Privacy Policy

PRIVACY POLICY STUDIO 555 AB Last updated: May 2026 This Privacy Policy describes how Studio555 AB (“Studio555,” “we,” “us,” or “our”) collects, uses, and shares your personal data, and explains your rights in relation to that data. This Privacy Policy applies to personal data processed by us in connection with our mobile application and related online services (collectively, the “Services”). Studio555 AB is the data controller responsible for your personal data under this Privacy Policy. | 1 POLICY CONTENT: 1. Updates to This Privacy Policy 2. Personal Data We Collect 3. How We Use Your Personal Data 4. Legal Bases for Processing (GDPR) 5. How We Share Your Personal Data 6. Your Privacy Rights 7. International Transfers of Personal Data 8. Retention of Personal Data 9. Children’s Privacy 10. Third-Party Services 11. Local Notices 12. Contact Us 1 UPDATES TO PRIVACY POLICY We may update this Privacy Policy from time to time. When we make changes, we will update the “Last Updated” date above and notify you as required under applicable law, including by posting a notice in the Services prior to the change taking effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy. 2 PERSONAL DATA WE COLLECT The personal data we collect depends on how you interact with our Services and the requirements of applicable law. Personal Data You Provide to Us • Support communications: name, email address, or other contact details you provide when contacting us for support or other enquiries. • Survey responses: if you choose to participate in optional surveys or feedback requests. • Profile information: username, profile photo or avatar, and other optional profile details you choose to add. • Any other personal data in user-generated content such as comments, replies, posts, reactions, reports, and other content or communications you submit through community features. Personal Data Collected Automatically • Install identifier: when you install the app, we generate a random identifier unique to that installation. This identifier is not linked to your identity and is permanently discarded if you uninstall and reinstall the app. It is used solely to maintain your session and app state during use. • Device and technical data: IP address, device type, operating system, and mobile carrier. • Usage data: in-app activity, features used, progress, session length, screens visited, and interactions within the Services. | 2 • Community interaction data: profile changes, comments posted, reactions, reports, blocks, moderation status, and interactions with other users and community features. • Crash and diagnostic data: if the app crashes or encounters an error, we collect diagnostic information such as device type, operating system version, app version, and a record of the error. This data does not include content you have created within the app. • Approximate location: derived from IP address only. We do not collect precise GPS location. Data from Third Parties • Analytics and diagnostics providers may supply aggregated or device-level data to help us maintain and improve the Services. 3 HOW WE USE YOUR PERSONAL DATA We use your personal data for the following purposes: Providing the Services • Enabling access to app features and content • Providing customer and technical support • Communicating with you about the Services, relevant policy changes, community activity, reports, and moderation decisions Improving and Developing the Services • Analysing usage patterns to understand how users interact with our app • Identifying and fixing bugs and technical issues • Developing new features, content, and services • Conducting internal research and analytics Safety and Security • Detecting, investigating, and preventing spam, abuse, harassment, impersonation, unlawful content, security incidents, and violations of our community rules • Reviewing, moderating, restricting, or removing user profiles, profile photos, comments, and other user-generated content • Receiving and actioning user reports, blocking requests, and other safety-related communications Legal and Compliance • Complying with applicable laws and regulations • Responding to lawful requests from authorities • Establishing, exercising, or defending legal claims | 3 4 LEGAL BASES FOR PROCESSING (GDPR) If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR) and applicable national law: • Performance of a contract: processing necessary to provide the Services to you, including customer support, including community features. • Legitimate interests: processing to operate, maintain, improve, moderate, and secure the Services, prevent fraud, spam, abuse, and violations of our community rules, conduct analytics, and communicate with you about the Services — where our interests are not overridden by your rights and interests. • Compliance with legal obligations: processing required to meet our obligations under applicable law. • Consent: where we rely on your consent (e.g., for certain communications or optional data uses), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. 