1.1. Joyteractive Limited ("Joyteractive", "we", "us" or "our") is a company with a registered address at 75 Prodromou Avenue, Oneworld Parkview House, Floor 4, 2063 Nicosia, Cyprus. We develop and publish applications and games for mobile devices.
1.2. When you use Joyteractive's "Cryptogram Word Brain Puzzle" app, or other apps provided on a mobile platform or our corporate website available at https://joyteractive.com (each being, our "Platform", collectively, the "Platforms"), we may collect, store and process some data, including personal data. Joyteractive Limited acts as the data controller for the personal data described in this Privacy Policy.
1.3. This privacy policy ("Privacy Policy") sets out the main principles on which the data collected from you, or that you provide to us, will be processed by us, when you (1) visit our website, (2) access our Platform. This Privacy Policy also aims to remind you about your rights and to provide you with all the elements you need to exercise them.
The following documentation are integral parts of this Privacy Policy and are included as separate documents solely for your convenience:
This Privacy Policy shall be read alongside with the Joyteractive Terms of Use which govern the usage of our Platform (User Documentation).
If you have any questions related to this Privacy Policy or our practices around privacy and data protection in general, please don't hesitate to contact us at contact@joyteractive.com or write to: Joyteractive Limited 75 Prodromou Avenue, 2063 Nicosia, Cyprus
BY USING THE PLATFORMS, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTAND THIS PRIVACY POLICY.
If you do not agree with this Privacy Policy, you must not use the Platforms. In such a case, you should:delete the App from your devices.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or operational needs. When we make material changes, we will update the "Last Updated" date at the top of this Privacy Policy and, where appropriate, provide additional notice within the Platforms. Your continued use of the Platforms after the updated Privacy Policy becomes effective constitutes acknowledgment of the updated terms.
When you visit our Platforms, you may provide us with the following types of data, and we may collect and process such data in accordance with this Privacy Policy, as follows:
Contact Data — This may include your name and your email address. This information will be collected by us if you communicate with us, for example if you use the links on our Platforms to communicate with us via email.
Account Data — If you create an account on our Platforms to benefit from our Platforms, you may need to provide your name, email address, phone number and your photograph. If you use Facebook or Google to login to our Platforms, Facebook or Google will share data with us including but not limited to your profile data, your social network IDs, application store IDs, social network nickname, e-mail, language, location and publicly available information about you and your friends.
Correspondence Data — This includes the information you provide when you request support through our Platforms, contact us via the email address provided in this Privacy Policy and elsewhere on our website and your views, opinions and feedback which you choose to provide in relation to the Platforms and our services, including any comment facilities and message boards.
Session Data — This includes your IP address, your device's unique identifier details, browser details including version, device operating system, geo-location, time zone setting and time/date of access requests, the amount of data transmitted and the requesting provider. We may also capture other information about visits to our Platforms such as pages viewed and traffic patterns.
Cookie Data — Cookies are small files which are downloaded to your device when accessing our Platforms. Most web browsers automatically accept cookies. Please refer to paragraph 4 below for further details about our use of cookies.
Preference Data — This includes any information you choose to provide us, such as your musical preferences relating to genres and artists.
Payment Data — Our Platforms include purchases directly in the application (including subscriptions) and/or purchases directly through our website. If you want to make a purchase in the application, you may do this with the help of the payment system provided by Google Play (managed by Google) or AppStore (managed by Apple) and integrated into the apps. The in-app payment system is managed by the Google Play/AppStore administration or its authorized partner. Under no circumstances do we collect or process any information related to your payment instruments, such as bank card number, its validity term or your name as written on it. When you purchase directly through our website, including subscription, you authorize us to have our payment processor collect this information. We do not store such information on our servers.
When you use our Platforms, we can collect and process some of your data relying on different legal bases, which vary depending on the type of information we process and the context in which we collect it. You will find below explanations regarding the reasons why we may collect data and the legal bases we rely on in each case.
Contact Data
Account Data
Correspondence Data
User Content
Session Data
Preference Data
Marketing Communications
Where you have provided your consent to receive marketing communications from us, we may use your Contact Data to send you information about our products, services, promotions, updates, or other marketing materials.
You may withdraw your consent to receive marketing communications at any time by:
Withdrawal of consent will not affect the lawfulness of processing conducted prior to such withdrawal.
Please note that even if you opt out of marketing communications, we may continue to send you service-related or transactional communications where necessary for the performance of a contract, including account notifications, subscription confirmations, or security-related messages.
We use various tracking technologies in connection with our Platforms, including software development kits ("SDKs"), device identifiers, advertising identifiers, and similar technologies (collectively referred to as "Tracking Technologies"). These technologies allow us and our partners to operate, secure, analyze, and monetize our Platforms.
