network, Xbox Live, Nintendo eShop, Amazon Appstore, Samsung Galaxy Store, Huawei AppGallery, Meta Quest Store, itch.io, and any future storefronts).
"Personal data" means any information relating to an identified or identifiable natural person.
"Non-personal data" means information that, by itself, cannot be used to identify you.
"Device" means the mobile phone, tablet, handheld console, PC, set-top box, VR headset, or other hardware you use to access the Game.
We collect information in the following ways:
3.1 Information You Voluntarily Provide
- Account registration: username, display name, password, email address, date of birth, country, preferred language.
- Profile enrichment: avatar image, biography, social media handles, clan or guild affiliation.
- Payment data: billing address, partial card number, Pay email, transaction IDs. We don't store full card numbers or bank account details; these are handled by licensed payment processors.
- Communications: support tickets, live-chat transcripts, forum posts, feedback forms, survey answers, contest entries, voice-chat logs (if abuse is reported).
- User-generated content: custom levels, skins, mods, screenshots, videos, or streams uploaded or tagged with our official hashtags.
3.2 Information Collected Automatically
- Device identifiers: advertising ID (IDFA / GAID), Android serial, iOS identifierForVendor, hardware MAC address, console unique device ID, Steam ID.
- Technical specs: OS version, GPU model, CPU model, RAM, display resolution, system language, battery level, thermal state.
- Network data: IP address, Wi-Fi SSID, mobile carrier, connection type (3G/4G/5G/Wi-Fi/Ethernet), VPN exit node detection.
- Gameplay telemetry: levels completed, achievements unlocked, session duration, in-game purchases, virtual currency balances, matchmaking latency, anti-cheat detections, crash dumps, stack traces.
- Advertising data: ad impressions viewed, ad clicks, ad conversions, attribution data from partners such as Adjust, AppsFlyer, Unity Ads, Google Ads, Meta Audience Network, ironSource, Vungle, or Applovin.
- Social graph: friends lists imported from Facebook, Game Center, Google Play Games, Steam, Discord, Xbox Live, PlayStation Network, Nintendo Account, Epic Online Services, or any other platform you choose to link.
3.3 Information from Third-Party Sources
- Platform operators: Apple, Google, Valve, Sony, Microsoft, Nintendo, Meta, Amazon, Samsung, Huawei, Epic, itch.io provide us with your platform-level ID, subscription status, entitlement receipts, and parental-control flags.
- Advertising partners: demographic or interest segments (for example "action games enthusiasts," "18-24 age bracket," "likely to make in-app purchases").
- Data brokers: fraud-prevention vendors (e.g., Sift, Kount) may share risk scores associated with your email or device fingerprint.
We process personal data only when at least one lawful basis applies:
(a) Contractual necessity — to create and maintain your account and deliver the Game.
(b) Legitimate interests — to prevent fraud, debug, improve features, and market similar games.
(c) Consent — for sending e-mail marketing, for using cookies not strictly necessary, forgeo, location, or for collecting sensitive categories of data.
(d) Legal obligation — to comply with tax, accounting, child-protection, and data-retention laws.
(e) Vital interests — in extreme cases to protect the life or safety of any person.
- To create and authenticate your account.
- To provide gameplay, cloud save, matchmaking, leaderboards, and social features.
- To process payments and issue refunds.
- To detect and investigate cheating, fraud, piracy, abusive chat, or other violations of our Terms of Service.
- To customize difficulty, offers, and advertisements.
- To communicate patch notes, downtime, security alerts, and promotional offers.
- To conduct A/B tests, machine-learning model training, and statistical research (always on pseudonymized data).
- To comply with legal requests, court orders, and regulatory investigations.
We use:
- Strictly necessary cookies for login sessions.
- Performance cookies for analytics (Unity Analytics, Google Analytics, GameAnalytics, Amplitude).
- Functional cookies for language and accessibility preferences.
- Targeting cookies for interest-based ads. You can revoke consent or manage cookies through in-game settings, browser settings, or platform-level controls (iOS "Allow Apps to Request to Track," Android "Opt out of Ads Personalization," etc.).
We share data with:
- Service providers: cloud hosting (AWS, Azure, Google Cloud, OVH), customer support (Zendesk, Helpshift), payment processors (Stripe, PayPal, Xsolla, Apple, Google, Sony, Microsoft, Nintendo), live-ops backend (PlayFab, Firebase, Epic Online Services), analytics and attribution partners (listed above).