5 HOW WE SHARE YOUR PERSONAL DATA We do not sell your personal data. We may share your personal data with the following categories of third parties: Other Users and Public Community Areas When you use community features, your display name, profile photo, comments, and other content you choose to post may be visible to other users and may be associated with your activity in the Services. You are responsible for the content you submit and should not post personal data about yourself or others unless you have the right to do so and are comfortable with that information being visible in the Services. Service Providers We share data with trusted vendors and service providers who process data on our behalf, including cloud infrastructure providers, analytics providers, crash and diagnostics providers, customer support platforms, and content moderation providers. These parties are contractually bound to process data only as instructed by us and in accordance with applicable data protection law. Legal and Regulatory Authorities We may disclose personal data to law enforcement, courts, or regulators where required by applicable law, court order, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others. Business Transfers In the event of a merger, acquisition, reorganisation, or sale of all or part of our business, your personal data may be transferred as part of that transaction. We will notify you as required by applicable law. Affiliates | 4 We may share personal data with our corporate affiliates for purposes consistent with this Privacy Policy. 6 YOUR PRIVACY RIGHTS Depending on where you are located, you may have the following rights in relation to your personal data: • Right of access: to obtain a copy of the personal data we hold about you. • Right to rectification: to request correction of inaccurate or incomplete personal data. • Right to erasure: to request deletion of your personal data, subject to certain exceptions. • Right to restriction: to request that we limit our processing of your personal data in certain circumstances. • Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format. • Right to object: to object to processing based on legitimate interests or for direct marketing purposes. • Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time. To exercise any of these rights, please contact us as set out in Section 12 below. We will respond within the timeframe required by applicable law. If you are located in the EEA and believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with your local data protection authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, imy.se). In Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi). Push Notifications You may opt out of push notifications at any time by changing the notification settings on your mobile device. In-App Choices Certain data preferences can be managed directly within the Settings section of the app. 7 INTERNATIONAL TRANSFERS OF PERSONAL DATA Studio555 AB is headquartered in Sweden and operates primarily within the European Economic Area. However, some of our service providers are located outside the EEA. Where we transfer personal data to countries that have not been found to provide an adequate level of data protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) to ensure your data remains protected. For more information about the safeguards we use for international transfers, please contact us as set out in Section 12. | 5 8 RETENTION OF PERSONAL DATA We retain personal data for as long as necessary to provide the Services, fulfil the purposes described in this Privacy Policy, and comply with our legal obligations. When determining how long to retain data, we consider the nature and sensitivity of the data, the purposes for which it was collected, and applicable legal requirements. User-generated content, reports, and moderation records may be retained for as long as reasonably necessary to operate community features, enforce our rules, investigate abuse, protect users, or establish, exercise, or defend legal claims. If you delete content, we may retain limited copies where required for safety, security, legal compliance, backups, or dispute resolution. 9 CHILDREN’S PRIVACY Our Services are not directed to children under the age of 13 (or such other age as required by applicable local law). We do not knowingly collect personal data from children under this age. For an app that is not directed at children but may nonetheless appeal to younger users, we take additional steps to limit data processing when a player indicates they are under the applicable age threshold, including limiting or disabling access to community posting, profile photos, comments, user discovery, and similar social features where appropriate. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us as set out in Section 12. We will take prompt steps to delete such data. 10 THIRD-PARTY SERVICES Our Services may contain links to or integrations with third-party websites, applications, or services. These third parties have their own privacy policies and we are not responsible for their data practices. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Services. 11 LOCAL NOTICES If you are located in the Philippines, your personal data is processed in accordance with the Philippine Data Privacy Act of 2012 and related regulations. If you believe that our processing of your personal data does not comply with the Philippine Data Privacy Act of 2012 or applicable regulations, you have the right to lodge a complaint with the National Privacy Commission (NPC). If you are located in Australia, your personal data is processed in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you believe that our processing of your personal data does not comply with the Privacy Act and APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) If you are located in Canada, your personal data is processed in accordance with the applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. If you believe that our processing of your personal data does not comply with applicable Canadian privacy laws, you may have the right | 6 to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) or the relevant provincial privacy authority. 12 CONTACT US If you have any questions about these Terms, please contact us at: Studio555 AB, Luntmakargatan 26, 111 37 Stockholm, Sweden Email: legal@studio555.io We will endeavour to respond to all requests within 30 days. Where a request is complex or we have received a large number of requests, we may extend this period by a further two months, in which case we will notify you.