top of page

Green Leap Games Privacy Notice

Green Leap Games AB Application: Hope's Adventure
Last updated: April 21, 2026

1. Who We Are

Green Leap Games AB ("we", "us", "our") is a Swedish company and the data controller for personal data collected through the Hope's Adventure mobile application (the "Application").

 

Contact: Email: contact@greenleapgames.com Support: www.greenleapgames.com/support

 

As a Swedish company, our lead supervisory authority under the EU GDPR is the Swedish Authority for Privacy Protection (IMY). See Section 13 for all regional supervisory authorities.

 

 

2. Scope

This Privacy Policy applies to all users of the Application. Country-specific rights and supervisory authorities are described in Section 13.

 

 

3. Information We Collect

3.1 Information You Provide

  • Account registration details (username, email address if provided)

  • Communications with our customer support team

 

Account creation is optional. Some features may require an account.

3.2 Automatically Collected Information

When you use the Application we automatically collect:

 

  • Device type, operating system version, and unique device identifiers (AAID on Android, IDFA on iOS)

  • IP address and approximate location (country/region level only)

  • Usage patterns, session duration, and in-game actions (e.g. screens visited, levels played)

  • Crash reports and performance diagnostics

3.3 Information from Third-Party Services

We receive limited data from:

 

  • Google Play / Apple App Store — purchase receipt verification

  • Unity Gaming Services (UGS) — account and authentication data

  • Google AdMob — ad delivery and performance data (where consent is given)

  • Meta (Facebook) SDK — install attribution and advertising measurement data (where consent is given)

  • TikTok for Business SDK — install attribution and advertising measurement data (Android; iOS pending; where consent is given)

3.4 Summary of Data Categories Collected

Identifiers: Device ID (AAID/IDFA), account ID, UGS player ID

 

Usage data: Levels played, screens visited, session duration, in-game actions

 

Diagnostics: Crash reports, error logs, performance metrics

 

Approximate location: Country / region (derived from IP address)

 

Network information: IP address, mobile network operator

 

Purchase receipts: Transaction ID, product ID (no payment card data — handled by Apple/Google)

 

 

4. How We Use Your Information

Providing and operating the Application: Performance of contract

 

Account management and authentication: Performance of contract

 

Analytics (Firebase Analytics):  Legitimate interests

 

Crash reporting (Firebase Crashlytics): Legitimate interests

 

Personalised advertising (AdMob): Consent

 

Advertising attribution and measurement (Meta SDK, TikTok SDK): Consent

 

Non-personalised advertising: Consent (EU/EEA/UK) / Legitimate interests (other markets)

 

Fraud prevention and security: Legitimate interests

 

Complying with legal obligations: Legal obligation

 

Sending service-related notices: Legitimate interests / contract

 

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your data protection rights and freedoms. You have the right to object to processing based on legitimate interests at any time by contacting contact@greenleapgames.com.

 

You may withdraw consent for personalised advertising at any time in the Application settings, without affecting the lawfulness of prior processing.

 

Note on advertising SDKs: Even for non-personalised ads, advertising SDKs (such as Google AdMob) may access device identifiers or local storage. In the EU/EEA and UK, such access is subject to consent requirements under applicable law (including the ePrivacy Directive). Our CMP obtains consent for this before any advertising SDK initialisation.

 

 

5. Third-Party Services

The following third-party providers process personal data in connection with the Application:

 

Google AdMob (Google LLC): Advertising

 

Google Analytics for Firebase (Google LLC): App analytics

 

Firebase Crashlytics (Google LLC): Crash and error reporting

 

Firebase Authentication (Google LLC): Account sign-in

 

Unity Gaming Services (Unity Technologies): Accounts, cloud save, economy

 

Google Play Games Services (Google LLC): Android account linking

 

Apple Game Center (Apple Inc.): iOS account linking

 

Meta Platforms, Inc. (Facebook): Install attribution and advertising measurement (iOS and Android)

 

TikTok for Business (ByteDance Ltd.): Install attribution and advertising measurement (Android; iOS pending)

 

Depending on the specific processing activity, these providers act as data processors (processing on our behalf) or as independent data controllers (processing for their own purposes). The role may vary per activity. We recommend reviewing their privacy policies. Google's privacy policy: policies.google.com/privacy. Unity's policy: unity.com/legal/privacy-policy. Meta's policy: www.facebook.com/privacy/policy. TikTok's policy: www.tiktok.com/legal/page/row/privacy-policy.

