US Privacy Policy

1. Introduction

This US State Privacy Notice supplements the BizSim Game Studios Privacy Policy and applies to residents of US states with comprehensive privacy legislation, including California (California Consumer Privacy Act / California Privacy Rights Act, "CCPA/CPRA"), Virginia (Virginia Consumer Data Protection Act, "VCDPA"), Colorado (Colorado Privacy Act, "CPA"), Connecticut (Connecticut Data Privacy Act, "CTDPA"), Montana (Montana Consumer Data Privacy Act, "MCDPA"), Oregon (Oregon Consumer Privacy Act, "OCPA"), Texas (Texas Data Privacy and Security Act, "TDPSA"), and any other US state privacy laws that may become applicable.

This notice applies when BizSim Game Studios ("we," "us," or "our"), a company based in Istanbul, Turkey, collects personal information as defined by these laws from residents of the above states through our mobile games, websites, and related services (collectively, the "Services").

If you have questions about this notice or wish to exercise your privacy rights, contact us at privacy@bizsim.com.

2. Categories of Personal Information Collected

In the preceding 12 months, we may have collected the following categories of personal information as defined under the CCPA and other applicable state privacy laws:

A. Identifiers

• In-game username and account credentials
• Email address
• Device identifiers (e.g., IDFA, GAID, Android ID)
• IP address
• Advertising identifiers
• User identification numbers linked to publicly available information

B. Internet or Other Electronic Network Activity

• Browsing history and interactions with our websites
• Gameplay interactions, session data, and in-app activity logs
• Application performance and crash/debugging information
• Current progress in our Services and the date and time of activity
• Information about activities on or through connected third-party platforms

C. Geolocation Data

• Approximate location derived from IP address
• Country and region information
• We do not collect precise geolocation data (GPS coordinates)

D. Commercial Information

• In-app purchase history and transaction records
• Payment information processed through platform providers (Google Play, Apple App Store)
• Records of virtual goods or services obtained

E. Device and Usage Information

• Device type, model, and manufacturer
• Operating system and version
• System language and locale settings
• Network and carrier data
• Application version
• Screen resolution and display metrics

F. Inferences

• Gameplay preferences and behavioral patterns
• Engagement patterns and player segments
• Predicted interests for content personalization

G. Audio/Visual Information

• Profile photos, if voluntarily provided
• Profile information such as name, age, gender, or image that you choose to share

H. Other Personal Information

• Messages sent to the Service (e.g., chat logs, player support tickets)
• Any other information you choose to provide to our customer service or other teams

3. Sources of Personal Information

Directly From You

• Account registration and profile creation
• In-app actions, gameplay interactions, and settings preferences
• Customer support requests and communications
• Survey responses and feedback submissions
• Chat messages and social interactions within our Services

Automatically Collected

• Device sensors and operating system information
• Gameplay events, session analytics, and usage telemetry
• Crash reports and diagnostic data
• Cookies, pixels, and similar tracking technologies on our websites

From Third Parties

• Platform providers (Google Play, Apple App Store) including purchase verification data
• Social media platforms when you use social login features
• Advertising and analytics partners
• Attribution and fraud prevention service providers

4. Purposes of Collection and Disclosure

We collect, use, and disclose personal information for the following business and commercial purposes:

• Operating our business, games, and related Services
• Providing game mechanics, functionality, and core gameplay experiences
• Customer service and player support
• Facilitating players' social interactions
• Product development, testing, and improvement
• Maintaining, enhancing, and optimizing our Services
• Advertising, marketing, and player acquisition
• Personalized advertising and content recommendations (with opt-out available)
• Detecting, investigating, and protecting against security incidents, fraud, and illegal activity
• Legal compliance and responding to lawful requests from public authorities
• Research and development to improve player experiences
• Analytics and performance measurement
• Enforcing our terms of service and other agreements

5. Third Parties We May Share Information With

We may disclose personal information to the following categories of third parties for business purposes:

• Cloud Infrastructure and Storage Providers - hosting, data storage, and computing services
• Analytics and Performance Partners - gameplay analytics, crash reporting, and performance monitoring
• Advertising and Marketing Partners - ad networks, demand-side platforms, and attribution providers
• Payment and Transaction Processors - payment processing, billing, and auditing services
• Customer Service Vendors - support ticket platforms and communication tools
• Quality Assurance Vendors - testing and bug tracking services
• Security and Safety Vendors - fraud prevention, anti-cheat, and cybersecurity services
• Social Media Services - social login integrations and sharing features
• Platform Providers - Google Play, Apple App Store, and related platform services
• Legal and Compliance Advisors - law firms, auditors, and consultants as required

We may also disclose personal information when required by law, regulation, legal process, or governmental request, or to protect our rights, privacy, safety, or property.

6. Sale and Sharing of Personal Information

We do not "sell" personal information in the traditional sense of exchanging it for monetary consideration. However, under the CCPA/CPRA and certain other state privacy laws, the sharing of identifiers (such as device identifiers and advertising IDs) and internet activity data with advertising partners for targeted advertising purposes may constitute a "sale" or "sharing" of personal information.

