Effective Date: January 1, 2026
Last Updated: December 31, 2030

1. Introduction

PF Games ("PF Games", "we", "us", or "our") operates the mobile game Zooyale and related services, including this website and the tester application program (collectively, the "Service"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the Service.

This Privacy Policy applies to all users worldwide. Depending on your location, additional rights and obligations may apply under specific laws — see Section 14 (Regional Privacy Rights). Turkish users should also refer to our KVKK Aydınlatma Metni.

By using Zooyale, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Controller: PF Games Yazılım Teknolojileri Anonim Şirketi ("PF Games")
Trade Register: Ankara Trade Registry, Reg. No. 497566 — MERSIS 0729127584000001
Tax Office / VKN: İvedik Tax Office / 7291275840
Website: https://pfgames.io
Email: info@pfgames.io
Postal address: İvedikosb Mah. 2224 Cad. No: 1 İç Kapı No: 116, Yenimahalle / Ankara, Türkiye

3. Information We Collect

We collect the following categories of personal information:

3.1. Account & Identity Information

In-game username / nickname (auto-generated and editable)
Unity Authentication PlayerId (anonymous identifier minted by Unity Gaming Services)
Third-party platform identifiers — Apple Game Center player ID (iOS) or Google Play Games player ID (Android), only if you choose to link your account to that provider
Age range or date of birth (for age verification only — collected only if you trigger an age gate)
Profile picture or avatar (selected from an in-app catalog; no user-uploaded photos)
For tester applicants: name, email address and the optional profile fields you choose to provide on the application form (country, age range, platforms, hours available, gaming background, free-text answers)

Note: Zooyale signs you in anonymously by default; we do not collect an email address or password during sign-up. Facebook login is not supported.

3.2. Gameplay Data

Progress, levels, experience points
Character / mutant selections and stats
Match history and performance metrics (KDA, kills, damage dealt, placement, survival time, win/loss)
Virtual items, cosmetics, and in-game currency balances (COIN, GEM)
Achievements and leaderboard rankings
Friends list, team / lobby memberships (via Unity Friends Service)
Voice chat metadata via Unity Vivox — channel participation (lobby / team / proximity), local mute/volume preferences, push-to-talk events. Voice audio itself is transported in real time by Vivox and is not stored on PF Games servers.
Reports filed by you or against you (moderation records)

Note: Zooyale does not provide a free-text in-game chat feature. The only direct player-to-player communication channel is voice (Vivox).

3.3. Device & Technical Information

Device model, manufacturer, and hardware specs (CPU cores, RAM, GPU model, screen resolution)
Operating system and version (iOS, Android)
Firebase Cloud Messaging (FCM) push notification token — registered if you accept notification permission
IP address (server access logs only; not retained beyond operational log windows) and approximate region derived from it — no precise GPS coordinates are collected
Language and locale settings
Game version, build number, and graphics API in use
Crash logs, exception stack traces, error reports
Performance metrics — FPS samples, ping, quality-tier changes, scene load times
For tester applicants: browser user-agent string and a salted, daily-rotating hash of your IP address used only for spam / abuse detection

Note: Zooyale currently does not collect advertising identifiers (IDFA / GAID) and does not display an App Tracking Transparency (ATT) prompt because we do not run advertising SDKs and do not share data with ad networks.

3.4. Analytics & Behavioral Data

Collected via our proprietary analytics platform (PF Games Analytics, hosted at analytics.pfgames.io) only after you grant analytics consent in the in-app privacy prompt:

Session start / end / duration
Match lifecycle events (start, end, leave, win/lose, reconnect attempts)
Anonymous in-game position snapshots in map coordinates (X/Z) — used to build heatmaps; not real-world GPS
Matchmaking funnel (wait time, mode, team size, outcome)
Account-link funnel (attempted, succeeded, switched, declined, unlink)
Account-deletion funnel (requested, attempted, outcome)
Currency balance changes (COIN, GEM)
Version-gate prompt outcomes
FPS spike detection and auto quality-tier downgrades

You can withdraw consent at any time via Settings → Privacy. When you do, collection stops immediately and the pending event queue on your device is wiped.

3.5. Purchase & Transaction Data

Purchase history (item, amount, date)
Transaction amount and currency
Platform store transaction IDs (Apple App Store, Google Play)
We do NOT collect or store credit card or bank account information. All payment processing is handled directly by Apple or Google.

3.6. Support & Communication Data

Support tickets and correspondence
Email communications
Survey responses (voluntary)

3.7. User-Generated Content (UGC)

Usernames you choose / edit (subject to a profanity filter)
Real-time voice chat audio over Unity Vivox (lobby, team, and proximity channels) — transported in real time, not recorded by PF Games
Any text you submit through support / report flows or tester applications

4. How We Collect Information

Directly from you when you create an account, fill profile fields, contact support, submit a tester application, or make purchases.
Automatically as you use the Service (gameplay events, device data, analytics).
From third parties such as Apple (Game Center) or Google (Play Games) when you choose to link your account, from Unity Gaming Services (Authentication, Cloud Save, Friends, etc.), and from anti-cheat or fraud-prevention services.

