1. Scope & Applicability
This Privacy Notice governs the CardMerge 2048 mobile application and any related services we operate. It sets out our obligations as a data controller and your rights as a player.
By downloading or launching the game, you acknowledge that you have read and understood this Notice. This document covers all interactions with the CardMerge 2048 platform — from the moment you install the app through every session you play — regardless of the device you use or the country from which you connect.
We periodically review and refresh this Notice to reflect changes in our practices and applicable law. The effective date displayed at the top of this page always represents the current, binding text.
2. Glossary of Key Terms
Capitalised terms throughout this Notice carry the meanings set out below, whether they appear in singular or plural form.
| Term | Definition |
|---|---|
| App / Game | The CardMerge 2048 mobile application available on supported platforms. |
| Player / You | Any individual who installs, accesses, or interacts with the App, or any legal entity on whose behalf such individual acts. |
| Personal Information | Any data that identifies or could reasonably be used to identify a natural person, directly or in combination with other information. |
| Session Data | Technical records generated automatically during gameplay, including move sequences, score milestones, session duration, and crash diagnostics. |
| Device | Any hardware capable of running the App, such as a smartphone, tablet, or compatible handheld console. |
| Third-Party Processor | An external organisation engaged by us to carry out specific data-processing tasks on our behalf under a binding data-processing agreement. |
| We / Our / Us | The company that publishes and operates CardMerge 2048. |
3. Information We Gather
Information You Provide Directly
When you register an account or contact our support team, you may share:
- •Email address — used to create and secure your player account and to send important service communications.
- •Display name or username — shown on leaderboards and in multiplayer features if you choose to participate.
Information Collected Automatically
Each time you launch CardMerge 2048, our systems automatically record Session Data to help us maintain a stable, enjoyable experience. This includes:
- •Internet Protocol (IP) address and approximate geographic region derived from it.
- •Device model, operating system version, and available memory.
- •App version, in-game events (tile merges, level completions, power-up usage), and session timestamps.
- •Crash logs and performance diagnostics that help us identify and resolve technical issues quickly.
- •Advertising identifiers (e.g. IDFA, GAID) where permitted by your device settings and applicable law.
None of this automatically collected data is sold to third parties or used to build profiles for purposes unrelated to operating and improving the App.
4. How We Use Your Data
We process your information only for the following specific, documented purposes:
- •Game Operation — delivering core gameplay, syncing progress across devices, and maintaining leaderboards.
- •Service Improvement — analysing aggregated Session Data to balance difficulty, optimise performance, and design future content updates.
- •Player Support — responding to help requests, investigating account issues, and resolving disputes.
- •Safety & Security — detecting cheating, fraud, and abuse; protecting the integrity of competitive play.
- •Communications — sending transactional messages (e.g. password resets, policy updates) and, where you have opted in, promotional notifications about new features or events.
- •Legal Compliance — meeting obligations imposed by applicable laws, court orders, or regulatory authorities.
We will not repurpose your data in ways incompatible with the purposes listed above without first providing you with fresh notice and, where required, obtaining your consent.
5. Data Retention
We apply a tiered retention framework aligned with the sensitivity of each data category and the purpose for which it was collected:
- •Account information is held for the lifetime of your active account, plus a 90-day grace period following deletion to allow for dispute resolution.
- •Session Data and gameplay analytics are retained in identifiable form for up to 24 months, after which they are aggregated and anonymised for long-term trend analysis.
- •Support correspondence is kept for 36 months from the date of resolution to assist with any follow-up enquiries or legal proceedings.
- •Financial transaction records (where applicable) are retained for the period required by tax and accounting regulations in the relevant jurisdiction.
When a retention period expires, data is securely deleted or irreversibly anonymised. We do not retain data without a defined purpose — every category has a clear end date or anonymisation trigger.
6. Cross-Border Data Transfers
CardMerge 2048 is a global game. To deliver a seamless experience worldwide, your data may be stored on servers or processed by Third-Party Processors located outside your home jurisdiction — including countries whose data protection frameworks differ from your own.