 

 

6. Advertising and Consent

The Application displays advertisements via Google AdMob.

 

  • EU / EEA and UK users: We request your explicit consent via a certified Consent Management Platform (CMP) before any advertising SDK initialisation. Consent covers: advertising identifiers (AAID/IDFA), cross-app tracking, and SDK-based data collection for advertising purposes. If you decline, no advertising identifiers are used for personalised advertising purposes. Note that advertising SDKs may still perform limited device access for contextual or anti-fraud purposes independent of personalisation consent.

  • iOS users (all markets): Apple's App Tracking Transparency (ATT) prompt is shown before any cross-app tracking takes place.

  • In addition to AdMob, we use the Meta (Facebook) SDK and TikTok for Business SDK for install attribution and advertising measurement. These SDKs are initialised only after consent (GDPR/UMP and ATT where applicable) and are subject to the same consent controls as AdMob.

  • California users: We do not sell your personal data. We may share device identifiers with AdMob, Meta, and TikTok for cross-context behavioural advertising, which constitutes "sharing" under the CPRA. You may opt out by declining personalised ads in the Application settings. We also honour Global Privacy Control (GPC) signals where technically feasible. See Section 13 (United States) for full CCPA/CPRA rights.

  • You can update your advertising consent preferences at any time in the Application settings.

 

 

7. Age Requirements

The Application is intended for users aged 13 and above. Where the laws of your country set a higher minimum age for digital services or data processing consent (for example, 16 in some EU member states), that higher age applies. We do not knowingly collect personal data from users below the applicable minimum age in their country.

 

Users who are minors (under 18, or under the age of majority in their country) must have parental or guardian consent to use the Application. This requirement is applied globally as a matter of company policy and may exceed local legal requirements in some countries. Parents are responsible for supervising minor use and purchases.

 

If we discover we have collected data from a user below the applicable minimum age, we will delete it promptly. Parents or guardians may contact contact@greenleapgames.com to request deletion.

 

 

8. Data Retention

Account data: Retained until account deletion is requested, then deleted within 30 days.

 

Analytics and usage data (Firebase): Up to 24 months, then deleted or irreversibly anonymised. Only truly anonymised data (where re-identification is not possible) may be retained indefinitely for aggregate reporting. Pseudonymised data (still potentially linkable to an individual) is subject to the same 24-month limit.

 

Crash/performance data (Crashlytics): Up to 90 days, then deleted.

 

Advertising identifiers: Up to 13 months, in line with Google's standard retention.

 

Financial transaction records: 7 years (required by Swedish law / applicable tax law).

 

We only retain data for as long as necessary for the purposes described in this Policy, or as required by applicable law.

 

 

9. International Data Transfers

Green Leap Games AB is based in Sweden (EU). Our third-party providers (Google, Unity Technologies) operate globally, including in the United States.

 

When personal data is transferred outside the EU/EEA or the UK, we ensure appropriate safeguards are in place:

 

  • EU-to-US transfers: Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914), supplemented by additional technical and organisational measures where required following the Schrems II ruling

  • UK-to-non-UK transfers: UK International Data Transfer Agreements (IDTAs) or addenda to SCCs where applicable

  • Adequacy decisions: where the European Commission or UK ICO has determined that the destination country offers adequate protection

 

Where third-party providers act as independent data controllers (e.g. Google, Apple, Unity, Meta, TikTok/ByteDance), they are responsible for their own compliance with applicable transfer rules. Note that TikTok/ByteDance is headquartered outside the EU/EEA; data transfers to ByteDance are subject to SCCs or equivalent safeguards.

