← BACK TO HOME

PRIVACY POLICY

Last updated: April 14, 2026

1. DATA CONTROLLER

MagneticWorld ("the Game") is developed and published by ObanekLabs, acting as the data controller under the EU General Data Protection Regulation (Regulation 2016/679, "GDPR").

Contact for privacy matters: [email protected]

2. INFORMATION WE COLLECT

We collect the minimum information necessary to provide our services:

• Account data: email address and display name when you register. If you sign in with Apple, we receive your Apple ID identifier (and optionally name/email if you share it).
• Gameplay data: level scores, completion times, star ratings, and leaderboard rankings, stored to provide leaderboards and sync progress across devices.
• Purchase data: in-app purchases are processed entirely by Apple through the App Store. We store a record of unlocked content but do not process or store payment information.
• Analytics events: anonymized product events (e.g. level started, level completed, app opened) to measure game usage. No precise device fingerprinting or cross-site tracking.

3. INFORMATION WE DO NOT COLLECT

• We do NOT collect your precise location.
• We do NOT collect contacts or phone data.
• We do NOT serve advertisements or share data with ad networks.
• We do NOT use third-party analytics SDKs (Google Analytics, Firebase, Facebook SDK, etc.).
• We do NOT perform automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR).
• We do NOT knowingly collect data from children under the applicable digital consent age (see Section 8).

4. LEGAL BASIS FOR PROCESSING (GDPR Art. 6)

• Performance of a contract (Art. 6(1)(b)): account creation, authentication, gameplay sync, leaderboard participation, delivery of paid content, and transactional emails.
• Legitimate interest (Art. 6(1)(f)): fraud prevention, leaderboard integrity, abuse detection, and internal security logging. Our legitimate interest is balanced against your rights and freedoms.
• Legal obligation (Art. 6(1)(c)): retention of purchase records to comply with tax and consumer-protection laws.
• Consent (Art. 6(1)(a)): where explicitly requested (e.g. optional email communications). You may withdraw consent at any time without affecting the lawfulness of past processing.

5. HOW WE USE YOUR INFORMATION

• To authenticate you and maintain your account.
• To display your scores on global and daily leaderboards.
• To sync your game progress across sessions and devices.
• To send transactional emails (account confirmation, password reset, purchase receipts).
• To detect and prevent fraud, abuse, and cheating.
• To measure product usage via anonymized event counts.

6. DATA STORAGE, SECURITY AND INTERNATIONAL TRANSFERS

Your data is stored in the European Union: Supabase on AWS eu-west-1 (Ireland), inside the European Economic Area ("EEA"). Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We use Row-Level Security (RLS) policies so users can only access their own data. Passwords are hashed using bcrypt and never stored in plaintext.

We apply the security principles of ISO/IEC 27001 (information security management), GDPR Art. 32 (security of processing), and OWASP ASVS (application security verification). Access to production systems is restricted to authorized personnel and logged.

International transfers: transactional emails are delivered via Resend. Where any sub-processor transfers data outside the EEA, we rely on Standard Contractual Clauses (EU Commission Decision 2021/914) and additional technical safeguards as required by GDPR Arts. 44–49.

7. DATA RETENTION

• Account data: retained while your account is active; deleted within 30 days after account deletion request.
• Gameplay and leaderboard data: retained while the account is active; anonymized or deleted on account deletion.
• Analytics events: retained up to 12 months in aggregated form, then deleted.
• Purchase records: retained up to 10 years where required by applicable tax/consumer law.
• Security logs: retained up to 90 days for fraud and abuse detection.

You can request deletion of your account and all personal data at any time by emailing [email protected]. We respond within 30 days (GDPR Art. 12(3)).

8. CHILDREN'S PRIVACY

MagneticWorld is rated for ages 4+. We do not knowingly collect personal information from children under the digital consent age applicable in their country of residence (16 years under GDPR Art. 8, lowered to 13–15 in some Member States). If you are a parent or guardian and believe your child has provided personal information, contact us at [email protected] and we will delete it promptly.

9. THIRD-PARTY SUB-PROCESSORS

• Supabase Inc.: backend database and authentication, EU region (supabase.com/privacy).
• Apple Inc.: app distribution and in-app purchase processing (apple.com/privacy).
• Resend, Inc.: transactional email delivery (resend.com/privacy).
• Cloudflare, Inc.: landing page hosting and DNS (cloudflare.com/privacy).

10. YOUR RIGHTS UNDER GDPR

If you are in the EU/EEA, UK or Switzerland, you have the following rights:

• Right of access (Art. 15): obtain a copy of your personal data.
• Right to rectification (Art. 16): correct inaccurate data.
• Right to erasure / "right to be forgotten" (Art. 17).
• Right to restrict processing (Art. 18).
• Right to data portability (Art. 20): receive your data in a machine-readable format.
• Right to object (Art. 21) to processing based on legitimate interest.
• Right to withdraw consent (Art. 7) at any time, without affecting past lawful processing.
• Right not to be subject to automated decision-making (Art. 22). We do not perform such processing.
• Right to lodge a complaint (Art. 77) with your local supervisory authority. A full list is available at edpb.europa.eu/about-edpb/members.

To exercise any of these rights, contact [email protected]. We respond within 30 days.

11. COOKIES

The landing page (magneticworld.pages.dev) does not set tracking cookies. The iOS app does not use cookies. Only strictly necessary session tokens are used for authentication, which are not considered cookies under the ePrivacy Directive.

12. CHANGES TO THIS POLICY

We may update this policy. Material changes will be highlighted and the "Last updated" date revised. Continued use of the Game after the effective date of changes constitutes acceptance of the revised policy.

13. CONTACT US

For any privacy matter, including GDPR requests:
[email protected]

© 2026 OBANEKLABS • MAGNETICWORLD