Privacy Policy

Last updated: 23 December 2025

This Privacy Policy explains how Vortex Lab s.r.o. (“Vortex Lab“, “we“, “us“, “our“) collects, uses, shares, and protects personal data when you use our mobile games and related services (the “Services“).

Online version: Privacy Policy – Expedition Mahjong – Vortex Lab

If you do not agree with this Privacy Policy, please do not use the Services.

  1. Data Controller
  • Vortex Lab s.r.o., a company registered in the Czech Republic, acts as the data controller for personal data processed in connection with the Services.
  • Contact: support@vortexlab.io
  • This Privacy Policy applies to our Android and iOS mahjong game and any related in‑game features, ads, and analytics.
  1. Information We Collect

The game does not require you to provide personal information such as your name, email address, or phone number to use it. Any data we collect is limited to the categories described below.

2a. Information You Provide to Us

  • Support and feedback: When you contact us by email (e.g., for customer support, bug reports, or feedback), we collect the information you choose to provide, which may include your email address and message content.

2b. Automatically Collected Information – Analytics and Crash Reports

When you use the game, we and our service providers automatically collect certain non‑identifying information, such as:

  • Device information:
    • Device model (e.g., iPhone 13, Samsung Galaxy S21);
    • Operating system and OS version;
    • App version;
    • Device language (used to set a default language for the game).
  • In‑game events and usage data:
    • Levels played and completion status;
    • Session duration and frequency of play;
    • In‑game actions and buttons pressed;
    • Rewards claimed and ads viewed;
    • Gameplay events that help us understand player behavior.
  • Crash and error data:
    • Crash reports and error logs;
    • Performance metrics and device diagnostics.
  • Location (limited):
    • We do not collect precise GPS location data.
    • General country or region may be inferred from IP address or app store region for analytics purposes.

2c. Advertising Identifiers

  • Ad networks may receive and use mobile advertising identifiers, such as:
    • Apple Identifier for Advertisers (IDFA) on iOS;
    • Android Advertising ID (AAID) on Android.
  • These identifiers enable ad networks to deliver and measure ads, personalize content, and prevent fraud.
  1. Legal Basis for Processing

Our processing of personal data is based on:

  • Performance of a contract: to provide the game and deliver core functionality you request.
  • Legitimate interests: to improve the game, fix bugs, prevent fraud, analyze gameplay patterns, and enhance user experience.
  • Consent: for personalized ads and optional analytics where required by law (e.g., GDPR). You may withdraw consent at any time via device settings or in‑app tools.
  • Legal obligation: to comply with applicable laws and respond to lawful requests from authorities.
  1. How We Use Your Information

We use the information described above for the following purposes:

  • Provide and operate the Services:
    • Deliver the game and its features;
    • Process in‑app purchases and subscriptions;
    • Deliver interstitial and rewarded ads.
  • Analytics and improvement:
    • Understand how players interact with the game (e.g., which levels are challenging, session length, player retention);
    • Identify and fix bugs, crashes, and performance issues;
    • Improve user experience and game balance.
  • Personalization:
    • Set a default language based on your device language;
    • Remember local settings on your device.
  • Advertising:
    • Serve targeted, contextual, or personalized ads based on advertising identifiers;
    • Measure ad performance and prevent fraud.
  • Legal and security:
    • Detect and prevent fraud, cheating, abuse, or misuse;
    • Comply with legal and regulatory obligations;
    • Enforce these Terms & Conditions and the Privacy Policy;
    • Respond to legal processes or government requests.
  1. How We Share Information

We may share information with:

  • Service providers and processors:
    • Analytics providers (e.g., Firebase, Adjust);
    • Ad networks and mediation platforms;
    • Crash reporting services;
    • Cloud infrastructure and hosting providers.
      These providers process data on our behalf under data processing agreements and are bound by confidentiality.
  • Platform operators:
    • Apple and Google receive information related to purchases, subscriptions, and app store analytics as part of their store services.
  • Legal recipients and authorities:
    • We may disclose information where required by law, in response to lawful requests from courts, law enforcement, or government agencies, or to protect our legal rights.
  • Business transfers:
    • If Vortex Lab is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction.

We do not sell your personal data in the traditional sense of directly selling identified user profiles. However, some advertising integrations may be considered a “sale” or “sharing” under certain privacy laws (e.g., CCPA). Where applicable, you may have opt‑out rights via your device settings.

  1. International Data Transfers

Our service providers may process data in countries outside the EU/EEA, including countries that may not have equivalent data protection standards.

Where required by law (e.g., GDPR), we use appropriate safeguards for such transfers, including:

  • Standard Contractual Clauses (SCCs);
  • Binding corporate rules;
  • Adequacy decisions; or
  • Other mechanisms recognized by applicable data protection authorities.
  1. Data Retention

We retain personal data only for as long as necessary to achieve the purposes described in this Privacy Policy or as required by law.