Strictly Necessary Technologies
These technologies are essential for the operation, security, and integrity of the Platforms. They enable core functionality such as authentication, fraud prevention, network management, and service delivery. These technologies are processed on the basis of our legitimate interests in providing secure and functional services.
Analytics and Performance Technologies
These technologies help us understand how users interact with the Platforms, measure performance, detect errors, and improve functionality. Where required by applicable law, we rely on your consent before activating analytics technologies.
Advertising Technologies and Identifiers
Mobile devices use unique advertising identifiers, including:
We and our third-party advertising partners may use these identifiers and related SDK technologies to:
Where required by applicable law, we obtain your prior consent before enabling personalized advertising or activating advertising-related Tracking Technologies. You may withdraw your consent at any time through the "Privacy Settings" (or "Privacy") section within the App. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
If you withdraw consent, you may continue to receive advertisements while using the Platforms. However, such advertisements will be contextual in nature and will not be based on your behavioral profile or inferred preferences.
Third-Party SDKs and Partners
We may integrate third-party SDKs and services into our Platforms, including analytics providers, advertising networks, fraud prevention providers, and other service providers. In certain cases, these third parties may act as independent data controllers with respect to their own processing activities. Their processing of your personal data is governed by their respective privacy policies. We encourage you to review the privacy policies of such partners for further information about their data collection and use practices.
Managing Your Preferences
You may manage or withdraw your consent for non-essential Tracking Technologies at any time through the Privacy Settings within the App. Depending on your device, you may also manage advertising identifier settings at the operating system level.
For residents of jurisdictions that provide additional opt-out rights (including the right to opt out of the sale or sharing of personal information for cross-context behavioral advertising), please refer to the Privacy Notice for California Residents section.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as described in this Privacy Policy. The applicable retention period depends on the nature of the personal data collected, the purposes for which it was collected, the legal basis relied upon for processing, and whether applicable legal, regulatory, accounting, or reporting obligations require us to retain the data for a longer period.
There are circumstances in which we may retain certain personal data for extended periods, including for risk management and security purposes, fraud prevention and detection, enforcement of our contractual rights, handling complaints, claims, investigations, or litigation, and compliance with legal or regulatory obligations.
Transaction and Purchase Data
We retain certain personal data relating to purchases and subscriptions (such as transaction identifiers, purchase dates, purchased items, subscription status, and payment amounts) for as long as necessary to comply with applicable tax, accounting, and financial reporting obligations. We do not store full payment card details on our servers where payments are processed by third-party payment providers.
Account Data
We retain Account Data for as long as your account remains active. If your account is inactive for a prolonged period, we may delete or anonymize your account data in accordance with our internal retention policies, unless we are legally required or permitted to retain it for a longer period.
You may delete certain personal data directly through your Account settings, or you may delete your Account in its entirety. Alternatively, you may request deletion of your personal data by contacting us using the contact details provided in this Privacy Policy.
Please note that, pursuant to Article 17(3) of the GDPR, we may refuse a deletion request where processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.
Disputes and Investigations
We will not delete personal data where it is relevant to an ongoing investigation, dispute, or legal proceeding. Such data will be retained until the matter is fully resolved and/or for the period required or permitted under applicable law.
Anonymization and Aggregation
Where possible, we may anonymize, aggregate, or otherwise de-identify personal data so that it can no longer be associated with you. Once anonymized, such data is no longer considered personal data and may be used for analytics, research, product development, security enhancement, and other legitimate business purposes as permitted by applicable law.
Secure Deletion
Once the applicable retention period expires, we will securely delete or irreversibly anonymize your personal data, unless we are legally required to retain it for a longer period.
Joyteractive does not sell your personal data for monetary consideration. We disclose personal data only as described in this Privacy Policy, where necessary to operate and provide the Platforms, comply with legal obligations, protect our rights, or where you have provided your consent.
Third-Party Service Providers
We engage trusted third-party service providers to support the operation, administration, and maintenance of our Platforms. These may include providers of:
These service providers process personal data on our behalf and under our instructions, in accordance with applicable data protection laws and subject to appropriate contractual safeguards.
Advertising and Analytics Partners
As described in Section 4 (Tracking Technologies and Advertising Identifiers), we may, where permitted by applicable law and, where required, based on your consent, share certain data collected through the Platforms — such as advertising identifiers (including IDFA and AAID), device identifiers, online identifiers, and limited usage data — with advertising networks, mediation platforms, analytics providers, and measurement partners.
These disclosures are made in connection with delivering personalized advertising within the Platforms, measuring advertising performance and campaign effectiveness, improving monetization and user experience within the Platforms, and detecting fraud and invalid traffic.
Depending on the specific partner and processing activity, such third parties may act either as processors acting on our behalf, or as independent data controllers responsible for their own processing activities. Their processing of personal data is governed by their respective privacy policies.
