PRIVACY POLICY

Last updated: March 16, 2026

In effect from: March 17, 2026

First things first

  1. Those who play our games or use our sites are our absolute priority. We want you to feel safe and comfortable when you give us your data. Below you will find everything you need to know in this regard. If you have more questions, write to us at dpo@topapp.games. 
  2. If you reside in the United States, please read the “Your United States privacy rights” section below for important information about your rights under applicable US state consumer privacy laws.

What this policy is about

  1. This Privacy Policy describes how we collect, store, use, share and otherwise process your personal data collected through our digital or online properties or services that link to this Privacy Policy (the Policy).
  2. We apply the rules described in this Policy when you use our services as follows (the Services):
  1. play our games for web and mobile environments, as well as web and mobile applications (each, an App)
  2. visit our websites or social media profiles (each, a Site)
  3. contact our customer service or technical support
  4. use other services and products that we offer
  1. This Policy doesn’t apply to cases where we have separate regulations concerning privacy:
  1. www.topapp.games website – Privacy Policy
  2. to external websites and links contained in our Services
  3. to the processing of your personal data by certain service providers and partners of ours (such as some of our advertising partners, check the details below)
  1. We may provide additional disclosures or information about our collection and processing of your personal data (e.g. for advertised events or contests). These notices may supplement this Privacy Policy or clarify our processing practices.

Who we are

  1. By “we”, “our”, “us” we mean Top App Games Ltd. and our subsidiaries and affiliates. Our main office is in Cyprus, at "Andrea Miaouli, 52, Flat/Office 101, Lakatamia, 2320 Nicosia, Cyprus.
  2. If you use our Services and give us your data, we act as a data controller or joint controller. This means that:
  1. we decide (by ourselves or jointly with others) how and what we’ll use your data for and who we’ll share it with
  2. we are responsible for processing it in a lawful way
  3. We are responsible for its security
  4. we will give you all the necessary information
  5. we let you exercise your rights in relation to your data

Contact Us

  1. If you have any questions or concerns about this Policy, including those related to exercise any of your rights, please contact us through the game’s Help & Support so we can reply to you more quickly.
  2. You can also reach us by email at dpo@topapp.games or by post: 2 Pavlou Nirvana & Agias Fylaxeos, 1st Floor, Katholiki, Limassol 3021, Cyprus

How we use your data

  1. We process your data in various ways depending on the particular purpose for which your personal data is being processed, the country in which you reside and the specific context in which such data was collected.

By “processing” we mean any action that we perform on your data, e.g. collecting, viewing, using for a selected purpose, sharing with others, deleting or just storing it. The full definition of processing can be found in Art. 4 (2) of GDPR.

  1. We may process your personal data based on one or more of the following legal bases (we have included some examples):
  1. Your consent: in limited cases we will process your personal data based on your permission. You may withdraw your consent any time by contacting us at dpo@topapp.games. Please note, that withdrawal of your consent may affect your access to our Services and (or) their part.
  2. Contract performance (Contract): we may process your personal data to fulfill our contractual obligation to you for activities such as making Services available to you, management of your account and other operational purposes based on the present Policy.
  3. Legitimate interest: we will process your personal data based on our legitimate interests, for example, in maintaining and improving our Services and offerings, including improving our customer service and support operations, for research and development, including understanding how our Services are used, matching users to create in-game friends lists, for compliance and protection, including, business risk evaluation, fraud detection and protecting and securing our users, ourselves and our Services. When relying on this legal basis, we first determine that we have a legitimate interest in conducting and managing our business. We then consider and balance potential impacts to you and your rights, to ensure that our interests do not override them.
  4. Legal obligation. We may be obligated to process some of your personal data to comply with applicable laws and regulations.
  1. We may use your personal data for the following purposes or as otherwise described at the time of collection:
  1. Service delivery and operations. We may use your personal data to facilitate, operate, optimize and provide our Services, including to proceed with your request to set up an account with us; to authenticate the identity of our users, and allow them access to additional features or functionalities; to establish and maintain your user profile on the Services; to provide our users with customer care, assistance and technical support services; to enable you to interact with other users in the game and create an in-game friends list, as well as sharing your in-game data with other users; to communicate with you about the Services, including to contact our users with service-related messages (such as purchase confirmations, support, technical or administrative messages, or system maintenance notices).
  2. Research and development. We may use your personal data for research and development purposes, including to analyze and improve the Services and our business and to develop new products and services. As part of these activities, we may create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data, which we or our service providers may use for our lawful business purposes, including to analyze to provide and improve our respective services and promote our business.
  3. Compliance and protection. We may use your personal data to comply with any applicable laws and regulations, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; to protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); to audit our internal processes for compliance with legal and contractual requirements or our internal policies; to enforce the terms and conditions that govern the Services; and  to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
  4. Marketing and advertising. Our games include advertising for third party services and products, and we also use third party services and products to serve ads on our behalf. We and our third-party advertising partners may use information about you to improve your user experience; improve our advertising practices and make the ads we deliver within our games more effective, and, more relevant and less repetitive; measure and analyze the effectiveness of, and the costs associated with, the ads you see in our Services and those that are placed on our behalf in our advertising partners’ online assets (such as their own websites or mobile applications).
  1. Below you can find some basic examples about the legal basis we act on as well as why we process your data (Purpose) and what categories of data we use for this purpose (Data):
Data Purpose Legal Basis
Contact data (name; email and/or phone number if applicable) Service delivery and operations