In general:

  • Analytics and crash data: Typically retained for 3–24 months by our service providers, then aggregated or deleted.
  • Support correspondence: Kept as long as necessary to handle your request and to comply with legal or accounting obligations (typically 1–3 years).
  • Advertising identifiers: Used by ad networks per their retention policies; typically deleted or reset annually.

We do not routinely archive or maintain historical profiles of individual users.

  1. Children’s Privacy

Age Rating and Eligibility:

  • The game is rated 4+ on app stores and is designed to be suitable for a general audience.
  • Children under 16 may use the game only with parental permission and supervision (see Terms & Conditions, Section 1).

No Direct Collection from Minors:

  • We do not knowingly collect personal data directly from children under 16 without verifiable parental consent where required by law.
  • The game does not require registration or ask children to provide identifying information.
  • Analytics collected are non‑identifying (device model, OS version, gameplay events) and do not target children specifically.

Parental Action Upon Discovery:

  • If we become aware that we have collected personal data from a child in a way that requires parental consent under applicable law, and such consent has not been obtained, we will:
    • Take reasonable steps to delete or anonymize that data;
    • Contact the parent or guardian to inform them and obtain consent if processing continues;
    • Limit further processing to strictly necessary operational purposes.

Parental Controls:

  • Parents and guardians are encouraged to:
    • Use device‑level parental controls to manage in‑app purchases and screen time.
    • Reset or disable the Advertising ID in device settings to limit ad tracking.
    • Review app permissions in their device settings.
  1. Your Privacy Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Right of access: Obtain confirmation of whether we hold your data and request a copy of it.
  • Right to correction: Correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): Request deletion of your data, subject to legal exceptions.
  • Right to restrict processing: Limit how we use your data.
  • Right to object: Object to certain processing, including for marketing purposes.
  • Right to data portability: Receive your data in a structured, portable format.
  • Right to withdraw consent: Withdraw consent for processing based on consent at any time.
  • Right to lodge a complaint: File a complaint with your local data protection authority.

To exercise your rights:

  • Contact us at support@vortexlab.io.
  • We will verify your request and respond within 30 days (or as required by applicable law).
  • We may decline requests in limited circumstances, such as when exceptions apply under law.
  1. Advertising and Tracking Controls

Limit Ad Tracking:

You can control how you are tracked for advertising purposes using your device settings:

  • iOS:
    • Open Settings → Privacy & Security → Tracking.
    • Toggle “Allow Apps to Request to Track” off to prevent tracking, or select individual apps to disable tracking.
    • Alternatively, go to Settings → Privacy & Security → Apple Advertising to reset your Advertising ID.
  • Android:
    • Open Settings → Google → Manage Your Google Account → Data & Privacy.
    • Scroll to “Ad settings” and select “Reset Advertising ID” or disable personalized ads.
    • Alternatively, go to Settings → Apps & notifications → Permissions and disable location, app usage, or other relevant permissions.

Effect:

  • You will still see ads in the game, but they may be less personalized or relevant.
  • Opting out may not prevent the game or ad networks from collecting analytics data.
  1. Cookies and Similar Technologies

The mobile game itself does not use traditional browser cookies.

However, our analytics and advertising partners may use SDKs (software development kits) and similar tracking technologies to collect device identifiers and in‑game event data for analytics and advertising purposes.

Where required by law (e.g., GDPR or ePrivacy Directive), we will obtain your consent before deploying such technologies. You can withdraw consent at any time through your device settings or in‑app tools.

  1. Security

We take reasonable technical, administrative, and organizational measures to protect personal data against unauthorized access, loss, destruction, or misuse.

Security measures include:

  • Encryption of data in transit (HTTPS/TLS);
  • Secure storage of data at rest;
  • Access controls and password protection;
  • Regular monitoring and updates;
  • Data processing agreements with service providers.

However, no method of transmission over the internet or method of electronic storage is 100% secure. You use the Services and transmit your data at your own risk. We cannot guarantee absolute security.

  1. Data Breach Notification

If we discover a data breach that compromises your personal data, we will:

  • Notify you without undue delay (typically within 72 hours of discovery, or as required by applicable law);
  • Describe the nature of the breach and the data affected;
  • Recommend steps you can take to protect yourself;
  • Provide our contact information for further inquiries.

Notification will be sent via email to the contact information you provided, or posted on our website, or in‑app, depending on the nature of the breach.

  1. Third‑Party Links and Services

The Services may contain links to third‑party websites, apps, or services that are not operated by Vortex Lab.

  • This Privacy Policy does not apply to third‑party sites or services.
  • We are not responsible for their privacy practices, content, or security.
  • We recommend reviewing the privacy policy of any third‑party service before providing your data.
  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • The updated version will be indicated by a new “Last updated” date.
  • Material changes will be communicated to you via in‑app notice, email, or other reasonable means, as required by applicable law.
  • Your continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.
  1. Contact Information

If you have questions, concerns, or wish to exercise your privacy rights, contact:

Vortex Lab s.r.o.
Email: support@vortexlab.io

For EU/EEA users:
You also have the right to lodge a complaint with the competent data protection authority in your country.