Specifically, we may share the following categories of personal information with advertising partners in ways that could be considered a "sale" or "sharing" under applicable law:

• Identifiers (device identifiers, advertising IDs)
• Internet or other electronic network activity information
• Inferences drawn from the above categories

We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

We do not use or disclose sensitive personal information for purposes beyond what is necessary to provide the Services, and we do not use sensitive personal information for profiling purposes.

7. Your Rights

Depending on your state of residence, you may have some or all of the following rights regarding your personal information:

We will not discriminate against you for exercising any of these rights. We will not deny you goods or services, charge you different prices, or provide a different quality of service because you exercised a privacy right.

8. How to Exercise Your Rights

Response Time: We will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 days of receiving your verifiable request. If we need additional time, we may extend the response period by an additional 45 days, and we will notify you of the extension and the reason for it.

Identity Verification: To protect your privacy and security, we may need to verify your identity before fulfilling your request. We may ask you to provide information that matches information we already have on file. If we cannot verify your identity, we may deny the request.

Frequency: You may make a verifiable consumer request for access or data portability up to twice within any 12-month period.

No Fee: We will not charge a fee for processing or responding to your verifiable consumer request unless the request is manifestly unfounded, excessive, or repetitive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

9. Right to Appeal

If we deny your privacy request in whole or in part, you have the right to appeal our decision. To submit an appeal:

• Email privacy@bizsim.com with the subject line "Privacy Request Appeal" within 60 days of receiving our denial
• Include a copy of or reference to the original request and our denial response
• Explain why you believe the denial was in error

We will respond to your appeal within 60 days of receipt. Our response will include a written explanation of any action taken or not taken in response to your appeal, including an explanation of the reasons for the decision.

If you are still unsatisfied after the appeal process, you may have the right to contact your state attorney general to file a complaint. Contact information for relevant state attorneys general:

• California: California Attorney General
• Virginia: Virginia Attorney General
• Colorado: Colorado Attorney General
• Connecticut: Connecticut Attorney General

10. Opt-Out of Sale or Sharing

You may opt out of the sale or sharing of your personal information by contacting us at privacy@bizsim.com. We will process your opt-out request and use information provided in the request solely for the purpose of reviewing and complying with it.

You may also use the following device-level privacy controls to limit data sharing with advertising partners:

• iOS: Settings > Privacy & Security > Tracking > Disable "Allow Apps to Request to Track"
• Android: Settings > Google > Ads > Opt out of Ads Personalization (or "Delete advertising ID" on Android 12+)

If you wish to opt back in to the sale or sharing of personal information at any time, you may contact us at privacy@bizsim.com.

We also honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out of sale/sharing request for that browser or device.

11. Authorized Agent

You may designate an authorized agent to submit privacy requests on your behalf, in accordance with applicable law. To do so, provide written proof of your agent's permission to act on your behalf, such as a signed authorization letter or a valid power of attorney. We may also require you to verify your own identity directly with us.

Requests from authorized agents may be denied if adequate written proof of authorization is not provided or if the agent's identity cannot be verified.

12. Sensitive Personal Information

Specifically, we do not collect:

• Social Security numbers, driver's license numbers, state ID numbers, or passport numbers
• Account log-in credentials combined with security or access codes (beyond game account passwords)
• Precise geolocation data (GPS coordinates)
• Racial or ethnic origin information
• Religious or philosophical beliefs
• Union membership information
• Contents of mail, email, or text messages (unless directed to us)
• Genetic or biometric data for identification purposes
• Health or medical information
• Information concerning sex life or sexual orientation

If you believe we have collected sensitive personal information, please contact us at privacy@bizsim.com.

13. Automated Decision-Making

We may use automated processes for the following purposes:

• Gameplay Analytics: To analyze player behavior, balance game mechanics, and improve gameplay experiences
• Ad Personalization: To determine which advertisements may be relevant to you based on gameplay activity and inferred interests
• Fraud Detection: To identify and prevent fraudulent or unauthorized activity within our Services
• Player Segmentation: To group players for content recommendations, in-game offers, and feature rollouts

These automated processes do not produce decisions with legal or similarly significant effects on you. We do not use automated decision-making for employment, credit, insurance, housing, or other decisions that have a legal or similarly significant effect.

Under the CCPA/CPRA and other applicable state laws, you have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. If you believe any automated processing affects you in such a manner, contact us at privacy@bizsim.com.

14. Minors Under Age 16

We do not knowingly direct our Services to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected personal information from a child under 13, we will promptly delete that information.

We do not sell or share the personal information of consumers we know to be under 16 years of age without affirmative authorization. For minors between 13 and 16 years of age, the minor must provide opt-in consent. For children under 13, a parent or guardian must provide opt-in consent.

In accordance with the Children's Online Privacy Protection Act (COPPA) and applicable state laws, we do not serve targeted or behavioral advertising to users known to be under 13 years of age.

Parental Rights: Parents or legal guardians may request access to, review, or deletion of their child's personal information by contacting us at privacy@bizsim.com. We will verify the identity of the requesting parent or guardian before fulfilling the request.