Contract

Profile data (username; age/date of birth where required under applicable law; links to your profiles on social media; language preferences)

Service delivery and operations

Contract

Consent

Legal obligation

Communications data (based on our exchanges with you, including when you contact us through the Services, communicate with us via chat features, social media, or otherwise; information created by placing requests to our technical and/or service support).

Service delivery and operations

Research, improvement or development of our Services		 Legitimate interest

Social network account data (your social network ID, application store ID, when you register in our Services via your social or application store accounts and/or connect your social media to our Services)

Service delivery and operations

Research, improvement or development of our Services

Contract

Legitimate interest

Feedback about our Services and promotion data (when you reply to surveys or fill forms or participate in our interviews. Please note that if you participate in our advertised events, contests or giveaways through the Services, we may ask you for your contact data to notify you whether you win or not, to verify your identity, determine your eligibility, and/or to send you the relevant rewards. In some situations, we may need additional information as a part of the entry process. These contests are voluntary. You must read the rules and other relevant information for each contest that you enter).

Research, improvement or development of our Services

Targeting and customization of marketing information		 Consent

User-generated content data (e.g., your comments, questions, messages, and other content or information that you generate, transmit, or otherwise make available on the Services or otherwise. This may include your progress in Apps when you post on our public forums or groups (e.g., on social media) or when you interact with other users through the in-Apps chat or within the Apps)

Service delivery and operations

Research, improvement or development of our Services

Legitimate interest

Contract

Transactions data (purchase history; purchase ID; amount spent; currency; date & time; vouchers or offers used)

Service delivery and operations Contract

Legal obligation

Marketing data (your preferences for receiving our marketing communications and details about your engagement with them).

Targeting and customization of marketing information Consent

Device data (your IP address and unique mobile device identification numbers (such as your device ID, advertising ID, MAC address); data about your device, such as manufacturer, operating system, CPU, RAM, browser type and language, current time)

Research, improvement or modification of our Services Legitimate interest

Consent

Usage data (broad location data (country-city level); data about the build version; play date and time; diagnostic data provided by external platforms)

Research, improvement or modification of our Services Legitimate interest

How long we store your data

  1. While data protection laws may vary between jurisdictions, we have taken reasonable steps to ensure that your personal data is treated in a secure manner, and in accordance with common industry practices, regardless of any lesser legal requirements that may apply in their jurisdiction.
  2. We retain your personal data for only as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting purposes (e.g., as required by laws applicable to record and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuation of use, or for fraud prevention purposes). To determine the appropriate retention period for personal data, we may consider factors such as the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  3. Please note that except as required by applicable law, we will not be obligated to retain your personal data for any particular period, and are free to securely delete it for any reason and at any time, with or without notice to you.
  4. You may request to remove your data on our Services by contacting us at dpo@topapp.games. Please note that such withdrawal does not have any impact on the validity of the consent before withdrawal, and we reserve the right to process your personal data on another lawful basis if permitted by applicable law. Please also note that uninstalling our game (or any application related to our Services) from your device does not automatically result in consent withdrawal or any deletion of your personal data from our servers.
  5. In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you and it is no longer considered personal data.