Whenever we transfer Personal Information internationally, we put appropriate safeguards in place, which may include:
- •Standard Contractual Clauses approved by the European Commission.
- •Adequacy decisions recognising the destination country's data protection standards.
- •Binding corporate rules or other legally recognised transfer mechanisms.
By continuing to use CardMerge 2048 after reading this Notice, you acknowledge that such transfers may occur. If you have questions about the specific safeguards applied to your data, please contact us using the details in Section 13.
7. Your Rights & Controls
Depending on your location, you may be entitled to one or more of the following rights regarding your Personal Information:
- •Right of Access & Data Portability — request a copy of the Personal Information we hold about you.
- •Right to Rectification — ask us to update inaccurate or incomplete data.
- •Right to Erasure ("Right to be Forgotten") — request deletion of your Personal Information.
- •Right to Restriction of Processing — ask us to limit how we use your data in certain circumstances.
- •Right to Object — object to processing based on legitimate interests.
- •Right to Withdraw Consent — where processing is based on your consent, you may withdraw it at any time.
To exercise any of these rights, navigate to Settings → Account → Privacy within the App, or submit a written request to the email address listed in Section 13. We will acknowledge your request within 72 hours and aim to fulfil it within 30 days, or notify you if an extension is needed.
Please be aware that certain rights are subject to limitations. For example, we may decline an erasure request where retention is required by law or where the data is necessary to resolve an ongoing dispute.
8. Disclosure of Your Data
Regulatory & Legal Demands
We may be compelled to disclose Personal Information in response to a valid court order, subpoena, or binding directive from a governmental body or law enforcement agency. In such cases, we will disclose only the minimum data required and, where legally permissible, notify you before complying.
Protection of Rights & Safety
Outside of mandatory legal demands, we may share data with relevant parties when we have a genuine, good-faith belief that doing so is necessary to:
- •Enforce our Terms of Service or investigate suspected violations.
- •Safeguard the physical safety of any player, our staff, or the general public.
- •Defend against fraudulent, abusive, or unlawful activity targeting the App or its community.
- •Protect our intellectual property rights or respond to claims of infringement.
- •Limit our exposure to legal liability in connection with the App.
9. Data Security
We implement a layered security programme that includes encryption of data in transit (TLS 1.2+) and at rest, access controls based on the principle of least privilege, regular penetration testing, and incident response procedures designed to minimise harm in the event of a breach.
That said, no digital system is completely immune to attack. We cannot provide an absolute guarantee of security, and we encourage you to use a strong, unique password for your CardMerge 2048 account and to enable any two-factor authentication options we make available.
If you believe your account has been compromised, please contact us immediately at the address in Section 13 so we can take prompt action.
10. Players Under 13 Years of Age
If a parent or legal guardian discovers that their child has created an account or submitted data without appropriate consent, we ask them to contact us immediately. Upon verification, we will promptly delete the relevant account and all associated data from our systems.
In jurisdictions where a higher age threshold applies — or where parental consent is required for players above 13 but below the local age of digital consent — we will obtain the necessary consent before processing that player's data.
11. External Links & Third-Party Services
CardMerge 2048 may display links to external websites, social media platforms, or partner services — for example, links to community forums, promotional campaigns, or app-store pages. These destinations operate under their own privacy policies, which we do not control and for which we accept no responsibility.
We strongly recommend reviewing the privacy notice of any third-party site before submitting personal information to it. The presence of a link within our App does not constitute an endorsement of that site's privacy practices.
12. Amendments to This Notice
We reserve the right to revise this Privacy Notice at any time. When we make material changes — such as introducing a new category of data collection or a new sharing arrangement — we will alert you through one or more of the following channels:
- •An in-app notification displayed prominently at next launch.
- •An email to the address associated with your account (where applicable).
- •An updated "Last Updated" date at the top of this Notice.
Minor, non-material clarifications may be made without separate notification. We encourage you to revisit this page periodically. Continued use of CardMerge 2048 following the effective date of any revision constitutes your acceptance of the updated terms.
13. Contact Us
If anything in this Privacy Notice is unclear, or if you wish to exercise any of your data rights, our privacy team is ready to assist. We aim to respond within one business day.