5. Why We Process Your Data (Purposes and Legal Bases)

Purpose	Legal Basis (GDPR Art. 6)
Create and manage your account	Contract performance
Provide and maintain the Service	Contract performance
Matchmaking and game sessions	Contract performance
Process in-game purchases	Contract performance, legal obligation
Evaluate tester applications	Consent, legitimate interest
Customer support	Legitimate interest
Fraud, cheating, and abuse prevention	Legitimate interest, legal obligation
Service improvement and bug fixing	Legitimate interest
Security and integrity	Legitimate interest, legal obligation
Comply with legal obligations	Legal obligation
Marketing communications	Consent
Personalized content & offers	Consent
Aggregated/anonymized analytics	Legitimate interest

6. How We Share Your Data

We do not sell your personal information. We share data only in the following circumstances:

6.1. Service Providers (Processors)

We use trusted vendors for:

Cloud infrastructure and hosting (CDN, game servers, Addressables asset delivery)
Unity Gaming Services — Authentication, Cloud Save, Economy, Friends, Multiplayer, Leaderboards, Cloud Code, Remote Config
Unity Vivox — real-time voice chat
Google Firebase Cloud Messaging — push notification delivery
Our proprietary analytics (PF Games Analytics at analytics.pfgames.io) — telemetry, crash reporting
Customer support tools
Email delivery
Anti-cheat and fraud detection

These providers process data on our behalf under written contracts.

6.2. Platform Providers

Apple — App Store, Apple Game Center (only if you choose to link your account)
Google — Google Play, Google Play Games (only if you choose to link your account), Firebase Cloud Messaging

We do not integrate Facebook / Meta login or any third-party advertising SDKs.

6.3. Legal Requirements

We may disclose data:

To comply with court orders, subpoenas, or legal requests
To protect our rights, safety, and property
In response to lawful government requests
To investigate fraud, abuse, or violations of our Terms

6.4. Business Transfers

If PF Games is involved in a merger, acquisition, or asset sale, your data may be transferred. You will be notified before any such transfer changes how your data is handled.

6.5. With Your Consent

For any other purpose disclosed to you with your consent.

7. International Data Transfers

We may transfer, store, and process your information in countries other than your own, including Türkiye, the European Union, the United States, and other regions where our service providers operate.

For transfers out of the EEA, UK, or Switzerland, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Other lawful mechanisms under GDPR Chapter V

For users in Türkiye, transfers comply with KVKK Article 9 (see KVKK Aydınlatma Metni for details).

8. Data Retention

We retain personal data only as long as necessary:

Data Category	Retention Period
Active account data (Unity Cloud Save — profile, progression, match history)	While account is active
Inactive account data	3 years after last activity
In-app purchase (IAP) records	10 years (tax law)
Voice chat audio (Vivox)	Not stored — real-time transport only
Report / moderation logs	90 days
Crash logs and diagnostics	90 days
Analytics events	24 months, then anonymized
Push notification tokens (FCM)	Until invalidated by the OS or until account deletion
Support tickets	2 years after closure
Anti-cheat / ban records	5 years
Marketing consent records	Until consent withdrawn
Tester application data	Until the beta program closes + 12 months

After retention periods expire, data is deleted, anonymized, or destroyed.

9. Account Deletion

You have the right to delete your account and associated personal data at any time:

In-app: Settings → Account → Delete Account
Web: zooyale.com/account-deletion
Email: Send a deletion request to info@pfgames.io

Upon deletion:

Your current Unity Authentication PlayerId is signed out and your session is invalidated
If your account is linked to Apple Game Center or Google Play Games, that link is automatically removed
Cloud Save data (profile, progression, image ID) is archived and then deleted — the short-lived archive exists only for support / audit purposes and is destroyed thereafter
Personal data is deleted or anonymized within 30 days
Virtual items, currency (COIN, GEM), and progress are permanently lost and cannot be restored
Records required by law (IAP / purchase records, ban records, tax-required data) are retained per Section 8
Aggregated / anonymized analytics may be retained
A fresh anonymous session is created on the device so you can start over; uninstalling the app fully clears local data

Account deletion is irreversible.

10. Children's Privacy

Zooyale is not directed at children under 13 (or the equivalent minimum age in your jurisdiction, e.g., 16 in some EU member states under GDPR-K).

We do not knowingly collect personal information from children under the applicable age.
If you are a parent or guardian and believe your child has provided us with personal information, please contact info@pfgames.io and we will delete it.
For users aged 13–17 (or local minimum age – 17), parental consent may be required, and certain features (chat, social interaction, purchases) may be restricted.

For California users, we comply with the California Consumer Privacy Act (CCPA) requirements for minors under 16.