Data sharing

  1. We may disclose your personal data to the following categories of recipients and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection:
  1. to our subsidiaries and affiliated companies (companies owned or operated by us);
  2. to other users of our games. Such users will be able to see your public profile information, user-generated content data (except for any private messages) such as your name and profile picture, certain in-game information, such as your game status, scores and awards, in-game actions, your general location (at state or country level), and other information, where we have your consent;
  3. to third party service providers who need to have access to information for the purpose of providing services on our behalf, and in accordance with our documented instructions. Such service providers may include, without limitation, providers of services in the following fields of service: data hosting, data analytics, marketing and email distribution, data and cyber security, fraud detection and prevention, payment processing, customer support (e.g. AI agent chat functionality providers), content moderation, testing, user engagement, monitoring, session recording and business, legal and financial compliance (e.g., to our accounting and auditing firms). In certain circumstances, service providers may process some of your personal data for their own purposes, or by determining the means required for the processing. For example, our payment processors process your personal data to provide us payment services, but they may also process such data for fraud detection purposes or for the purpose of carrying out your direct payment instructions. In those circumstances, we make sure that the purposes indicated by those service providers are compatible with our Services. Please note that different privacy policies may apply in such circumstances, and we recommend that you review those upon their provision by the service providers. We do not sell your personal information to third parties;
  4. to our advertising partners, for the interest-based advertising purposes described above;
  5. to partners, with whom we may sometimes share your personal data or enable partners to collect information directly via our Services. For example, social network platforms with which we integrate;  
  6. to any competent law enforcement body, regulatory, government agency, court or another third party that we believe in good faith to be necessary or appropriate if the information is required by law in order to prevent, investigate, or to establish or exercise our legal rights or to defend against legal claims;
  7. to our professional advisors, such as lawyers, accountants, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us;
  8. to an actual or potential buyer (and its agents and advisers) in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets or other corporate change, including, during the course of any due diligence process, and provided that we inform the buyer it must use personal data only for the purposes disclosed in this Privacy Policy; and
  9. to any third parties designated by you, i.e., we may share your personal data with third parties where you have instructed us or provided your permission to do so.
  1. For the avoidance of doubt, we may share your personal data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous. We may provide aggregated data concerning user behavior (e.g. sales data for particular regions) to selected partners. In such cases the partner has no way of identifying you, so your personal data is not processed.

Processing data abroad

  1. Your personal data may be maintained, processed, accessed and stored by us and our service providers, advisers, partners (including payment and advertising partners), or other recipients of data in countries other than the country in which you are resident, including countries outside the European Economic Area (“EEA”) and the United Kingdom (“UK”), where necessary for the proper delivery of our Services or as required by law. These countries may have data protection laws that differ from those in your country of residence and, in some cases, may not provide the same level of protection. Where your personal data is transferred outside the EEA or the UK, we ensure that appropriate safeguards are in place so that your personal data remains protected in accordance with this Privacy Policy and applicable data protection laws.
  2. In particular, where we transfer personal data outside the EEA/UK, we rely on one or more of the following safeguards, as appropriate:
  1. Adequacy decisions. Transfers to countries or territories that have been formally recognized by the European Commission or the UK Government as providing an adequate level of protection for personal data.
  2. Standard contractual clauses and equivalent safeguards. Transfers to countries without an adequacy decision may be protected by standard contractual clauses approved by the European Commission and/or the UK Government (including the UK International Data Transfer Addendum or IDTA), together with, where required, additional technical and organizational measures designed to ensure an essentially equivalent level of protection.
  3. EU-US Data Privacy Framework and UK Extension, where applicable, for transfers to organizations in the United States that are certified under the relevant framework.
  1. Where personal data is transferred to service providers or partners who further engage sub-processors, we ensure that such onward transfers are subject to equivalent contractual and legal safeguards.
  2. You may request further information about the specific safeguards applied to the transfer of your personal data, including a copy of the relevant transfer mechanism, by contacting us at dpo@topapp.games.

What we don’t do with your data

  1. Processing children’s data. We don’t knowingly collect the data of persons below the age of 16. In the case of persons who are at least 16 years old but not of legal age, we require the consent of the parent or carer. If you are a parent or a carer and you have questions concerning the processing of data of the person in your care, let us know at dpo@topapp.games.
  2. Processing financial data. We don’t process any information concerning your payments. The data you provide when making purchases remains on the side of the payment operator. If you make a purchase as part of our Services, we will be informed by your payment operator of the fact and we will make sure your order is delivered. We won’t get any of your financial data in the process. We only collect information concerning transaction dates, currencies and the value of transactions and products concerned.
  3. Processing sensitive information. We ask that you do not provide us with any sensitive types of personal data (e.g., health-related information, information related to racial or ethnic origin, political opinions, religion or other beliefs, criminal convictions information etc.) – whether through the Services or otherwise. For example, please do not input any of these types of sensitive information in any free-text ‘message’ fields via which you can communicate with us on the Services (e.g., using any ‘Contact Us’ functionality or similar).
  4. We do not sell your personal information for monetary gain.

