Privacy Policy for Drop Merge Frenzy
Last Updated: February 11, 2026
We place the highest priority on your freedom to make autonomous decisions about your privacy, and throughout the entirety of this document, we will consistently address you as "you" for the sake of clarity. This privacy policy has been meticulously developed to provide you with a thorough yet straightforward breakdown of the ways in which we gather, retain, and employ your personal information when you engage with our game—hereinafter referred to uniformly as the "Application." We strongly advise you to carefully go through this policy to gain a complete understanding of our privacy principles and operational procedures. By launching the Application or making use of any of our services, you are considered to have agreed to all the terms and conditions outlined in this privacy policy.
We accumulate a diverse range of information tied to your actions and engagement patterns while using the game. This encompasses key performance indicators such as how often you interact with clickable elements, the landing screens and content you navigate through, records of when you open the app, the privacy permissions you’ve set up on your device, the functionality status of in-game features, how many apps are installed on your device, application package identifiers, details about your device’s brand, network connectivity conditions, firebase_device_id, your device’s model, the country linked to your SIM card, system language configurations, and cookies that advertisers can access. Every piece of data mentioned above is shared solely with formally authorized third-party analytics tools: Firebase, Facebook Analytics, and our internal data tracking system (ECS).
To enhance your overall experience when engaging with our Application, we gather pertinent details regarding your device and network connection. The exact set of information we collect is influenced by multiple factors, including your interaction patterns with the app, your individual privacy configurations, and the particular features you opt to utilize. Such details may consist of SDK/API edition, platform category, time markers, application identifier and its matching version, distinct device ID, device producer, operating system edition, language choices, time zone, and network condition (for instance, Wi-Fi connectivity). Furthermore, we monitor the app’s status in the Google Play listing, the ad-loading tactics that have been put in place, the advertising platforms that are employed, and ad delivery identifiers. Information gathered via your device’s Android ID is stored to keep track of advertising-related activities within the app, and this information is categorized as personal data.
Your Android advertising identifier is employed by us to provide customized ads, and this specific identifier is used exclusively for promotional and data analysis activities. It is worth highlighting that this marker does not hold any confidential information that could be utilized to single you out individually or connect to your personal particulars. In addition, there is no association between this identifier and permanent device markers such as SSAID, MAC address, or IMEI.
Whenever you establish an internet connection while playing the game, we gather details concerning your network category (such as Wi-Fi or cellular data) and IP address. This set of information is indispensable for sustaining the steady performance of the game’s network connections.
Third-party Software Development Kits (SDKs) embedded within our Application may obtain access to specific user-related data, with the applicable data categories listed as follows:
l Google AD ID: Implemented across the entirety of Google’s advertising infrastructure.
l Device-specific metrics: Including device model, hardware specifications, and the nation in which our services are utilized.
l Anti-fraud analytics data: Leveraged to identify fraudulent click activity and safeguard the operational integrity of the advertising ecosystem.
l Geodemographic data: Extracted via IP address evaluation, yielding meaningful insights into geographically aligned user trends.
l Ad, marketing and analytical insights: Harnessed by third-party SDKs to refine ad campaigns, execute targeted research endeavors, and assess user behavioral patterns.
l Advertiser-accessible cookie files: Stored locally on your device or retrievable by advertising entities for operational purposes.
The data captured by these SDKs is subject to the independent privacy policies established by their respective providers. Our affiliated third parties comprise monetization collaborators (e.g., Google Admob, Facebook Audience Network, IronSource) and data analytics platforms (e.g., Firebase, Facebook Analytics, our proprietary in-house systems). Direct access to the privacy policies of these partners is provided in the Privacy Policies of Third-Party Partners section, for your thorough review and future reference.
Our handling of your personal data aligns with the goals laid out in this privacy policy and is underpinned by the following legal justifications.
The processing of personal data is frequently a core requirement to meet the contractual obligations we hold to you. This allows us to furnish the services you’ve requested and validate your identity — for instance, processing registration information to authorize your access to our platform and its services.
We conduct data processing to abide by all applicable statutory laws and regulatory requirements. This involves maintaining financial documentation in line with established accounting norms, as well as disclosing relevant information to law enforcement bodies when compelled to do so by legal orders and statutory demands.
We process personal data to nurture and enhance our user relationship with you, such as dispatching service-related notifications and updates. This practice also supports us in bolstering the security of our service infrastructure and sharing product-related details, empowering us to polish and enhance our service offerings based on user input and feedback.
In particular situations, we will only process your personal data upon receiving your express and explicit authorization. This rule applies to activities including the placement of non-essential cookies on your device or the sharing of user data for advertising and promotional purposes. Please note that certain of our platform services and functional features may be dependent on this form of data processing to operate as intended and deliver their full functionality.
Upon your launch of the Application, its built-in system utilities capture the above-referenced information in an automated manner. This entire data gathering process adheres strictly to the provisions outlined in this policy as well as all pertinent legal statutes and regulatory mandates.
