Privacy
Privacy policy
Last updated: June 12, 2025
This page explains what data we collect, why we collect it, and what your rights are. We've kept it short and tried to use plain English. If anything is unclear, write to [email protected] and we'll happily explain.
Who we are
We are Pixo Games, LDA ("Pixo Games", "we", "us"), a company registered in Portugal at:
Praça de Alvalade, n.º 6, 8.º esquerdo1700-036 Lisboa, Portugal
For everything in this policy, Pixo Games is the data controller under the EU General Data Protection Regulation ("GDPR") and the Portuguese Data Protection Act (Lei n.º 58/2019).
Scope
This policy covers:
- This website — pixogames.co and any subdomain
- Our games — every mobile game published by Pixo Games on the Apple App Store and Google Play (Merge 2 Survive, Sports City, Idle Museum, Rocket Star, Merge Museum, plus any future titles)
What we collect
From this website
If you write to us through the contact form or the submit-a-game form, we receive what you typed in: your name, email address, the body of your message, and any optional fields you filled in (subject, studio name, links, etc.).
We do not run analytics on this site. There are no third-party trackers, no advertising pixels, no first-party tracking cookies. The only exception is standard server logs (IP address, timestamp, page requested) that our hosting provider keeps for security and abuse prevention.
From our games
When you play one of our games, we (and the third-party SDKs listed below) collect:
- Device identifiers — model, OS version, language, country, screen size, and similar technical signals
- Advertising identifiers — Apple's IDFA / Google's Advertising ID, used to deliver and measure ads
- Anonymous game ID — when you first open a game we generate a random ID for your device. We use it to store and sync your game save on our servers so you don't lose progress if your device crashes, you reinstall, or you switch phones. This ID is not connected to your name, email, or any personal information.
- Gameplay data — levels reached, scores, in-game choices, session length, errors and crashes
- Approximate location — derived from your IP address (country / region only)
- Purchase events — which in-app purchase you bought and when, but not your card or payment information (those go through Apple / Google directly and we never see them)
If you choose to connect Google Play Games or Apple Game Center, we additionally receive whatever those services share with us (typically your nickname and friend list within their network). This is fully optional — the game works without it.
What we never collect from games
We do not ask for or store your name, email, postal address, phone number, photos, contacts, microphone, or camera.
Why we process this data
Each processing activity has a legal basis under GDPR Article 6:
| Purpose | Legal basis |
|---|---|
| Replying to your form submission | Art. 6(1)(b) — pre-contractual measures at your request |
| Game save and progress sync | Art. 6(1)(b) — performance of contract |
| Showing non-personalized ads | Art. 6(1)(f) — legitimate interests |
| Showing personalized ads | Art. 6(1)(a) — your consent (we ask first) |
| Measuring ad performance, crash reports | Art. 6(1)(f) — legitimate interests |
| Detecting cheating, fraud, abuse | Art. 6(1)(f) — legitimate interests |
| Processing in-app purchases | Art. 6(1)(b) — performance of contract |
| Complying with legal obligations | Art. 6(1)(c) — legal obligation |
Who we share data with
We do not sell your data. Period.
We do work with third-party services to make the games actually function. Each one runs under its own privacy policy, available on their website.
Advertising partners (delivering and measuring in-game ads):
AppLovin · Google AdMob · Meta Audience Network · Unity Ads · IronSource · Mintegral · Pangle · Vungle / Liftoff · Chartboost · DT Exchange · InMobi · Fyber
Analytics & error reporting (helping us understand usage and fix crashes):
Singular · Google Firebase Analytics & Crashlytics · Facebook SDK
Payment processors (handling in-app purchases):
Apple App Store · Google Play
Optional sign-in (only if you connect them):
Apple Game Center · Google Play Games Services
Hosting & infrastructure:
DreamHost (this website) · Google Cloud / Firebase (game-save servers)
We may also disclose data to public authorities when we are legally compelled to (court order, regulatory request).
International transfers
Most of the partners above are based outside the European Economic Area, primarily in the United States. When data is transferred outside the EEA we rely on:
- Adequacy decisions of the European Commission (e.g. EU-US Data Privacy Framework where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
You can request a copy of the safeguards in place for any specific transfer by writing to [email protected].
Children
Our games are intended for players aged 13 and over. If you are in the EU/EEA and under 16, we will not serve you personalized ads or process your data on a consent basis without verifiable parental authorization — only the minimum necessary for the game to function.
If you believe a child under 13 has used one of our games and provided personal data, write to [email protected] and we will delete the associated account and data promptly.
Your rights under GDPR
You have the right to:
- Access — get a copy of the data we hold about you
- Rectification — correct anything that's inaccurate
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — get your data in a machine-readable format
- Object — object to processing based on legitimate interests, including ad-related profiling
- Withdraw consent — at any time, where processing is based on your consent (this doesn't affect anything we did before)
- Not be subject to solely automated decision-making with legal or similarly significant effects
To exercise any of these rights, email [email protected]. We will respond within one month.
You can also lodge a complaint with the Portuguese supervisory authority — the Comissão Nacional de Proteção de Dados (CNPD) — at www.cnpd.pt. If you live elsewhere in the EU/EEA you may complain to your local data protection authority.
How long we keep your data
- Form submissions — typically up to 24 months, then deleted or archived
- Anonymous game saves — kept while the corresponding game ID remains active. Inactive saves are purged after 3 months of no use
- Crash reports & analytics — typically 12-24 months, then aggregated or deleted
Security
We protect data with encryption in transit (HTTPS/TLS), restricted access on a need-to-know basis, and reasonable industry-standard safeguards. No system is perfectly secure, but we take it seriously and respond promptly to incidents.
Changes to this policy
If we change this policy meaningfully, we will update the "Last updated" date at the top and announce changes in-game or on this website. Material changes that affect your rights will be highlighted.
Contact
Questions, corrections, or rights requests:
Pixo Games, LDAPraça de Alvalade, n.º 6, 8.º esquerdo
1700-036 Lisboa, Portugal