Privacy Policy

Last updated: 2026-05-02 · Effective date: 2026-05-02

This Privacy Policy describes how Breaking Shot! (the "App" or "Game"), published and operated by [[RAGIONE_SOCIALE_O_NOMINATIVO_LEGALE]] ("we", "our" or the "Controller"), collects, uses and protects users' personal data. The Policy applies to the App distributed via Google Play Store and to all related services published on breakingshot.rvsg.net.

The document is drafted under Regulation (EU) 2016/679 ("GDPR"), Italian Legislative Decree 196/2003 as amended ("Privacy Code"), Google Play guidelines and — where applicable — the California Consumer Privacy Act ("CCPA") and the Children's Online Privacy Protection Act ("COPPA").

1. Data controller

Legal name: [[RAGIONE_SOCIALE_O_NOMINATIVO_LEGALE]]
Address: [[INDIRIZZO_COMPLETO_REGISTRATO]]
VAT / Tax ID: [[P.IVA_O_CODICE_FISCALE]]
Privacy contact email: [[EMAIL_PRIVACY]]

2. Types of data collected

The App is designed to minimize personal data collection. Under the current configuration the data processed are:

2.1 Data collected automatically

Device identifiers: Android Advertising ID (AAID), device model, OS version, language, time zone.
IP address: processed exclusively for technical purposes (security, fraud prevention, request routing) and truncated/anonymised where possible.
Technical game data: graphics/audio settings, selected language, aggregated game events and session statistics (e.g. score, level, session length).

2.2 Data voluntarily provided by the user

Email address: only if the user voluntarily contacts our support email.

2.3 Data potentially collected via third-party services

The App does not currently use third-party analytics tools.

The App does not contain advertising.

The App does not use automated third-party crash-reporting tools.

3. Purposes and legal bases

Purpose	Legal basis
Operating the Game and providing the requested features	Art. 6(1)(b) GDPR — performance of the contract (EULA accepted at install).
Security, fraud prevention, debugging	Art. 6(1)(f) GDPR — legitimate interest in providing a secure service.
Compliance with legal obligations (e.g. authority requests)	Art. 6(1)(c) GDPR — legal obligation.

4. How and where data is processed

Data are processed using electronic means, with appropriate security measures including encrypted transmissions (HTTPS / TLS). Servers and third-party services (e.g. Google) may also process data outside the European Economic Area. For extra-EU transfers we rely on adequate safeguards such as the Standard Contractual Clauses adopted by the European Commission or adequacy decisions under arts. 45–46 GDPR.

5. Retention period

Technical session data: kept only as long as strictly needed to provide the service, normally not longer than 90 days.
Contact emails: kept for the time needed to handle the request and for an additional 12 months for follow-up.
Security logs: kept for a maximum of 12 months.
Legal obligations: data may be retained longer if required by mandatory rules (e.g. tax, accounting).

6. Recipients of the data

Google LLC / Google Ireland Ltd. — distribution via Play Store, Play Billing, Play Games Services (if used).
Cloudflare, Inc. — hosting and CDN provider for breakingshot.rvsg.net.
Competent authorities, upon a duly motivated request and within the limits of the law.

Data is not sold to third parties for marketing purposes.

7. User rights (arts. 15–22 GDPR)

The user is entitled, at any time, to:

obtain confirmation as to whether or not personal data exist and access them (right of access);
have inaccurate or incomplete data corrected;
have data erased ("right to be forgotten") in the cases provided by art. 17 GDPR;
obtain restriction of processing;
object to processing on grounds relating to the user's particular situation;
receive the data in a structured, machine-readable format (portability);
withdraw consent at any time, without affecting the lawfulness of prior processing;
lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or another competent supervisory authority.

To exercise these rights, write to [[EMAIL_PRIVACY]].

8. Advertising identifier and device controls

On Android the user can reset or delete the Advertising ID under Settings → Privacy → Ads. From Android 12+ it is also possible to fully disable ad personalisation. The App and its SDKs respect those settings.

9. Children

The App is not designed for use by children under 13 (or under the minimum age set by the law applicable in the user's jurisdiction). We do not knowingly collect personal data of children below such threshold. Should we become aware of such collection, we will promptly delete the data. Parents or guardians may contact us at [[EMAIL_PRIVACY]].

10. Security

We adopt technical and organisational measures appropriate under art. 32 GDPR to protect data from unauthorised access, loss, destruction or alteration. All communications to our servers occur over encrypted connections (TLS 1.2+).

11. California residents (CCPA)

California residents are entitled, under the California Consumer Privacy Act, to know which categories of personal information are collected, request their deletion, and opt out of the "sale" of their data. We do not sell personal information as defined by CCPA. To exercise these rights, write to [[EMAIL_PRIVACY]].

12. Changes to this Policy

We may update this Policy to reflect regulatory or operational changes. Versions will be dated (see "Last updated" at the top) and published on this page. Periodic review is recommended.

13. Contact

Privacy email: [[EMAIL_PRIVACY]]
Address: [[INDIRIZZO_COMPLETO_REGISTRATO]]