In the event that you acquire and install the Application via a third-party distribution platform (e.g., Google Play Store), we may obtain a limited scope of user-related details (including device unique identifiers and download activity logs) in full accordance with the privacy protocols of the respective platform and all applicable legal stipulations.
We place paramount emphasis on safeguarding the confidentiality of your personal information and implement prudent, robust protective protocols — including data encryption technologies — to avert data loss, pilferage, unsanctioned access, unauthorized disclosure, tampering, or destruction. Encryption protocols are deployed during both the storage and transmission phases of data to guarantee that information remains intact and uncompromised when transferred over networks.
Rigorous access control protocols are put in place to limit the ability to access and process data exclusively to staff members who have been formally authorized. Comprehensive logs of all data access activities are kept on record, and periodic compliance audits are carried out to oversee adherence to these protocols. Furthermore, the systems and servers supporting our Application undergo regular security evaluations and vulnerability assessments to identify and mitigate potential risks, as well as to defend against malicious threats such as hacking attempts or malware infiltrations.
At any point, you hold the entitlement to rescind your authorization for any data processing activities that depend on your prior approval. This revocation will not undermine the lawfulness of any data processing that took place before you withdrew consent, nor will it influence any actions undertaken by third parties prior to the rescission of your authorization.
Pursuant to relevant legal regulations, you possess the right to review the personal information we maintain about you and make adjustments to it whenever necessary.
Upon submitting a request, we will furnish you with a complimentary copy of your personal information, unless legal statutes allow us to impose a reasonable charge for this service. Access to your data may be restricted if granting such access would encroach upon the legitimate rights and interests of other people. Additionally, if you cannot directly amend inaccurate information through our services, you may submit a formal request for us to correct the errors.
You may demand the removal of your personal data under the following circumstances:
l The data is no longer required to fulfill the original purpose for which it was gathered.
l The processing of the data was based on your consent, which you have since withdrawn.
l You oppose the processing of your data, and we lack compelling legitimate reasons to continue with such processing.
You may ask for the limitation of data processing in the following situations:
l You challenge the accuracy of the processed data (processing will be limited during the verification phase, which may temporarily hinder your access to certain services).
l You object to illegal data processing and request restriction rather than complete deletion of the data.
l You require the data for legal claims even after we no longer need it for the original purpose, or during the period when we evaluate whether our legitimate interests take precedence over your objections.
Restricted data will only be processed with your clear and explicit consent, for the purpose of pursuing or defending legal claims, to safeguard the rights and interests of others, or for reasons related to the public good. We will inform you immediately once the restriction on data processing is lifted.
Should data processing activities be grounded in your consent, a contractual commitment, or our legitimate business objectives, you retain the right to raise an objection in line with all applicable legal frameworks. We are only permitted to continue processing your data if it is required for pursuing or defending legal claims, or if explicitly authorized by statutory law.
In instances where we have shared your personal data with external third parties, we will alert those entities to any requests you submit for data correction, erasure, or restriction—unless such notification is technically unachievable or forbidden by law. Upon your formal request, we will reveal the identities of these third-party organizations.
Except when exempted by legal provisions, you hold the entitlement to avoid decisions that are exclusively determined by automated processing (including user profiling) and that result in legal implications for you or substantially impact your legitimate rights and interests.
When data processing is based on a contractual agreement, your consent, or automated operations, you may request that we provide your data in a structured, widely used, and machine-readable format. If technically feasible and not damaging to the rights of other individuals, we will directly transmit the data to another data controller as you specify.
If you suspect that your privacy rights have been infringed upon, please get in touch with us at ndstudio.ltd@gmail.com to seek a swift resolution. You also have the authority to file a complaint with the appropriate supervisory body in your country of residence, place of work, or the jurisdiction where the alleged violation is believed to have occurred.
The California Consumer Privacy Act (CCPA) grants extra privacy entitlements to individuals residing in California, with the specific details outlined below. To exercise these rights, please refer to the "Exercising Your California Privacy Rights" section later in this document. If you are not a California resident, this section does not apply to you—we advise you to consult the main portion of this privacy policy instead.
Over the past 12 months, you hold the right to learn about and retrieve the personal information we have collected regarding you, which includes the following:
l The types of personal data we have gathered in relation to you.
l The origins from which this personal information was acquired.
l The business-related reasons for collecting your personal data.
l The specific particulars of the personal information we have accumulated about you.
You may submit a request for us to erase the personal information we have collected from you. We will also direct our service providers to delete such data, subject to the following exceptions where we or third parties may keep the data:
l To deliver the specific services you have requested from us.
l To resolve system malfunctions or guarantee the effective operation of our services.
l To adhere to the California Electronic Communications Privacy Act (California Penal Code Sections 1546 et seq.).
l To carry out public or peer-reviewed scientific, historical, or statistical research that serves the public welfare and complies with ethical standards as well as privacy laws.
l To meet legal responsibilities or similar mandatory requirements.
