Privacy

Updated 2025-09-26

We protect player data with modern security, minimal collection, and transparent controls.

Principles

Only collect what’s needed to run the service and keep it fair.
Encrypt data in transit; restrict access internally.
Clear options to access, export or delete your data.

Detailed policy (English) below governs. Translations are for convenience.

1. Scope & Who We Are
2. Data We Collect
3. How We Use Data & Legal Bases
4. Fair Play & Anti-Cheat
5. Sharing & Service Providers
6. Cookies & Similar Tech

7. International Transfers
8. Security
9. Retention
10. Your Rights (GDPR/CCPA etc.)
11. Children
12. Changes & Contact

1) Scope & Who We Are

This Privacy Policy explains how ChallenThem (“we”, “us”, “our”) handles information when you use our websites, games, chats and related services (the “Services”). If you do not agree with this Policy, please do not use the Services.

2) Data We Collect

Account & identifiers: email, username/handle, session tokens, device/browser identifiers, IP-based general location (city/region level).
Gameplay & telemetry: match results, timing and accuracy metrics, leaderboards, anti-cheat signals (e.g., latency anomalies), crash/diagnostic logs.
Transactional data: virtual credits balances, $CHEM utility usage, purchase records and payouts (where available) via payment partners (we do not store full card details).
Communications & UGC: messages in ChallenCHAT, highlights you share, reports you submit, support tickets and email correspondence.
Cookies/SDK data: page views, language preference, referral, approximate geolocation, basic analytics to keep the platform reliable and fair.

3) How We Use Data & Legal Bases

Provide the Services (performance of a contract): run matches, rankings, chat, authentication, restore sessions, deliver notifications you request.
Integrity & safety (legitimate interests / legal obligations): anti-cheat, abuse prevention, content moderation, fraud/KYC where required.
Improvements (legitimate interests): debug, measure performance, develop new modes, balance games, and enhance UX.
Communications (consent / legitimate interests): service emails, product updates, and optional marketing (opt-out anytime).
Compliance (legal obligations): tax/financial recordkeeping, regulatory requests and dispute handling.

4) Fair Play & Anti-Cheat

To protect competitive integrity we analyze gameplay timing, device/network context and suspicious patterns. We may temporarily restrict features or require additional verification. Anti-cheat data is used only to secure fair play and enforce our Terms.

Vendors/Processors: hosting/CDN, analytics, security/anti-abuse, communications, payment/KYC providers (where applicable). They act under contract and may only process data on our instructions.
Legal & safety: we may disclose information if required by law or to protect users, our rights, or the Service.
Business events: in a merger, acquisition or similar event, data may transfer subject to this Policy or a successor policy with equal or stronger protections.
No sale of personal data: we do not sell personal information.

6) Cookies & Similar Technologies

We use strictly necessary cookies (login, security, language) and limited analytics/diagnostics. Where required by law, we will provide consent controls. You can also adjust your browser settings to block non-essential cookies; some features may break.

7) International Transfers

We operate globally. Where data moves across borders, we apply appropriate safeguards (e.g., SCCs/IDTA, vendor audits, and minimal collection). By using the Services, you understand your data may be processed in countries with different laws than yours.

8) Security

We apply layered security: encryption in transit (TLS), access controls, least-privilege roles, monitoring and routine reviews. No system is perfectly secure; report issues at Support.

9) Data Retention

We keep data only as long as necessary for the purposes above, then delete or anonymize it. Typical examples: account/session logs (months), anti-cheat signals (rolling windows), payment records (as required by law), support tickets (operational need).

10) Your Rights (GDPR/CCPA etc.)

Access/Portability: request a copy of your data.
Correction/Deletion: rectify inaccuracies or ask us to delete data (subject to lawful exceptions).
Objection/Restriction: object to processing based on legitimate interests or ask to limit certain uses.
Consent withdrawals: you may withdraw marketing/optional consents at any time.
CCPA/CPRA: California users have rights to know, delete, correct, and opt-out of sharing/sale (we do not sell personal data).
How to exercise: contact us via Support. We may verify your identity before fulfilling requests.

11) Children

The Services are not directed to children where prohibited by local law. If you believe we collected data from a child without proper consent, contact us to remove it.

12) Changes & Contact

We may update this Policy; material changes will be signaled by updating the “Updated” date above. Your continued use means you accept the changes.

Contact: For privacy questions or rights requests, visit Support.

Language note: For clarity and legal certainty, the English version governs. Non-English translations are for convenience only.