Your rights

  1. You have control over your data. Below we list your rights and situations in which you can exercise them. You can do it on your own, using the features available in some of our Services or contacting us directly at dpo@topapp.games.
Right When you can exercise it
of access to data in any situation
of rectification if the data is incorrect, outdated or incomplete
of deletion
  • if you withdraw the consent on which the data processing is based
  • if you object to the processing of your data
  • if we processed your data unlawfully
  • if we should delete the data to meet our legal obligation
to restriction of processing
  • if the data is incorrect - for the period enabling us to check if they are correct
  • if the data was processed unlawfully, but you don’t want them to be deleted
  • if we no longer need your data, but you may need it to pursue or defend against claims
  • if you object to the processing of your data - until it’s determined whether our interest outweighs the basis for your objection
to data transfer

if the processing is based on consent or a contract we entered and takes place in an automated way

to object

if we process your data on a legitimate interest and the objection is justified by your special circumstances

right to withdraw consent in any situation
to complain

you can always lodge a complaint with the Office of the Commissioner for Personal Data Protection (tap here) or with a local personal data protection office in your country of residence

  1. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. To protect your privacy and security and process your request, we may request specific information and take reasonable steps to verify your identity before processing your request. Whether or not we are required to fulfill any request you make will depend on a number of factors (e.g., why and how we are processing your personal data). If we reject any request you may make (whether in whole or in part) we will let you know our grounds for doing so at the time, subject to any legal restrictions. We may refuse to comply with the request if your request is unfounded or excessive.

Security of your data

  1. In order to protect your personal data, we use a number of technical and organizational  measures, including encryption where deemed appropriate. However, please be aware that regardless of any technical and organizational measures used, we cannot and do not guarantee the absolute protection and security of any personal data processed by us or by any third parties on our behalf.
  2. If you discover any security or vulnerability issues related to the Services - please contact us by email at dpo@topapp.games.

Changes to this policy

  1. This Privacy Policy was last changed on the date set forth at the top of this Privacy Policy.
  2. We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. The amended version of this Privacy Policy, which will be posted on our Services, will be effective as of the published effective date. In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

Your United States privacy rights

  1. We have included this section below to inform you about additional rights regarding our use of your personal information under U.S. applicable privacy regulations and consumer protection laws. This Section applies only to visitors and users of our Services who reside in the United States of America. Below, we explain our privacy practices and your rights regarding the collection, use and disclosure of your personal information.
  2. For purposes of this section, “personal information” has the meaning given to “personal data”, “personal information” or similar terms under the applicable privacy laws of the state in which you reside.
  3. We described the categories of personal information we process and the purposes for which we may use said data in the “How we use your data” section, which you may find in this Privacy Policy above.
  4. We obtain personal information from various sources, including, but not limited to:
  1. directly from you, e.g. information you give us when registering within our Services;
  2. directly or indirectly from your activities on our Services;
  3. from our vendors, affiliates, business partners that help deliver our Services to you;
  4. social media, other platforms and other third-party accounts, if you choose to link with them.
  1. We do not sell your information for monetary gain. Under certain state laws (including California), if we disclose personal information to a third party for any benefit, this can be considered a “sale” or “share” of personal information, even if the third party does not use the personal information for any other purpose. We “share” personal information if we disclose personal information to a company for purposes of cross-context behavioral advertising. You can find information on the reasons why we may disclose personal information, including over the preceding 12 months, in the “Data sharing” section of this Privacy Policy above.
  2. Request to opt out. While we do not sell your personal information for monetary gain, you have the right to opt out of our “sale” or “sharing” of your personal information (as defined under California or other US state legislation) to our analytics and advertising partners. To exercise this right, you can adjust your browser settings or contact dpo@topapp.games.
  3. We do not process any sensitive personal information or information about your financial data.
  4. Request to know/access: In addition to the other rights mentioned in this policy, you have the right to request to know (i) the personal and sensitive information we have collected about you and our purposes of use; and (ii) the categories, sources, and third parties involved in personal information we have collected about you or “sold” or disclosed in the past 12 months. You may exercise your right to request to know twice a year, free of charge.
  5. Shine the light. California residents may also request information from us once a calendar year about any personal information shared with third parties for their own direct marketing purposes. We don’t share information with third parties for their own marketing uses, but please email us at dpo@topapp.games if you have questions.
  6. How to exercise your rights. You may submit requests to exercise your rights in respect to your personal information via email to dpo@topapp.games. The rights described above are not absolute, and in certain cases, we may decline your request as permitted by law. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. You may also have the right to appeal any denial of your request in the same manner through which you may submit a request.
  7. Following the provisions of the applicable law, we might also ask you to prove your identity (for example, by requesting your user ID or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual personal data subject or an authorized person.
  8. Please note that not all rights listed below may be afforded to all users and that if you are not a resident of the relevant states, you may not be able to exercise these rights. In addition, we may not be able to process your request if you do not provide us with sufficient detail to allow us to confirm your identity or understand and respond to it.

Previous versions of the page