Privacy Policy for Tinybop’s Apps on Apple Arcade

Welcome to Tinybop, a studio of designers, developers and artists building a suite of educational applications for kids – what we call the toys for tomorrow. Tinybop, Inc. (“Tinybop”, “we”, “us”, and “our”) is committed to protecting your privacy.

We have prepared this Privacy Policy to describe our practices regarding the handling and collection of information we collect through our Tinybop applications (“Arcade Applications”) available through Apple Arcade, a service of Apple Inc. (“Apple”), and our services made available through or related to the Arcade Applications (“Services”).

A general privacy policy covering our other digital offerings including our website and mobile and tablet applications is available at http://tinybop.com/privacy

This Privacy Policy will apply to anyone accessing or downloading one of our Arcade Applications or using our Services (“Users” or “you”).

The Arcade Applications are made available through Apple Arcade, a service of Apple. Apple and other third parties may ask you to provide your information in connection with your use of Apple Arcade or your other contact with Apple or an Apple affiliated company.

A NOTE TO USERS OUTSIDE OF THE UNITED STATES.

Your information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of information may be less stringent than the laws in your country.

A NOTE ABOUT CHILDREN.

Protecting the privacy of children is of the utmost important to us. The Arcade Applications have been designed to be family friendly and to be suitable for use by children. We have limited the way in which we collect data to ensure we comply with the Children’s Online Privacy Protection Act (COPPA) regarding the collection of children’s personal information. If you have any questions or concerns relating to your child’s use of the Arcade Applications please contact us at our Contact Information below. You can learn more about the Children’s Online Privacy Protection Act at http://www.coppa.org/.

WHAT WE COLLECT.

Before we get started, it may be helpful to further define some terms. “Personal Information” means information that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing information. We collect information about you, including Personal Information, in a range of ways.

INFORMATION YOU GIVE US.

We collect information you directly give us via a support request (outside of the Arcade Applications themselves) or by contacting us directly. If you are seeking support, we collect the information that you provide to us when we provide support. Support requests are handled through a service called Help Scout. Help Scout automatically erases any information we collect via the Help Scout service within 45 days after support requests are closed by us. Should there be an error that prevents automatic erasure within that timeframe, we will manually erase the information promptly upon becoming aware of the error. During a support request, at your option we may collect your email address so that we can send you information about our products and services. You may elect not to receive this information at any time by notifying us at our Contact Information below. 

INFORMATION AUTOMATICALLY COLLECTED.

When you play the Arcade Applications, game play data is stored in your iCloud account storage to sync your game progress across devices. If you are signed in to Game Center on your Apple device, Apple will receive your game play activity, including scores and achievements. We do not receive or store this data on our servers.

If a User chooses to contact us via support (outside of the Arcade Applications themselves), we automatically collect that User’s email address, IP address, and any information might be contained in the email’s metadata such as the User’s name. Help Scout automatically erases any information we collect via the Help Scout service within 45 days after support requests are closed by us. Should there be an error that prevents automatic erasure within that timeframe, we will manually erase the information promptly upon becoming aware of the error.

USE OF DATA.

We use your information we collect only to provide the Arcade Applications, including:  

  • We use your information to provide support and to operate, maintain, and improve the Arcade Applications and the Services.
  • We use your information to respond to comments and questions and provide customer service or technical support.
  • We use your information to send support and administrative messages.
  • We use your information to send information about our products and services if you elect to receive such messages.
  • We use your information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity, and to comply with legal obligations.

SHARING OF DATA.

We may share your information as follows:

  • We may share your information for legal, protection, and safety purposes.
  • We may share your information to comply with laws.
  • We may share your information to respond to lawful requests and legal process.
  • We may share your information to protect the rights and property of Tinybop, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
  • We may share your information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
  • We may share your information with those who need it to do work for us.

DATA RETENTION.

Tinybop will retain your Personal Information and other information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

INFORMATION CHOICES AND CHANGES.

Users can decline to provide data and can withdraw permission after initially providing it. You may withdraw your consent at any time by contacting us at our Contact Information below. In addition, Users have certain rights with respect to their information which vary depending on local laws. These rights may include the ability to request access, correction, or deletion of Personal Information. To exercise these rights, you may contact us at our Contact Information below. Please note that we may ask you to verify your identity before responding to such requests.

Our marketing emails tell Users how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.

DATA PROTECTION STATEMENT FOR EUROPEAN ECONOMIC AREA USERS

A few definitions:

Personal Data

Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively and will list them in this Privacy Policy.

Data Subject (or User)

Data Subject (or User) is any living individual who is using our Services and is the subject of Personal Data.

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), Tinybop’s legal basis for collecting and using the Personal Data described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Tinybop may process your Personal Data because:

  • We need to perform a contract with you.
  • You have given us permission to do so.
  • The processing is in our legitimate interests and it's not overridden by your rights.
  • To comply with the law.

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Tinybop aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us at our Contact Information below.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the information we have on you. 
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where Tinybop relied on your consent to process your Personal Data.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Data Processors / Service Providers

We sometimes employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Services-related services, or to assist us in analyzing how our Services are used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. 

The Service Providers we use in our Arcade Applications include:

  • iCloud is a service provided by Apple Inc. that allows us to save app data between devices. 
  • Game Center is a service provided by Apple Inc. that allows us to connect Users to each other, to save game data, and display high scores. 

Help Scout is a service that allows us to track support tickets. 

Retention of Data

Tinybop will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Tinybop will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

If contacted by a User who wants access to their Personal Data, we will attempt to give them access to their data within a reasonable period of time. As we generally do not collect Personal Data, this will generally be limited to email addresses of Users who have contacted us for support.

Disclosure of Law Enforcement

Under certain circumstances, Tinybop may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Legal Requirements

Tinybop may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation.
  • To protect and defend the rights or property of Tinybop.
  • To prevent or investigate possible wrongdoing in connection with the Services.
  • To protect the personal safety of Users of the Services or the public.
  • To protect against legal liability.

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We take steps to help protect personal information. No company can fully prevent security risks, however. Mistakes may happen. Bad actors may defeat even the best safeguards.

CONTACT INFORMATION

We welcome your comments or questions about this Privacy Policy. You may contact us at (our “Contact Information”):

Tinybop Inc.

Attn: Data Privacy Officer
540 Atlantic Avenue
5th Floor
Brooklyn, NY 11217
Tel: 516-500-1967
Email: privacy@tinybop.com

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy. If we make any changes, we will change the “last revised on” date below.

Last revised on: September 16, 2019