Privacy Policy

This Privacy Policy defines the principles of processing personal data of users of the "ExtraMafia" mobile application. The data controller is AP EDU Sp. z o.o., ul. Waryńskiego 26C, 43-180 Orzesze, Poland, KRS: 0000719206, Tax ID: 6342923975, REGON: 369507902. Contact with the Controller: - e-mail: rodo@extramafia.com - by mail: ul. Waryńskiego 26C, 43-180 Orzesze, Poland (with note "Personal Data")

Processed data: - Email address - Password (encrypted) - Username and avatar - Game history and statistics - Transaction data (in case of payments) - Device token (for push notifications) - Chat messages and communication between users Data is processed for the purpose of: - Enabling login and use of application features (legal basis: Art. 6(1)(b) GDPR) - Ensuring security (legal basis: Art. 6(1)(f) GDPR) - Providing social services (chat, rankings, friends) - Handling payments and microtransactions - Sending push notifications (based on consent) - Analysis and improvement of the application User passwords are stored only in encrypted form and are not accessible in plain text even to the Controller.

For security and application improvement purposes, the server may log: - IP address, timestamp, browser type - Application activity logs - Usage statistics (via Google Analytics/Firebase) - Error and crash reports Analytical data is processed in aggregated and anonymous form. It is not used for marketing purposes without your consent.

The application offers social features including: - Chat and communication between users - Friend system and player invitations - Rankings and statistics comparison - Sharing game results Chat messages are stored for the time necessary to provide the service. Users can delete their messages in account settings. We send push notifications only after obtaining your consent. You can withdraw consent at any time in device or application settings.

In case of making payments in the application: - Payment data is processed by secure payment providers - The Controller does not store credit card data - Only transaction information is saved (amount, date, status) - Invoices and receipts are available in transaction history Legal basis: contract performance (Art. 6(1)(b) GDPR) and legal obligations related to accounting (Art. 6(1)(c) GDPR).

Data is stored: - Account data: for the duration of the user account and up to 30 days after its deletion - Chat messages: until deleted by user or 2 years from sending - Transaction data: according to tax regulations (5 years) - Security logs: up to 12 months - Analytical data: in anonymized form without time limits

Users have the right to: - access to data - rectification or deletion of data - restriction of processing - objection to processing - data portability - withdrawal of consent (applies to push notifications) - file a complaint with the supervisory authority To exercise the above rights, contact us at: rodo@extramafia.com

Data may be processed by: - Hosting and cloud service providers - Payment service providers (for transactions) - Analytical service providers (Google Analytics, Firebase) - Push notification service providers - Application support entities All entities operate under data processing agreements and are obligated to protect your personal data.

We apply the highest security standards: - Data encryption in transmission (SSL/TLS) - Encryption of passwords and sensitive data - Server security and access control - Regular security audits - Monitoring of unauthorized access attempts Payment data is processed only by certified providers compliant with PCI DSS.

The application is not intended for persons under 16 years of age. If we learn that we are processing data of a person under 16, we take immediate action to delete it.

Some of our service providers may be located outside the European Economic Area. In such cases, we ensure appropriate safeguards in accordance with GDPR, including standard contractual clauses approved by the European Commission.

The Controller may change the Privacy Policy. Users will be informed about significant changes through: - Notification in the application - Email message - Push notification (if enabled) Changes take effect 7 days after notifying users.