BLKSTD

privacy policy

Privacy Policy

Effective date: May 18, 2026 — Last updated: May 18, 2026

  1. 1. Who we are
  2. 2. Scope
  3. 3. Data we collect
  4. 4. Purposes & legal bases
  5. 5. Sharing & third parties
  6. 6. Advertising
  7. 7. International transfers
  8. 8. Retention
  9. 9. Security
  10. 10. Children
  11. 11. Your rights
  12. 12. Account & data deletion
  13. 13. Changes
  14. 14. Contact

1. Who we are

This Privacy Policy describes how Blackstudio ("Blackstudio", "BLKSTD", "we", "us", or "our") collects, uses, and protects your personal data when you use our websites, games, and related services (collectively, the "Services"), including but not limited to OrbitWars, Cucarank, and any mobile or web application published by Blackstudio.

Data Controller
Blackstudio
CNPJ: 51.821.797/0001-29
Country: Brazil
Email: [email protected]

2. Scope

This Policy applies to all users of our Services worldwide. We comply with the Brazilian General Data Protection Law (LGPD — Law 13.709/2018), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Apple App Store Review Guidelines (section 5.1), and the Google Play Developer Program Policies (Data safety, User Data, and Families).

3. Data we collect

3.1 Data you provide

  • Account data: email address, display name, password (hashed), and authentication identifiers when you sign up, sign in, or recover access.
  • Support content: messages, attachments, and metadata when you contact us.

3.2 Data collected automatically

  • Gameplay & usage data: in-game actions, levels, scores, progress, session length, feature usage, and preferences.
  • Device & technical data: device model, operating system and version, language, time zone, app version, hardware identifiers necessary for operation, crash logs, diagnostic events, and approximate (IP-derived) location.
  • Analytics identifiers: pseudonymous IDs used for analytics, performance monitoring, and crash reporting.

3.3 Purchases

  • In-app purchases: we receive a confirmation token, product ID, transaction ID, and purchase status from Apple, Google, or other payment processors. We do not receive or store payment card numbers. Payment data is processed by the platform (Apple App Store / Google Play) or the relevant processor under their own privacy policies.

3.4 Sensitive data

We do not intentionally collect sensitive personal data (such as health, biometrics, racial or ethnic origin, religion, political opinions, or sexual orientation).

4. Purposes & legal bases

We process your data for the following purposes:

  • Provide the Services (create accounts, save progress, deliver in-app content) — legal basis: contract performance (LGPD Art. 7, V; GDPR Art. 6(1)(b)).
  • Authenticate and secure accounts, prevent fraud and abuse — legitimate interest / regular exercise of rights (LGPD Art. 7, IX; GDPR Art. 6(1)(f)).
  • Improve and debug the Services using analytics and crash reporting — legitimate interest (LGPD Art. 7, IX; GDPR Art. 6(1)(f)).
  • Process purchases and entitlements — contract performance (LGPD Art. 7, V; GDPR Art. 6(1)(b)).
  • Communicate service updates and respond to support requests — contract performance and legitimate interest.
  • Comply with legal obligations, including tax, accounting, and consumer-protection law — legal obligation (LGPD Art. 7, II; GDPR Art. 6(1)(c)).
  • Personalized or non-personalized advertising where applicable — consent (LGPD Art. 7, I; GDPR Art. 6(1)(a)). See Section 6.

5. Sharing & third parties

We do not sell your personal data. We share limited data with service providers ("operators" under LGPD / "processors" under GDPR) strictly to operate the Services:

  • Cloud hosting & infrastructure: Google Firebase / Google Cloud Platform (hosting, authentication, database, storage).
  • Analytics & crash reporting: Google Firebase Analytics and Crashlytics.
  • Payments & billing: Apple App Store and Google Play (in-app purchases).
  • Customer support: email service providers used to receive and respond to messages.
  • Advertising partners (future): when ads are introduced, ad networks such as Google AdMob may process device identifiers and limited usage data. See Section 6.
  • Legal authorities: when required by law, court order, or to defend our rights.
  • Corporate transactions: in connection with a merger, acquisition, or asset sale, subject to confidentiality and continuity of this Policy.

6. Advertising

Our Services may, now or in the future, display advertisements served by third-party ad networks (for example, Google AdMob). These networks may collect device advertising identifiers (such as the Android Advertising ID or Apple's IDFA where authorized), IP address, and limited interaction data to deliver, measure, and attribute ads.

On iOS, we will request your permission through the App Tracking Transparency prompt before using IDFA for tracking. On Android, you may reset or delete your advertising ID through device settings. We will only show personalized ads where consent is obtained.

For information about AdMob practices, see Google's policies at policies.google.com/technologies/ads.

7. International transfers

We are based in Brazil. Some of our service providers process data outside Brazil, including in the United States and the European Union. When data is transferred internationally, we rely on adequate safeguards under LGPD Art. 33 (such as standard contractual clauses, adequacy decisions, or your specific consent) and equivalent mechanisms under GDPR Chapter V.

8. Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations (including Brazilian tax and consumer-protection law, typically five years for transactional records), resolve disputes, and enforce our agreements. Account data is deleted within 30 days after a verified deletion request, except where retention is required by law.

9. Security

We use technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS/TLS), encrypted storage at rest, access controls, principle of least privilege, secure password hashing, and logging. No method of transmission or storage is 100% secure; in the event of a security incident affecting your data, we will notify you and the competent authority (ANPD in Brazil) as required by LGPD Art. 48.

10. Children

Our Services are intended for users aged 13 and older. We do not knowingly collect personal data from children under 13 (under 16 in jurisdictions where that age applies). If you are a parent or guardian and believe your child has provided us with personal data, contact us at [email protected] and we will delete the data promptly.

11. Your rights

Subject to applicable law, you have the right to:

  • Confirm whether we process your personal data;
  • Access your data;
  • Correct incomplete, inaccurate, or outdated data;
  • Anonymize, block, or delete unnecessary, excessive, or unlawfully processed data;
  • Port your data to another service provider;
  • Be informed about public and private entities with which we have shared your data;
  • Be informed about the possibility of refusing consent and the consequences thereof;
  • Revoke consent at any time;
  • Object to processing based on legitimate interests;
  • Lodge a complaint with the ANPD (Brazil) or your local data protection authority.

To exercise any of these rights, email [email protected]. We will respond within 15 days as required by LGPD Art. 19.

12. Account & data deletion

You can request deletion of your account and associated personal data at any time:

  • In-app: open Settings → Account → Delete account (where available).
  • By email: send a request from the email address associated with your account to [email protected] with the subject "Account deletion request".

Once verified, we will delete your account and personal data within 30 days. Some data may be retained in anonymized or aggregated form, or where retention is required by law (for example, transactional records for tax purposes).

13. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the Services or by email. Your continued use of the Services after the effective date of the updated Policy constitutes acceptance of the changes.

14. Contact

For any questions, requests, or complaints regarding this Privacy Policy or our processing of your personal data, contact us:

Blackstudio
CNPJ: 51.821.797/0001-29
Email: [email protected]
Country: Brazil