INTRODUCTION
- AG Studio is dedicated to protecting the privacy rights of our online users ("users" or "you"). This Privacy Policy has been crafted to inform you as to the ways we collect, store, use, and manage the information you provide in connection with any AG Studio's game or Application. Please note that the scope of this Privacy Policy is limited to only information collected from AG Studio through use of the Service. By using the service, you are agreeing to the collection and use of your personal information as outlined in this Privacy Policy. We may amend the Privacy Policy from time to time, and we encourage you to consult the Privacy Policy regularly for change.
COLLECT INFORMATION
- When you use any AG Studio Service, also sometimes referred to as an "Application" or "App", you get access to its online community within that Service and you allow AG Studio to access certain information about you. The information you allow us to access varies by Application, and it is affected by the privacy settings you and your friends establish in that Application. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain App related activities.
- There are two types of information we may collect through your use of our:
- 1. "Personal Information", which is the type of information that specifically identifies you personally and/or can be used alone to contact you online or offline, such as: your full name, email address, friend list, profile…, AG Studio's game player ID, and, in some cases, usernames. All of this Personal Information must be approved by you and Meta Developer.
- 2. "Non-Personal Information", which is information that does not identify you and cannot be used to contact you personally, including information about you such as, age, non-precise geolocation information (e.g., your city), and gender, as well as information about your computer and mobile device, such as your unique device ID, Internet Protocol (IP) address, or other persistent identifiers, and their hardware/software/firmware. Non-Personal Information also includes Usage Data, which is anonymous data tied to your computer and/or device, such as the actions you take within and outside of the Apps, the browser you use, the identity of other Apps included on your device, the date and time of your use of the Apps, your game progress, play time, score and achievements, and the URLs you visited and or Apps you used before and after using our Apps.
USE INFORMATION
AG Studio may use the information collecting from you for a variety of purposes, including to:
- 1. Provide, maintain, and improve the Services and deliver the information and support you request, including technical notices, security alerts, purchase confirmations, and support and administrative messages.
- 2. Personalize the Services and provide advertisements, content, or features that are targeted toward your interests.
- 3. 3. Send you news and information about the Services and communicate with you about products, services, contests, promotions, incentives, and rewards offered by AG Studio and select partners.
- 4. Track and analyze trends and usage in connection with the Services.
- 5. Process and deliver contests, promotion entries and rewards.
In all cases of data access and collection, the information you provide will not be disclosed, rented, leased, loaned, sold, or otherwise voluntarily distributed to unaffiliated third parties and will be used solely for the purpose of providing you with and improving the Service.
You may opt out of such communication either by unsubscribing on the Platform itself, or by contacting the customer services team and placing a request for unsubscribing by sending an email to ichihime18818@gmail.com
OTHER DISCLOSURE OF YOUR PERSONAL INFORMATION
- You understand and agree that we may be required to disclose any personal information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to avoid liability, to comply with legal process, including but not limited to a search warrant, subpoena, statute, or court order, or to protect our rights and property, or that of the public. Note that AG Studio is not required to question or contest the validity of any search warrant, subpoena or other similar governmental request that AG Studio may receive. Additionally, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, customer information may be transferred to AG Studio's successor or assignee, if permitted by and done in accordance with applicable law.
STORAGE AND SECURITY INFORMATION
- ● We store and process your personal information on Google Cloud Services] cloud servers and other cloud service providers. Some of the safeguards that we use are [firewalls and 256 bit data encryption using SSL and AES, and information access authorization controls]. We use reasonable safeguards to preserve the integrity and security of your information against loss, theft, unauthorized access, disclosure, reproduction, use or amendment. To achieve the same, we use reasonable security practices and procedures as mandated under applicable laws for the protection of your information. Information you provide to us may be stored on our secure servers located within or outside India.
- ● You understand and accept that there’s no guarantee that data transmission over the Internet will be completely secure and that any information that you transmit to us is at your own risk. We assume no liability for any disclosure of information due to errors in transmission, unauthorized third party access to our Platform and data bases or other acts of third parties, or acts or omissions beyond our reasonable control and you shall not be entitled to hold the Company responsible for any breach of security.
- ● We will hold the information shared by you in the manner described above for as long as we reasonably require for fulfilling the purpose for which we collected such information. This includes for any regulatory, archival purposes, or to protect/defend the Company from any legal claims by anyone.
- ● Adpia , employees and Adpia’s partners are fobidden from storing any Meta platform data (including technical controls and management).
- Specifically:
- ● Desktop or laptop computer.
- ● Mobile device: mobiles, tablets, etc.
- ● Storage device: hard drive, usb, stick, etc.
To further ensure the safety of our users' personal data, we conduct comprehensive security evaluations of all our applications and games every three months, actively searching for potential vulnerabilities. Additionally, we value and consider contributions from our community to identify and address any security concerns. If you have any information regarding vulnerabilities or security issues, please contact us at:ichihime18818@gmail.com
Our regular frequency of testing is every three to six months Scope of testing across all servers and devices within the organization With ranked issues:
- High severity or critical - Resolved immediately within 3-7 days (including Saturday and Sunday)
- Medium - resolved within (7 days excluding Saturday and Sunday)
- Unresolved (resolved within no more than 15 days)
MULTI-FACTOR AUTHENTICATION POLICY(Version 1.0)- For all Staffs, Guests
- ● Purpose
-
The purpose of this policy is to ensure identification verification by using two or more factors to access Adpia Game Resources.
