Astro Cat — Privacy Policy

Last updated: January 30, 2026

This Privacy Policy (“Privacy Policy”) explains how Astro Cat collects, uses, stores and discloses personal data when you access or use our websites, games, applications and related services (collectively, the “Services”). By using the Services, you acknowledge that your personal data will be processed as described in this Privacy Policy.

If you have questions or requests regarding this Privacy Policy, contact: privacy@astrocat.co

Note for app stores: This Privacy Policy supports the App Store Connect “App Privacy” declaration and Google Play “Data safety” form. We publish accurate disclosures in app store metadata reflecting the data types collected, whether data is linked to the user, and whether data is used for tracking or shared with third parties.

1. Who We Are (Data Controller)

The data controller responsible for processing your personal data depends on your location:

  • For users located in the European Union / EEA: Astro Cat, LDA (Portugal).
    Data Controller (EU/EEA): Astro Cat, LDA

  • For users located outside the EU / EEA: Astro Cat L.L.C‑FZ (United Arab Emirates).
    Data Controller (non‑EU): Astro Cat L.L.C‑FZ

References to “Astro Cat”, “we”, “us” or “our” mean the applicable Astro Cat entity acting as data controller.

2. Scope of This Policy

This Privacy Policy applies to personal data collected through:

  • our games and applications;

  • our websites;

  • customer support and communications; and

  • analytics, advertising and marketing activities related to the Services.

Business‑to‑business services provided under separate written agreements are governed by those agreements and not by this Privacy Policy.

3. Personal Data We Collect

We collect different types of personal data depending on how you use the Services.

3.1 Data you provide directly

  • Name or username;

  • Email address;

  • Date of birth or age confirmation (where required);

  • Account credentials (username/password — note we store a hashed password);

  • Customer support communications (messages, logs);

  • Payment or purchase information when you make purchases (note: payment card data is processed by third‑party payment providers; we do not store full card numbers);

  • Information you provide in forms, surveys or promotions.

3.2 Data collected automatically

  • IP address;

  • Device identifiers (e.g., IDFA, IDFV, Android Advertising ID / GAID) and device type;

  • Platform and SDK identifiers;

  • Operating system and version;

  • Language and region settings;

  • Gameplay activity, session length and in‑game events;

  • Crash reports, performance and diagnostic data;

  • In‑app purchase and subscription status (if applicable);

  • Usage analytics and aggregated metrics.

3.3 Data from third parties

  • Data we receive from app stores or distribution platforms (e.g., Apple, Google, Steam);

  • Analytics and attribution providers;

  • Advertising partners (in aggregated or pseudonymised form);

  • Social login providers, if you choose to use them.

SDKs and third‑party services We use third‑party SDKs and services (for analytics, crash reporting, attribution, and advertising). These may collect data such as device identifiers, diagnostics, and usage information. A list of subprocessors and third‑party providers is available on request at privacy@astrocat.co. We update this list periodically.

4. Purposes and Legal Bases for Processing (GDPR)

We process personal data for the purposes described below. Where you are an EU/EEA user, we indicate the applicable legal basis under the GDPR.

  • Providing and operating the Services — Performance of a contract (where you have an account or purchase).

  • Account management and customer support — Performance of a contract; where applicable, Legitimate interests (to respond to inquiries).

  • Improving gameplay, features and stability (product improvement, bug fixes) — Legitimate interests (we may conduct a balancing test; details available on request).

  • Analytics and usage measurement — Legitimate interests and/or Consent (for analytics that involve personal identifiers or cross‑site tracking; consent where required).

  • Marketing communications — Consent where required by law; in some jurisdictions we may rely on Legitimate interests (you may opt out at any time).

  • Advertising and attribution — Consent where required by law.

  • Fraud prevention, security and abuse detection — Legitimate interests and/or legal obligation.

  • Legal compliance and enforcement — Legal obligation.

Tracking / ATT (iOS) On iOS devices, we may request permission to track you across apps and websites owned by other companies using the AppTrackingTransparency (ATT) framework. We will only perform tracking after obtaining your consent via the system prompt. If you decline, we will not use the IDFA for tracking purposes.

Where processing is based on consent, you may withdraw your consent at any time (see “Your Rights” below). Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

5. Cookies and Similar Technologies

We use cookies, SDKs and similar technologies (collectively “cookies”) to operate and improve the Services.

Categories we use:

  • Strictly necessary cookies — required for the basic operation of the Services.

  • Preferences cookies — remember your settings and preferences.

  • Statistics / Analytics cookies — measure how you use the Services (may be pseudonymised).

  • Marketing / Advertising cookies — used for personalised advertising and attribution.

In the EU/EEA, cookies other than strictly necessary ones are used only with your consent. You can manage cookie settings via our cookie banner or your device/browser settings. Disabling non‑essential cookies may affect functionality.

6. Analytics and Advertising

We use third‑party analytics, attribution and advertising providers to understand usage and deliver ads. Examples of categories of providers include game analytics, crash reporting, attribution services and advertising networks. If you want details about specific providers (e.g., Google Analytics, Unity, Appsflyer), contact privacy@astrocat.co.

