Last Updated: April 12, 2026
1. Consent and Policy Coverage
Knotwise Studios Inc ("the Company," "we," "us," or "our") is committed to safeguarding the privacy and security of user information across our digital entertainment services. By accessing or using our platforms, games, social features, or premium services, you confirm that you have read, understood, and agreed to the data practices described in this Privacy Policy ("Policy"). Continued use after updates constitutes acceptance of the revised terms.
This Policy governs the full lifecycle of personal information, including collection, storage, processing, usage, transmission, and protection, to deliver clear and trustworthy privacy safeguards.
2. Data Categories and Collection Sources
We follow the principle of minimum necessary collection and manage sensitive data with strict controls.
2.1 Voluntarily Provided Information
When registering, activating features, or interacting with our services, you may choose to provide:
• Identity data: Legal name, government-issued ID (for age and compliance checks)
• Contact details: Verified email, phone number, physical address (for prizes or support)
• Account security: Username, encrypted password, biometric data (if enabled), avatar
• Demographics: Date of birth, gender, general location (for eligibility verification)
• Payment information: Encrypted card details, billing address, transaction history
• User content: In-game chat, posts, likes, shares, and uploaded media
2.2 Automatically Collected Information
During usage, our systems may gather technical and usage data:
• Device details: Hardware model, OS version, unique identifiers, network settings
• Activity data: Game preferences, session length, feature usage, interaction patterns
• Performance data: Crash logs, error reports, load times, network status
• Location data: GPS coordinates (only with permission), IP-based approximate location; VPN usage is not permitted while using our services
2.3 Information from Third Parties
With your consent or under contractual agreements, we may receive data from:
• Social platforms: Basic profile info from linked Facebook, Google, or Apple accounts (per their authorization)
• Service partners: Identity verification results, fraud risk reports, security assessments
• Advertising and analytics providers: Campaign performance, engagement metrics (via Google Analytics, Firebase, AppsFlyer, etc.), under their own privacy policies
2.4 Identity Verification (KYC) Information
To meet legal, anti-fraud, and compliance rules, we may require Know-Your-Customer checks, including:
• Full name, birth date, nationality
• Government ID numbers (passport, driver's license)
• Selfies or verification videos
We use trusted vendors such as Sumsub to process this data securely. KYC information is retained only as required by law; we typically store verification results rather than full documents. We do not sell or monetize biometric data.
2.5 Sensitive Data Handling
Sensitive data (biometrics, official ID numbers) is processed only when legally required or essential for security. We obtain explicit consent where mandated. Third-party processors are bound by strict confidentiality terms. You may decline to provide certain sensitive data, but this may limit access to some features.
3. Purposes and Limits of Data Use
We use information only to the extent needed to operate and improve our services.
3.1 Service Delivery
• Manage accounts, verify identity, and protect security
• Process payments, refunds, and prize redemptions
• Support multiplayer, social features, and cross-device sync
• Provide customer service and resolve inquiries
3.2 Service Improvement
• Analyze behavior to refine gameplay, UI, and features
• Develop new functions based on user trends
• Monitor stability, fix bugs, and optimize performance
• Offer personalized recommendations (can be disabled in settings)
3.3 Security and Compliance
• Detect fraud, unauthorized access, and account takeovers
• Enforce anti-cheating and fair-play policies
• Uphold our Terms of Service and contest rules
• Meet legal duties including age verification, tax reporting, and anti-money laundering
3.4 User Communication
• Send critical updates (security, service changes, policy revisions)
• Deliver promotional messages (may opt out via settings or unsubscribe links)
• Conduct surveys and collect feedback to enhance quality
4. Data Sharing and Disclosure Rules
We do not sell or rent personal data. Sharing occurs only in limited, legitimate situations.
4.1 Authorized Service Providers
We share necessary data with partners bound by strict privacy contracts:
• Cloud storage (AWS, Google Cloud, Azure)
• Payment processors (Stripe, PayPal, official store channels)
• Analytics and measurement tools (Google Analytics, AppsFlyer)
• Customer support platforms (Zendesk, Intercom)
All partners are required to protect data and use it solely for authorized purposes.
4.2 Legal Disclosure
We may disclose information as required by law:
• To comply with court orders, subpoenas, or government requests
• To meet tax reporting obligations
• To assist law enforcement in investigating illegal activity
4.3 Business Transfers
In a merger, acquisition, or asset sale, user data may transfer as a business asset. The receiving party will be required to honor this Policy, and users will be notified where permitted.
5. Data Security Safeguards
We use industry-standard systems to protect against unauthorized access, disclosure, alteration, or destruction.
5.1 Technical Measures
• TLS 1.3 encryption for data in transit
• AES-256 encryption for stored sensitive data
• Multi-factor authentication and unusual login alerts
• Firewalls, intrusion detection, vulnerability scanning, and penetration testing
5.2 Administrative Measures
• Role-based access control (RBAC) and full access logging
• SOC 2 compliant infrastructure
• Employee privacy and security training, plus binding confidentiality agreements
6. Data Retention Periods
We keep data only as long as needed for the stated purposes.
• Active accounts: 36 months from last login or activity; inactive accounts are anonymized or deleted
• Financial records: 84 months (7 years) for tax and compliance
• Support records: 24 months after case closure
• Marketing preferences: Until you opt out, then deleted or deactivated
Expired data is permanently erased or destroyed using secure methods.
7. User Data Rights and How to Exercise Them
You may exercise the following rights under applicable laws:
7.1 General Rights
• Access: Request a copy of your personal data
• Correction: Fix inaccurate or incomplete information
• Erasure: Request account and data deletion (where legally allowed)
• Restriction: Ask to limit processing in specific cases
• Objection: Opt out of non-essential processing like marketing
7.2 US State-Specific Rights
Residents of California (CCPA/CPRA) may request disclosure of collected data, request deletion, opt out of sale/sharing (we do not sell data), and receive non-discriminatory treatment.
7.3 How to Submit Requests
• Use the in-account privacy portal or email our dedicated privacy address.
8. We will verify your identity before processing
We respond
within 45 business days; complex requests may take an additional 15 days.
Standard requests are free; excessive or repetitive requests may incur a fee.
9. Minor Protection
Our services are limited to users aged 18 or older (or the local age of majority, whichever is higher). We do not knowingly collect data from minors. If we become aware of minor data, we will delete it immediately. Parents or guardians may contact us to remove minor-related information.
10. Cross-Border Data Transfers
If data is transferred outside the United States, we ensure compliance with applicable laws using approved mechanisms, adequate protection levels, and written agreements requiring equivalent safeguards.
11. Third-Party Service Notice
Our services may contain links or integrations to third-party platforms. This Policy does not apply to those services. We encourage you to review their privacy terms before use.
12. Policy Updates
We may revise this Policy to reflect legal, technical, or business changes. Material updates will be announced at least 30 days in advance via email, in-app notice, or website post. The revised version takes effect on the stated date. Continued use constitutes acceptance. Historical versions are archived for reference.
13. Privacy Inquiries and Contact
For questions, concerns, or requests related to this Policy:
• Official Privacy Email: [email protected]
• We send a confirmation within 2-3 business days
• Complex requests (access, deletion) follow the timeline in Section 7.3
• Identity checks apply to all sensitive data requests