Effective Date: 12 August 2025

NICMIT LTD (“NICMIT,” “we,” “us,” or “our”) is committed to safeguarding the privacy and personal data of users (“you,” “your,” or “user”) who access or use our mobile applications, associated services, and website (collectively, the “Services”). This Privacy Policy is intended to provide you with a comprehensive explanation of our data collection, use, disclosure, and protection practices in accordance with applicable privacy and data protection laws, including but not limited to the United Kingdom General Data Protection Regulation (“UK GDPR”), the European Union General Data Protection Regulation (“EU GDPR”), the California Consumer Privacy Act (“CCPA”), the Brazilian General Data Protection Law (“LGPD”), the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and the Singapore Personal Data Protection Act (“PDPA”), each as amended or superseded from time to time.

Your use of our Services constitutes your acknowledgement and acceptance of this Privacy Policy. If you do not agree with any provisions herein, you must immediately discontinue use of our Services.

1. Definitions

For the purposes of this Privacy Policy, the following definitions shall apply:

  1. “Applicable Laws” means all privacy, data protection, and related laws, regulations, and binding guidance applicable to NICMIT’s processing of Personal Data, including without limitation UK GDPR, EU GDPR, CCPA, LGPD, COPPA, PIPEDA, PDPA, and other equivalent laws in jurisdictions where users are located.
  2. “Personal Data” means any information relating to an identified or identifiable natural person, as defined under Applicable Laws.
  3. “Non-Personal Data” means information that does not identify an individual and cannot reasonably be used to determine identity, either alone or in combination with other information.
  4. “Processing” means any operation or set of operations performed on Personal Data, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
  5. “Controller” means the natural or legal person that determines the purposes and means of Processing Personal Data.
  6. “Processor” means a natural or legal person that Processes Personal Data on behalf of the Controller.
  7. “Third Party” means any person or entity other than the Data Subject, Controller, Processor, or persons authorised to process data under the direct authority of the Controller or Processor.
  8. “Cookies” means small text files stored on a device to retain information, track usage, and enable certain functionality.
  9. “SDK” means a software development kit embedded within our Services to provide certain functionality such as analytics, advertising, or social features.
  10. “Consent” means a freely given, specific, informed, and unambiguous indication of a Data Subject’s agreement to the Processing of their Personal Data.

2. Scope of This Policy

This Privacy Policy applies to all users of our mobile games, including without limitation those downloaded from Google Play Store, Apple App Store, Samsung Galaxy Store, Amazon Appstore, Huawei AppGallery, or other authorised distribution platforms, as well as to visitors to our website.

3. Data Controller

For the purposes of UK GDPR, EU GDPR, and equivalent legislation, the Data Controller is:

NICMIT LTD
Registered Office: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: hello@nicmit.com

4. Categories of Data Collected

A. Data You Provide Directly

  • Email address and name, if provided via email communication or the contact form on our website.
  • Any additional information voluntarily included in user communications.

B. Data Collected Automatically

Through use of our Services, the following may be collected:

  • Device type, operating system, and version.
  • Device identifiers (such as GAID or IDFA, where consented).
  • IP address.
  • Approximate geographic location (city/country level, non-individually linked).
  • Usage data including frequency of play, features accessed, and in-game actions.
  • Crash reports, diagnostics, and log data.

C. Data Collected via Third-Party SDKs

Our Services integrate third-party SDKs for advertising, analytics, and functionality. These may independently collect and process Personal Data in accordance with their respective privacy policies.

5. Cookies and Tracking Technologies

We use Cookies and equivalent tracking technologies for purposes including but not limited to:

  • Ensuring proper functionality of the Services.
  • Conducting analytics to improve Services.
  • Delivering personalised and non-personalised advertisements.

A detailed table of Cookies and SDK-based trackers, including provider, purpose, type, and retention period, is included in Annex A of this Policy.

6. Purposes and Legal Bases for Processing

Processing is undertaken for the following purposes:

  1. Service delivery – To operate, maintain, and provide access to our Services (Legal basis: Contractual necessity).
  2. Analytics – To monitor and analyse usage and trends (Legal basis: Legitimate interests; Consent where required).
  3. Advertising – To serve and measure personalised or contextual ads (Legal basis: Consent; Legitimate interests for non-personalised ads).
  4. Support communications – To respond to inquiries or complaints (Legal basis: Legitimate interests).
  5. Compliance – To fulfil legal obligations (Legal basis: Legal obligation).

A jurisdiction-specific breakdown of legal bases is set out in Annex B.

7. Data Sharing and Third Parties

We disclose Personal Data to the following categories of recipients:

  • Advertising networks and analytics providers: Google AdMob (link), Google Analytics for Firebase (link), AppLovin (link), Liftoff (link), Unity Ads (link), Meta Audience Network (link), Pangle (link).
  • Platform providers: Google Play, Apple App Store, Samsung Galaxy Store, Amazon Appstore, Huawei AppGallery (for distribution).
  • Service providers: Cloud hosting providers for website functionality.
  • Regulatory authorities: Where required by law or legal process.

8. International Data Transfers

Where Personal Data is transferred outside the UK/EEA, such transfers will be subject to:

  • Adequacy decisions issued by relevant authorities; or
  • Standard Contractual Clauses approved by the European Commission or UK Information Commissioner’s Office; or
  • Other lawful transfer mechanisms under Applicable Laws.

9. Data Subject Rights

Depending on your jurisdiction, you may have the following rights:

  • Access to your Personal Data.
  • Rectification of inaccurate or incomplete Personal Data.
  • Erasure (“right to be forgotten”).
  • Restriction of Processing.
  • Data portability.
  • Objection to certain Processing activities.
  • Withdrawal of Consent where Processing is based on Consent.

Jurisdiction-specific rights are detailed in Annex C.

10. Security Measures

We implement commercially reasonable technical and organisational measures, including HTTPS encryption for data transmission, access controls, and limited retention periods, to protect Personal Data against unauthorised access, loss, misuse, or alteration.

11. Data Retention

Personal Data is retained only for as long as necessary to fulfil the purposes outlined in this Policy, subject to Applicable Laws. Email correspondence is retained for a maximum of five (5) years unless a shorter period is required by law.

12. Children’s Privacy

Our Services are not directed at children under 13 years of age, and we do not knowingly collect Personal Data from such individuals.

13. Amendments to This Policy

We reserve the right to amend this Privacy Policy at any time. Material changes will be indicated by revising the policy text on our website.

14. Contact Information

For any inquiries or to exercise your rights, contact:
Email: hello@nicmit.com