Our Services are directed to children under the age of 13. We do not require a child to disclose more information than is reasonably necessary to participate in our activities. For children under the applicable age of digital consent, personal data is processed exclusively on the basis of verifiable parental consent, collected during account creation or subscription activation.
Parental Control: Parents can review the personal information collected, ask for its deletion, and refuse further collection by contacting us at info@marshmallow-games.com.
No Behavioral Ads: We do not display targeted advertising to children within our apps.
We use third-party services to ensure the functionality, maintenance, and improvement of our Services. Below is the technical breakdown of the data processed:
These services enable us to monitor and analyze web traffic and user behavior. All analytics tools are configured in child-directed mode, with IP anonymization, disabled advertising identifiers, and without session recording for child users.
Google Analytics for Firebase: Processes application opens, updates, in-app purchases, and usage data. (Place: US/Ireland)
Amplitude Analytics: Processes cookies and usage data for UX optimization. (Place: US)
Appsflyer: Used for marketing attribution and installation analysis. (Place: Israel)
Smartlook: Records sessions and heat mapping to improve app usability. (Place: Czech Republic)
Meta Ads (Pixel) & Facebook Lookalike Audience: Tracks conversions from ads on Facebook/Instagram.
TikTok Conversion Tracking: Measures the effectiveness of ads on TikTok.
Facebook Custom Audience: Connects website activity with the Facebook advertising network.
Hosting: Amazon Web Services (AWS) – Secure storage and backend infrastructure. (Place: Germany)
Payments: RevenueCat, Adapty, Stripe, and Paddle. We receive payment notifications but do not store your credit card details.
Authentication: Sign in with Apple, Firebase Authentication, and Facebook Authentication.
Beta Testing: TestFlight (Apple) and Crashlytics (Google).
Messaging: Firebase Cloud Messaging and CleverTap for parental notifications.
Our websites use cookies to distinguish you from other users. Marketing and analytics cookies are activated only after explicit consent through a compliant Consent Management Platform (CMP).
Strictly Necessary: Essential for site navigation.
Functional/Analytical: Google Analytics (with anonymized IP). Google Tag Manager is used solely as a technical tool to manage tags and does not set cookies independently.
Targeting/Marketing: Meta and TikTok trackers (activated only upon user consent via the cookie banner).
Opt-out: Users can manage preferences via their browser settings or through initiatives like
If you reside in the U.S. (California, Virginia, Colorado, etc.), you have specific rights:
Right to Know & Access: You can request a list of personal information categories we collect.
Right to Delete: You can request the deletion of your data.
Right to Opt-Out: You can opt-out of the “sale” or “sharing” of personal information for targeted advertising.
Sensitive Data: We only process sensitive information (like payment info) to provide the requested service.
In compliance with the “Lei Geral de Proteção de Dados” (LGPD), Brazilian users have the right to confirmation of processing, access, rectification, and portability of their data. For requests, please contact our Data Controller.
Personal data processed through our Services may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, Israel, Ireland, and the Czech Republic, where some of our service providers are located.
Where such transfers occur, we ensure that appropriate safeguards are in place to protect personal data, in accordance with Articles 44–49 of the GDPR. In particular, transfers are carried out on the basis of:
Adequacy decisions adopted by the European Commission, where applicable; or
Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where necessary by additional technical and organizational measures.
We take all reasonable steps to ensure that personal data receives an equivalent level of protection as required under applicable data protection laws, including GDPR and GDPR-K provisions for children’s data.
7. Retention and Security
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including the provision of the Services, compliance with legal obligations, and the management of subscriptions and payments.
We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, alteration, or disclosure, taking into account the nature of the data processed, particularly when it concerns children’s data.
For any questions regarding this policy or to exercise your rights:
Marshmallow Games SRL Email: info@marshmallow-games.com Address: Via G. Di Cagno Abbrescia, 17/B-C – 70126 Bari (Italy)