If you have provided your clear and explicit consent and not withdrawn it, we may keep your personal data for an extended timeframe. Furthermore, we may be obligated to retain personal data for longer periods due to legal duties or official instructions. Once Drop Merge Frenzy stops its operations, all personal data we hold will be permanently and securely erased.
We make every effort to respond to verifiable consumer requests within 45 days after receiving them. In cases where we need to extend this response window (with a maximum allowable extension of 90 days), we will notify you through email, telephone, or other electronic channels, providing a detailed explanation for the delay. As a general rule, we do not levy charges for handling or replying to such requests. Nevertheless, if a request is excessive in scope, repeated unnecessarily, or clearly lacks a legitimate basis, we reserve the right to impose a reasonable fee. In any such instance, we will first notify you of our decision and supply a cost estimate before moving forward with processing your request.
The exercise of your CCPA rights will not lead to any form of unjust treatment on our part. We will not engage in any of the following actions: deny your access to our services; impose different pricing or rate structures on you; or offer you services of inferior quality or reduced scope. Your decision to exercise your CCPA entitlements will not impact the terms of service to which you are legally entitled.
Our platform services are not targeted at individuals who are under 13 years of age, and we do not intentionally gather personal information from minors in this age group. In the event that we become aware we have collected personal data from a child under 13 without securing verifiable parental consent, we will promptly erase that information from our servers. Parents or legal guardians who find out their child under 13 has disclosed personal information to us should reach out to us without delay to ask for the removal of that data. For users who are between 13 and 16 years old, opt-in consent from the user themselves (or verifiable parental consent, as dictated by law) is a prerequisite for accessing certain platform features. Additionally, parents or legal guardians of users in this age range may contact us with any inquiries or concerns pertaining to their child’s personal data.
Pursuant to the EU’s data protection frameworks (including the GDPR) and applicable UK data protection legislation, individuals residing in the United Kingdom and any member state of the European Union are afforded the following legal rights—all of which Drop Merge Frenzy is dedicated to upholding:
You hold the authority to request written confirmation as to whether your personal data is being processed by our organization. If such processing is taking place, you are also entitled to obtain comprehensive details regarding the specific personal data we maintain about you.
You are entitled to examine the accuracy of the personal data we have on file for you and to amend any information that is outdated, incomplete, or erroneous. This process ensures that the data we keep about you remains trustworthy and up-to-date.
If you no longer agree to our holding of your personal data, you may demand that it be permanently erased. We will then take immediate measures to remove this information from all our active systems and backup storage locations, subject to any legal responsibilities that may require us to retain it temporarily.
When we do not have a valid legal basis for continuing to process part or all of your data, you have the right to ask us to discontinue those processing activities. This safeguard prevents any unauthorized or illegal utilization of your personal information.
You may request a copy of the personal data you have provided to us, presented in a commonly used, machine-readable format (such as CSV or JSON). This makes it simple to transfer your data to another service provider or manage it for your own record-keeping needs.
To exercise any of these rights, please send your request via email to ndstudio.ltd@gmail.com. We follow a strict response schedule and will provide an official reply within one calendar month after receiving your request. If you believe we have failed to comply with data protection laws, you also have the right to file a complaint with your local data protection authority (e.g., the ICO in the UK or your national DPA in the EU).
Embedded within this document are hyperlinks leading to the privacy policies of our third-party service providers. These policies are managed independently by each respective third party and are beyond our oversight and control. They detail the methods by which these partners gather, utilize, and share user data—we highly recommend that you carefully examine these documents to gain a clear understanding of their data-handling practices. The corresponding links are provided below:
l Adjust: https://www.adjust.com/terms/privacy-policy/
l Unity: https://unity3d.com/legal/privacy-policy
l Pangle: https://www.pangleglobal.com/privacy
l Mintegral: https://www.mintegral.com/en/privacy
l Vungle: https://vungle.com/privacy/
l Max/Applovin: https://www.applovin.com/privacy/
l ironSource: https://www.is.com/privacy-policy/
Protecting the privacy of minors stands as a core foundational priority for Drop Merge Frenzy. We urge parents and legal guardians to actively supervise their children’s online interactions and their use of digital service platforms. In the event that you discover your child has disclosed personal information to us without your prior written authorization, please contact our team without delay. Once we receive such a notification, we will immediately identify and permanently erase the relevant data from our official records and databases.
We may modify this privacy policy at regular intervals to mirror changes in our business operations, technological progress, or evolving legal mandates. Every revised edition will be easily accessible within the Drop Merge Frenzy application or on our official distribution channels (for example, the Google Play Store). Whenever possible, we will inform you of significant changes through appropriate channels, such as in-app alerts or electronic mail. After receiving such notification, your ongoing use of Drop Merge Frenzy signifies your acceptance of the updated policy. If you do not agree with the revised terms, you may opt to stop using our services.
If you have any questions, feedback, or concerns related to this privacy policy or our data management practices, please get in touch with us using the contact information provided below:
l Email: ndstudio.ltd@gmail.com