For residents of jurisdictions where applicable law defines certain advertising-related disclosures as a "sale" or "sharing" of personal information (including under California law), please refer to the section titled Privacy Notice for California Residents for further information about your rights.
Marketing Service Providers
Where you have consented to receive marketing communications from us in relation to the Platforms, we may share your Contact Data with third-party service providers that assist us in delivering such communications, including email distribution platforms and messaging providers. Such providers act on our behalf and in accordance with our instructions.
Legal or Regulatory Requirements
We may disclose personal data collected through the Platforms where required to do so by law, regulation, court order, or other legal process, or where such disclosure is necessary to comply with legal obligations, enforce our terms and policies relating to the Platforms, protect our rights, property, or safety, or detect, prevent, or address fraud, security, or technical issues.
Corporate Transactions
If Joyteractive or its assets relating to the Platforms are subject to a merger, acquisition, reorganization, financing, or sale of all or part of its business, personal data processed in connection with the Platforms may be transferred as part of that transaction. In such cases, personal data will remain subject to appropriate confidentiality protections.
Aggregated or De-Identified Information
We may share aggregated, anonymized, or de-identified information derived from the use of the Platforms that cannot reasonably be used to identify you. Such information does not constitute personal data under applicable law.
List of Third-Party Service Providers and Partners
We maintain a list of key third-party service providers and partners integrated into or supporting the operation of our Platforms. This list is available at: List of the Parties who may receive your data. The list may be updated from time to time to reflect changes in our service providers and partners.
In connection with the operation of our Platforms, it may be necessary for us to transfer, store, or process your personal data outside the European Economic Area ("EEA"). Such transfers may occur, for example, where we use cloud-based infrastructure providers with geographically distributed data centres, we engage analytics, advertising, fraud prevention, or other technical service providers operating globally, or our partners or service providers process data from servers located outside the EEA.
Some of the countries to which personal data may be transferred may not provide the same level of data protection as your jurisdiction. Where we transfer personal data outside the EEA to countries that have not been recognised by the European Commission as providing an adequate level of protection, we will implement appropriate safeguards in accordance with applicable data protection laws. These safeguards may include entering into Standard Contractual Clauses adopted by the European Commission, implementing additional technical and organisational security measures where necessary, and conducting transfer impact assessments where required under applicable law.
Where applicable, you may request further information regarding the safeguards in place for international transfers by contacting us using the details provided in this Privacy Policy. We do not rely on your consent as the primary legal basis for international transfers.
Our Platforms may contain links to third party websites. If you follow a link to a third-party website, please note that this Privacy Policy does not apply to those websites. We are not responsible or liable for the privacy policies or practices of those websites, so please check their policies before you submit any data to those websites.
We take data security seriously. We implement and maintain appropriate technical and organizational measures including resilient security systems and protocols to protect the personal data we store.
We have put procedures in place to deal with any suspected data security breach and will notify you and applicable regulator of a suspected breach where the breach may cause a risk to you.
Our security procedures mean that we may occasionally request proof of identity before we are able to disclose personal data to you.
As a result of our collection and processing of your personal data in connection with the Platforms, you have the following rights under applicable data protection laws:
(a) Right of Access
You have the right to request confirmation as to whether we process personal data about you and, where that is the case, to request access to such personal data.
(b) Right to Rectification
You have the right to request that we correct or update any personal data that is inaccurate or incomplete.
(c) Right to Erasure
You have the right to request the deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected. Please note that this right is subject to legal limitations, including where processing is required for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.
(d) Right to Data Portability
You have the right to receive personal data that you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where processing is based on your consent or on the performance of a contract, and processing is carried out by automated means.
(e) Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data or object to our processing.
(f) Right to Object
You have the right to object to our processing of your personal data where such processing is based on our legitimate interests, on grounds relating to your particular situation. Where we process personal data for direct marketing purposes, including personalized advertising, you have the right to object at any time.
(g) Rights Related to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where permitted by applicable law.
(h) Right to Withdraw Consent
Where we rely on your consent to process personal data (including for personalized advertising or marketing communications), you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.
Exercising Your Rights
To exercise any of the rights described above, please contact our Data Protection Officer at: contact@joyteractive.com or write to us at the address provided in the "Contact" section of this Privacy Policy. We may request additional information to verify your identity before responding to your request. We will respond to your request within the timeframe required under applicable law.
Right to Lodge a Complaint
If you believe that our processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.
The Platforms are intended for a general audience and are not directed to children under the age of 13, or such higher age as may be required under applicable law in your jurisdiction (for example, 16 in certain European Union Member States).
We do not knowingly collect personal data from children under the applicable minimum age, nor do we knowingly engage in the sale or sharing of personal data of consumers under 16 years of age for cross-context behavioral advertising purposes.