 

 

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

 

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach

  • Notify affected users without undue delay where the breach is likely to result in a high risk to their rights

 

 

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or disclosure. These include access controls, encryption in transit, and regular security reviews. No method of electronic transmission or storage is completely secure. You are responsible for keeping your account credentials confidential and for the security of your device.

 

 

12. Your Privacy Rights

Subject to applicable law, you have the right to:

 

  • Access: request a copy of the personal data we hold about you

  • Correction: request correction of inaccurate or incomplete data

  • Deletion: request that we delete your personal data ("right to be forgotten")

  • Restriction: request that we restrict processing of your data

  • Portability: receive your data in a structured, commonly used, machine-readable format

  • Objection: object to processing based on legitimate interests

  • Withdraw consent: withdraw consent at any time, without affecting prior processing

 

To exercise any of these rights, contact: contact@greenleapgames.com

 

We will respond within 30 days (or as required by your country's law). We may ask you to verify your identity. You may also lodge a complaint with a supervisory authority (see Section 13).

 

 

13. Regional Rights and Supervisory Authorities

 

EU / EEA

Your data is processed under the EU General Data Protection Regulation (GDPR).

 

All rights in Section 12 apply in full.

 

You have the right to lodge a complaint with the data protection authority in your country of residence or place of work.

 

Automated decisions: We do not make automated decisions that produce legal or similarly significant effects for individual users.

 

 

United Kingdom

Your data is processed under the UK GDPR and Data Protection Act 2018.

 

All rights in Section 12 apply in full.

 

Supervisory authority: ICO, Information Commissioner's Office www.ico.org.uk | Tel: 0303 123 1113 | casework@ico.org.uk

 

 

Canada

Your data is processed under PIPEDA (Personal Information Protection and Electronic Documents Act) and applicable provincial privacy legislation.

 

You have the right to access your personal information and to withdraw consent for its use. To make a request, contact contact@greenleapgames.com.

 

Federal supervisory authority: OPC, Office of the Privacy Commissioner of Canada www.priv.gc.ca | info@priv.gc.ca

 

Quebec residents: Quebec's Act respecting the protection of personal information in the private sector (Law 25) provides additional rights, including rights related to automated decision-making. The provincial authority is: CAI, Commission d'accès à l'information www.cai.gouv.qc.ca

 

A French-language version of this Privacy Policy is available upon request at contact@greenleapgames.com.

 

 

United States

California residents have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

 

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, used, or shared about you in the past 12 months.

  • Right to Delete: Request deletion of personal information we have collected from you, subject to legal exceptions.

  • Right to Correct: Request correction of inaccurate personal information.

  • Right to Opt-Out of Sale/Sharing: We do not sell personal data for money. We may share device identifiers with Google AdMob, Meta (Facebook), and TikTok for Business for cross-context behavioural advertising, which constitutes "sharing" under the CPRA. You may opt out at any time by declining personalised ads in the Application settings.

  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by the CPRA.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

  • Opt-Out Mechanism: You may exercise your right to opt out of sharing by declining personalised ads in the Application settings. This is equivalent to a "Do Not Sell or Share My Personal Information" request. We also honour Global Privacy Control (GPC) signals where technically feasible.

 

To exercise these rights, contact: contact@greenleapgames.com We will respond within 45 days, extendable by an additional 45 days with notice.

 

Residents of other US states: We will honour valid privacy rights requests under applicable state privacy laws (including but not limited to Virginia CDPA, Colorado CPA, Texas TDPSA, Connecticut CTDPA) to the extent required by law.

 

 

14. Links and Third-Party Content

The Application may contain links to third-party websites or services. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party services you use.

 

 

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the Application, by in-app notice, or by email (if we have your address) at least 30 days before the changes take effect, where practicable. For changes required by law, notice may be shorter. Continued use of the Application after the updated policy takes effect constitutes acceptance of the changes.

 

 

16. Contact

Green Leap Games AB Email: contact@greenleapgames.com Support: www.greenleapgames.com/support

bottom of page