Personalised advertising & opt‑out We may use data to provide personalised ads. Where required by law, we obtain consent before using personal data for personalised advertising. Users may opt out of personalised advertising by adjusting device settings (e.g., limit ad tracking) or by contacting privacy@astrocat.co. For Android advertising identifiers, users can reset or opt‑out via device settings; for iOS, tracking requires ATT consent.

We do not sell personal data. Where required by law (for example under CCPA/CPRA), we will provide mechanisms to opt out of the sale or sharing of personal information for targeted advertising.

7. How We Share Personal Data

We may share personal data with:

  • Service providers acting as processors (hosting, analytics, customer support, payment processors);

  • Platform partners (app stores and distribution platforms);

  • Professional advisors (legal, accounting);

  • Affiliates for internal operational purposes;

  • Advertising partners and ad networks for delivering and measuring ads;

  • Law enforcement, regulators or other authorities when required by law or to protect rights and safety.

We require service providers to process personal data only on our instructions and to implement appropriate technical and organisational safeguards.

8. International Data Transfers

Personal data may be processed in countries outside your country of residence. For transfers from the EU/EEA, we rely on appropriate safeguards, such as:

  • European Commission adequacy decisions (where applicable);

  • Standard Contractual Clauses approved by the European Commission;

  • Other lawful transfer mechanisms under applicable data protection laws.

You may request a copy of the safeguards (e.g., SCCs) by contacting privacy@astrocat.co.

Standard Contractual Clauses: For transfers from the EU/EEA to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards. A copy of the SCCs used is available on request.

9. Data Retention

We retain personal data only as long as necessary to provide the Services, to comply with legal obligations, to resolve disputes, and to enforce our agreements. Typical retention periods:

  • Account information: duration of account activity + 2 years;

  • Customer support and communications: 2 years from last contact;

  • Crash reports and diagnostics: 12 months;

  • Aggregated analytics: up to 36 months;

  • Purchase & transaction records (for tax/accounting/legal compliance): 7 years;

  • Marketing consents/preferences: while consent valid + 2 years after withdrawal.

Retention periods are indicative and may be extended to meet legal obligations or legitimate business needs. After the retention period, data will be deleted or anonymised.

App store receipts and related purchase records are retained to comply with app store rules and financial/legal obligations (see Purchase & transaction records: 7 years).

10. Your Rights

If you are in the EU/EEA, you have the following rights under the GDPR:

  • Right of access to personal data;

  • Right to rectification of inaccurate data;

  • Right to erasure (right to be forgotten) subject to legal exceptions;

  • Right to restriction of processing;

  • Right to object to processing (including profiling);

  • Right to data portability;

  • Right to withdraw consent where processing is based on consent;

  • Right to lodge a complaint with a supervisory authority.

For users outside the EU/EEA, you may have similar rights under local laws.

How to exercise your rights

  • Send a request to privacy@astrocat.co. Please include your name, email associated with your account, a description of the request and any documents needed to verify your identity.

  • We will respond within one month of receipt of a valid request. We may extend this period by up to two additional months for complex requests, notifying you of the extension and reasons. Where required, we may request additional information to verify your identity before fulfilling the request.

CCPA requests (if applicable) California residents may request disclosure of categories of personal information collected, purposes, categories of sources, and recipients. To make such requests contact privacy@astrocat.co. We will verify requests and respond within applicable statutory timeframes.

If you are not satisfied with our response, EU/EEA users may lodge a complaint with their local supervisory authority.

11. Children’s Privacy

Our Services are not directed to children below the minimum age required by applicable law. We do not knowingly collect personal data from children without valid parental consent.

Where local law sets a higher age for processing without parental consent (for example, up to 16 in certain EU member states), that age applies. If we learn that we have collected personal data from a child without required parental consent, we will take steps to delete such data.

If you believe a child has provided personal data without consent, contact privacy@astrocat.co.

12. Security

We implement reasonable technical and organisational measures designed to protect personal data appropriate to the risk (for example, encryption of data in transit, access controls and regular security testing). However, no system is completely secure and we cannot guarantee absolute security.

In case of a personal data breach that is likely to result in a risk to rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required and notify affected individuals without undue delay when required by law.

Incident reporting to app stores: Where required by platform rules or law, we will report security incidents affecting app users to the relevant app store and follow required remediation steps.

You are responsible for keeping your account credentials confidential.

13. Third‑Party Links and Services

The Services may contain links to third‑party websites or services. We are not responsible for the privacy practices or content of third parties. Please review their privacy policies before providing personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the most recent revision.

If changes are material, we will take reasonable steps to notify you (for example, by email or an in‑app or on‑site notice). Continued use of the Services after the update constitutes acceptance of the revised Privacy Policy.

15. Contact Us

For privacy‑related questions or requests, email: privacy@astrocat.co

Data Controller (EU/EEA): Astro Cat, LDA
Data Controller (non‑EU): Astro Cat L.L.C‑FZ 

If you need a copy of our Standard Contractual Clauses or other transfer safeguards, or a detailed list of subprocessors, contact privacy@astrocat.co.