11. Data Security

We use technical and organizational measures to protect your data:

TLS/SSL encryption in transit
Encryption of sensitive data at rest
Access controls and authentication
Regular security audits and penetration testing
Backup and disaster recovery
Employee confidentiality agreements
Incident response plan

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Breach Notification: In the event of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law (within 72 hours under GDPR).

12. Your Privacy Choices and Controls

You can manage your privacy through:

In-game settings: Update your username and avatar, toggle voice chat / notifications, withdraw analytics consent, request account deletion (Settings → Privacy and Settings → Account).
Microphone permission (iOS / Android): Granted only when you first join a voice-chat-enabled lobby. Revoke any time via your OS settings; voice chat will remain receive-only.
Notification permission (iOS / Android 13+): Toggle from your OS notification settings or in-game Settings → Notifications.
Account link / unlink: Settings → Account lets you link or remove an Apple Game Center / Google Play Games connection without losing in-game progress.
Marketing emails: Unsubscribe link in every email (if and when sent).
Friend & social settings: Control visibility, friend requests, and per-player mute / volume in voice chat.

13. Tracking Technologies

We use limited tracking technologies in our mobile app:

SDKs for first-party analytics and crash reporting (gated on your explicit consent)
Local storage (Unity PlayerPrefs and Addressables cache) on your device for settings, downloaded assets, and progress
Push notification token issued by Firebase Cloud Messaging (only if you accept the notification permission)

We do not use traditional web cookies in the mobile app itself, we do not collect advertising identifiers (IDFA, GAID), and we do not integrate third-party advertising SDKs. This website also does not use tracking or advertising cookies.

14. Regional Privacy Rights

14.1. European Economic Area (EEA), United Kingdom & Switzerland — GDPR / UK GDPR

You have the following rights:

Right to access (Art. 15) — request a copy of your data
Right to rectification (Art. 16) — correct inaccurate data
Right to erasure / "right to be forgotten" (Art. 17)
Right to restriction of processing (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21) — including objection to direct marketing
Right to withdraw consent at any time
Right to lodge a complaint with your national data protection authority

To exercise these rights, contact info@pfgames.io. We will respond within one month.

14.2. California, USA — CCPA / CPRA

California residents have the right to:

Know what personal information is collected, used, shared, or sold
Delete personal information
Correct inaccurate personal information
Opt out of "sale" or "sharing" of personal information (we do not sell, but advertising identifiers may constitute "sharing")
Limit use of sensitive personal information
Non-discrimination for exercising rights

To exercise these rights, submit the Privacy Requests form or email info@pfgames.io.

We do not sell your personal information for monetary consideration. We do not have actual knowledge of selling or sharing the personal information of minors under 16.

14.3. Türkiye — KVKK (Law No. 6698)

For users in Türkiye, please refer to our separate KVKK Aydınlatma Metni (KVKK Information Notice). It contains specific information about your rights under KVKK Article 11, our application process, and the Turkish Data Protection Authority contact details.

14.4. Brazil — LGPD (Law No. 13.709/2018)

Brazilian users have rights similar to GDPR including access, correction, deletion, portability, and information about data sharing. Contact info@pfgames.io to exercise these rights. The data controller for purposes of LGPD is PF Games. Our Data Protection Officer (DPO) can be contacted at info@pfgames.io.

14.5. Other Jurisdictions

If you reside in a jurisdiction with applicable privacy laws (e.g., PIPEDA in Canada, PIPL in China, PIPA in South Korea, APPI in Japan, POPIA in South Africa, Australian Privacy Act, India DPDP Act), please contact us to exercise your rights under local law.

15. Third-Party Services

Our Service integrates with the following third-party services, each governed by its own privacy policy:

Apple: apple.com/legal/privacy — App Store, Apple Game Center (linking optional)
Google: policies.google.com/privacy — Google Play, Google Play Games (linking optional), Firebase Cloud Messaging
Unity Technologies (Unity Gaming Services & Vivox): unity.com/legal/game-player-and-app-user-privacy-policy — Authentication, Cloud Save, Economy, Friends, Multiplayer, Leaderboards, voice chat

We are not responsible for the privacy practices of these third parties.

16. Changes to This Privacy Policy

We may update this Privacy Policy. Material changes will be communicated through:

In-game notification
Email to your registered address (if available)
Notice on our website
Updating the "Last Updated" date at the top

For material changes affecting how we process your data, we will provide at least 15 days' advance notice. Continued use of the Service after the effective date constitutes acceptance.

17. Contact Us

General Privacy Inquiries:
Email: info@pfgames.io
Website: https://pfgames.io
Postal: PF Games Yazılım Teknolojileri A.Ş., İvedikosb Mah. 2224 Cad. No: 1 İç Kapı No: 116, Yenimahalle / Ankara, Türkiye

Data Protection Officer (if appointed): info@pfgames.io

KVKK-specific requests (Türkiye): See KVKK Aydınlatma Metni.

This Privacy Policy is published in English as the master version. Translations into other languages are provided for convenience. In case of inconsistency, the English version prevails, except where local law requires otherwise (e.g., KVKK matters governed by the Turkish-language document).