15. Financial Incentives

We may offer programs that could be considered "financial incentives" under applicable privacy laws:

1. In-Game Rewards for Advertisements: We may offer in-game rewards (such as virtual currency or items) for viewing video advertisements or engaging with sponsored content. By choosing to participate, we and our advertising partners may use information collected during these interactions to serve more relevant ads. You can opt out at any time by choosing not to watch or engage with rewarded advertisements.
2. Rewards for Surveys and Questionnaires: We may offer in-game rewards for completing optional surveys that help us improve our Services or understand our player community. Participation is entirely voluntary, and you may choose not to participate without any impact on your gameplay experience.

The value of these incentives is reasonably related to the value of the data provided. We estimate the value based on the expense related to offering the incentive and the revenue generated from the use of the data collected. You may withdraw from any financial incentive program at any time by ceasing participation.

16. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Our general retention periods are:

• Account Data: Retained for the duration of your active account plus 30 days after account deletion or the last recorded activity
• Analytics and Usage Data: Retained for up to 26 months from the date of collection
• Financial and Transaction Records: Retained as required by applicable tax and financial laws (typically 5-7 years)
• Customer Support Records: Retained for up to 24 months after resolution of the support inquiry
• Advertising Data: Retained for up to 13 months, consistent with industry standards

When personal information is no longer needed for any purpose and retention is not required by law, we will securely delete or de-identify it.

17. Definitions

"Personal Information"

Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. It excludes de-identified or aggregated consumer information, publicly available information, health or medical information covered by HIPAA or the California Confidentiality of Medical Information Act, and information covered by specific sector privacy laws such as the Gramm-Leach-Bliley Act or the Fair Credit Reporting Act.

"Deidentified Information"

Information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, provided that a business maintaining such information has implemented technical safeguards, business processes, and contractual obligations that prohibit reidentification of the consumer.

"Aggregate Consumer Information"

Information that relates to a group or category of consumers, from which individual consumer identities have been removed, and that is not linked or reasonably linkable to any consumer or household, including via a device.

"Sensitive Personal Information" (SPI)

Includes personal information that reveals Social Security, driver's license, state identification card, or passport numbers; account log-in credentials with required security or access codes; precise geolocation; racial or ethnic origin; religious or philosophical beliefs; union membership; contents of consumer's mail, email, or text messages (unless the business is the intended recipient); genetic data; biometric information processed for identification purposes; health information; and information concerning a consumer's sex life or sexual orientation.

"Targeted Advertising"

Displaying advertisements to a consumer where the advertisement is selected based on personal data obtained or inferred from that consumer's activities over time and across nonaffiliated websites or online applications to predict such consumer's preferences or interests. Targeted advertising does not include: (a) advertisements based on activities within the controller's own websites or applications; (b) advertisements based on the context of a consumer's current search query or visit to a website; or (c) advertisements directed to a consumer in response to the consumer's request for information or feedback.

18. State-Specific Notices

The following state-specific provisions supplement this notice:

California (CCPA/CPRA)

California residents have all rights described in this notice under the California Consumer Privacy Act as amended by the California Privacy Rights Act. The California Attorney General and the California Privacy Protection Agency (CPPA) have enforcement authority. You may also submit complaints directly to the CPPA at cppa.ca.gov.

Virginia (VCDPA)

Virginia residents have the right to access, correct, delete, obtain a copy of, and opt out of the processing of personal data for targeted advertising, sale, or profiling. The Virginia Attorney General has enforcement authority.

Colorado (CPA)

Colorado residents have rights to access, correct, delete, obtain a portable copy of, and opt out of the processing of personal data for targeted advertising, sale, or profiling. The Colorado Attorney General has enforcement authority. We honor universal opt-out mechanisms as required by the CPA.

Connecticut (CTDPA)

Connecticut residents have rights to access, correct, delete, obtain a portable copy of, and opt out of the processing of personal data for targeted advertising, sale, or profiling. The Connecticut Attorney General has enforcement authority.

Montana (MCDPA)

The Montana Consumer Data Privacy Act has been effective since October 1, 2024. Montana residents have rights similar to those described above, including rights to access, correct, delete, and opt out of the sale of personal data and targeted advertising.

Oregon (OCPA)

The Oregon Consumer Privacy Act has been effective since July 1, 2024. Oregon residents have rights to access, correct, delete, obtain a list of third parties to whom data has been disclosed, and opt out of the processing of personal data for targeted advertising, sale, or profiling.

Texas (TDPSA)

The Texas Data Privacy and Security Act has been effective since July 1, 2024. Texas residents have rights to access, correct, delete, obtain a portable copy of, and opt out of the processing of personal data for targeted advertising, sale, or profiling. The Texas Attorney General has enforcement authority.

Other States

As additional US states enact comprehensive privacy legislation, we will extend the rights and protections described in this notice to residents of those states in accordance with applicable law. This may include but is not limited to Delaware, Iowa, Indiana, Tennessee, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, and Kentucky.