If we become aware that we have inadvertently collected personal data from a child under the applicable minimum age without verifiable parental consent (where such consent is required under applicable law), we will take reasonable steps to delete such information as soon as reasonably practicable.
If you believe that a child has provided us with personal data in violation of this section, please contact us at: contact@joyteractive.com
Effective Date: April, 2026
This Privacy Notice for California Residents supplements the information contained in this Privacy Policy and applies solely to visitors, users, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act ("CCPA"). Any terms defined in the CCPA have the same meaning when used in this notice.
This Privacy Notice describes how we collect, use, disclose, sell, or share Personal Information of California residents in connection with our Platforms. For purposes of this section, "Personal Information" means information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.
INFORMATION WE COLLECT
This Privacy Notice applies to Personal Information we collect through the Platforms, in email, text, and other electronic communications between you and the Platforms, through Tracking Technologies and advertising identifiers integrated into the Platforms, and through interactions with our services as described in this Privacy Policy.
In the preceding twelve (12) months, we have collected the following categories of Personal Information from California consumers:
We do not collect Social Security numbers, driver's license numbers, passport numbers, precise geolocation data, health information, or biometric identifiers in connection with the Platforms.
Sources of Personal Information
We collect Personal Information directly from you when you use the Platforms, automatically through Tracking Technologies integrated into the Platforms, from third-party platforms you link to your account, from analytics providers, advertising networks, fraud prevention providers, and service providers, and from partners who supplement or update information we hold.
PURPOSES FOR COLLECTING AND USING PERSONAL INFORMATION
We collect and use Personal Information for business and commercial purposes described in this Privacy Policy, including to operate, maintain, and secure the Platforms, process transactions and manage accounts, personalize user experience, provide advertising and measure advertising performance, detect fraud and ensure security, conduct analytics and improve functionality, and comply with legal obligations.
We will not collect additional categories of Personal Information or use Personal Information for materially different, unrelated, or incompatible purposes without providing notice.
DISCLOSURE OF PERSONAL INFORMATION FOR BUSINESS PURPOSES
In the preceding twelve (12) months, we have disclosed the categories of Personal Information listed above to service providers and contractors, analytics providers, advertising and measurement partners, fraud prevention providers, and infrastructure and hosting providers. These disclosures are made pursuant to written agreements limiting use to specified business purposes and consistent with the CCPA.
SALE OR SHARING OF PERSONAL INFORMATION
Under the CCPA, "sale" and "sharing" are broadly defined and may include certain disclosures of Personal Information to third parties for cross-context behavioral advertising. In the preceding twelve (12) months, we may have "shared" the following categories of Personal Information with advertising and analytics partners:
We do not knowingly sell or share Personal Information of consumers under 16 years of age. You have the right to opt out of the sale or sharing of your Personal Information. You may exercise this right through the Privacy Settings within the Platforms or by contacting us using the details below.
SENSITIVE PERSONAL INFORMATION
We do not use or disclose Sensitive Personal Information for purposes that would require offering a right to limit its use under the CCPA.
YOUR CALIFORNIA RIGHTS
Right to Know — You may request disclosure of categories of Personal Information collected, categories of sources, business or commercial purposes for collection, disclosure, sale, or sharing, categories of third parties to whom information is disclosed, and specific pieces of Personal Information collected. You may make such requests up to two times in a 12-month period.
Right to Delete — You may request deletion of Personal Information we collected about you, subject to certain legal exceptions.
Right to Correct — You may request correction of inaccurate Personal Information we maintain about you.
Right to Opt Out of Sale or Sharing — You may opt out of the sale or sharing of your Personal Information for cross-context behavioral advertising purposes.
Right to Non-Discrimination — We will not discriminate against you for exercising your rights.
HOW TO EXERCISE YOUR RIGHTS
To exercise your rights, please contact us at: contact@joyteractive.com or write to: Joyteractive Limited, 75 Prodromou Avenue, 2063 Nicosia, Cyprus. We may verify your identity before processing your request. You may designate an authorized agent in accordance with applicable law. We will respond within 45 days (or up to 90 days where permitted).
SHINE THE LIGHT
California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of Personal Information to third parties for direct marketing purposes. Requests may be submitted using the contact details above.
ONLINE TRACKING
We and our partners use Tracking Technologies in connection with the Platforms as described in Section 4 (Tracking Technologies and Advertising Identifiers). Where required by applicable law, we recognize valid opt-out preference signals.
CHANGES TO THIS NOTICE
We may update this Notice from time to time. The updated version will be made available through the Platforms and will include an updated effective date.
Last updated April, 2026
This List shall be read alongside, and in addition to, our Privacy Policy.
Copyright © 2026 Joyteractive Limited - All rights reserved