- Advertising and monetization partners: ad networks, ad mediation platforms, brand advertisers.
- Social features: when you opt-in, friends on the same platform can see your profile, scores, and presence.
- Business transfers: if we merge, acquire, or are acquired, data will transfer subject to this Policy.
- Law enforcement: when we believe in good faith disclosure is necessary to prevent harm or comply with law.
- Aggregated statistics: we may publish reports containing aggregate or de-identified data (e.g., "54 % of players completed the third level").
We operate globally. Personal data may be processed in the United States, Canada, Ireland, Germany, Japan, Singapore, South Korea, Brazil, or other jurisdictions where our servers or service providers are located. We rely on:
- Adequacy decisions (e.g., EU → Canada);
- Standard Contractual Clauses approved by the European Commission;
- UK International Data Transfer Addendum;
- Brazil LGPD Standard Contractual Clauses;
- Binding Corporate Rules where applicable;
Account data: retained until you delete your account or for a maximum of 5 years of inactivity.
Payment data: retained for the period required by tax and accounting laws (typically 7-10 years).
Marketing consent: retained until you withdraw consent or 3 years after last interaction.
Anti-cheat logs: retained for 6 months unless further investigation is needed.
Support tickets: retained for 3 years after closure.
Analytics raw logs: retained for 26 months, then aggregated.
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you. Rectify inaccurate data.
- Delete data ("right to be forgotten").
- Restrict processing.
- Port data in machine-readable format.
- Object to processing based on legitimate interests or direct marketing.
- Withdraw consent at any time (without affecting prior processing).
- Lodge a complaint with a supervisory authority (e.g., your local Data Protection Authority).
To exercise any right, email support@ringbit.com or use the in-game "Data Subject Rights" portal. We may ask for verification such as government ID or account credentials.
The Game is not directed to children under 13 (or 16 in the EEA and UK, 14 in Spain, 18 in Brazil without parental consent). We do not knowingly collect personal data from such users. If we discover a child has registered, we will delete the account unless verifiable parental consent is obtained. Parents may contact us at support@ringbit.com.
We apply a risk-based information-security program designed to protect the confidentiality, integrity, and availability of your data. Our safeguards include:
(a) Organizational measures
- Mandatory security training and background checks for employees and contractors.
- Role-based access control (RBAC) enforced through single-sign-on (SSO) and multi-factor authentication (MFA).
- Quarterly internal audits and annual external penetration tests by accredited firms.
- Incident-response plan aligned with ISO/IEC 27035; 24/7 security-operations-center (SOC) monitoring.
(b) Technical measures
- Encryption in transit using TLS 1.3 (HTTPS), certificate pinning on mobile clients, and secure WebSocket (WSS) for real-time features.
- Encryption at rest for databases (AES-256), backups (AES-256), and object storage (SSE-S3, SSE-KMS).
- Segmented network architecture (VPCs, subnet isolation, zero-trust micro-segmentation).
- Anti-cheat engine employing kernel-level driver monitoring (where permitted by platform policy), behavioral analysis, and heuristic detection.
- Data-loss-prevention (DLP) rules to block unauthorized uploads or emails containing personal data.
- Secure software-development lifecycle (SSDLC) including static analysis, dynamic analysis, dependency scanning, and mandatory code review.
(c) Physical measures
- Tier-III or higher colocation data centers with 24/7 guards, CCTV, biometric access, and mantraps.
- Hardware security modules (HSMs) for cryptographic key storage.
- Redundant power, fire-suppression, and environmental controls per ASHRAE guidelines.
Despite these measures, no method of transmission or storage is 100 % secure. In the event of a personal-data breach likely to result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware.
The Game may contain links to websites, Discord servers, Reddit communities, Twitch streams, or social-media pages not operated by us. When you click a link or enable an integration (e.g., Spotify overlay, YouTube thumbnail preview), you are subject to that third party’s privacy policy. We encourage you to review their policies before providing any personal data.
We may update this Policy from time to time. The "Last updated" date at the top will change, and, where required by law, we will provide prominent notice (e.g., push notification, email, in-game banner). Material changes that reduce your rights will require your explicit consent. If you do not accept the revised Policy, you must stop using the Game; continued use constitutes acceptance.
For any questions about this Policy or our privacy practices, please contact us:
Email: support@ringbit.com