-
- ● Scope
-
This IT security policy, and all policies referenced herein, shall apply to all staffs of the Adpia Game community, including administrators, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the Adpia Game’s Resources, whether individually controlled, shared, stand-alone, or networked.
-
- ● Policy Statement
- - Users must utilize Multi-Factor Authentication (MFA) to access all IT Resources (e.g., Google Cloud Service, Slack, Google Email, Github).
- - Users must not share individual passcodes or passwords with others.
- - Users may authenticate via push notifications to smartphones and tablets, mobile passcode, SMS passcode, telephone callbacks, or hardware tokens. Should these methods not be available to the User.
- - Information Security and Assurance must approve access to IT Resources that cannot support MFA.
- ● Definitions
-
IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and related materials and services.
-
Multi-Factor Authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
-
- ● Related Policies and Procedures
-
● Implementation Information
Review Frequency: Adpia Administrator Responsible Person: Director, Application Security Approved By: Adpia Administrator Approval Date: August 16, 2020 -
● Implementation Information
Version Date Description Version 1.0 08/19/2020 Initial document -
● Policy Disclaimer Statement
- Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) will only be considered cooperatively between ISA and the requesting entity with sufficient notice to allow for conducting appropriate risk analysis, documentation, review, and notification to authorized Adpia Game representatives where necessary. Failure to adhere to ISA written policies may be met with Adpia Game sanctions up to and including dismissal.
COOKIES
- We use data collection devices such as cookies on certain pages of our Websites. Cookies are small files sited on your hard drive that assist us to identify you and provide you with customized services, and make the Platform more user friendly. We also offer certain features that are only available through the use of a cookie Cookies can also help us provide information, which is targeted to your interests. Cookies may be used to identify logged in or registered users. Most browsers will permit you to decline cookies but if you choose to do this, it might affect the Services on some parts of the Platform. We might also use other technology to track how you interact with the Platform and/or employ some third party agencies to use the data on our behalf.
EXTERNAL LINKS ON WEBSITES
- ● The Platform may include hyperlinks to other web sites or content or resources (Third Party Site(s)). We have no control over any websites or resources, which are provided by companies or persons other than us. If you choose to use any services provided on a Third Party Site, or by us in partnership with a Third Party Site, then in accordance with your request, we may disclose information to such Third Party Site, and/or grant them permission to collect information about you. Any collection, use, storage and disclosure of such information will be governed by the private policy of such Third Party Site.
- ● You acknowledge and agree that we are not responsible for the availability of any such Third Party Sites, and do not endorse any advertising, products or other materials on or available from such Third Party Sites.
- ● You acknowledge and agree that We are not liable for any loss or damage which may be incurred by you as a result of the non-availability of those external sites or resources, or as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products or other materials on, or available from Third Party Sites. These Third-Party Sites and the entities which operate the same may have their own privacy policies governing the storage and retention of your personal information that you may be subject to. We recommend that when you enter a Third-Party Site, you review the Third Party Site’s privacy policy as it relates to safeguarding your personal information. We use third-party advertising companies to serve ads when you visit the Platform.
ACCESSING AND REVIEWING INFORMATION
- ● Following registration, you can review and change the information you submitted each time. You can change your registration information such as: name, city, state, country, and profile…
- ● You may request us to delete any of the information submitted by you on or through the Platform. Please send us an email or delete your personal data through Platform. We will endeavor to remove all of the information that you have requested us to delete.
- ● To delete the data collected by our Applications and Games in Facebook, you will need to follow the instructions. Please go to privacy management tool for Facebook applications and privacy management tool for Facebook Instant Games. After that, check the game you want to delete data and select Remove; if you want to delete all of data that is relevant to your Facebook account, please check the box Delete posts, videos or events that name of the game you select posted on your timeline.
- ● Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our App from those we actually know are under 13, and no part of our App is structured to attract anyone under 13.
MAINTAINING ACCOUNT RULE
-
Introduction
This policy provides a framework for how user accounts and privileges are created, managed and deleted. It includes how new users are authorised and granted appropriate privileges. This includes how users are reviewed and revoked when necessary, and includes appropriate controls to prevent users obtaining unauthorised privileges or access.
-
Scope
This policy applies to:
- 1. All employees, third parties and suppliers who have access to our data and information systems (GCP account)
- 2. Information systems and services in all business areas.
There are some access roles that require stronger controls than those of standard users.
-
Definitions
-
Users
This is the collective term used to describe those who have access to the information and information systems, outlined in the scope of this policy.
-
Privileged users
A privileged user is a user who has an elevated level of access to a network, data, computer system or application. The privileged user is authorised to perform functions that standard users are not authorised to perform. This includes a ‘standard user’ with approved elevated privileges that allows equivalent access to that of a privileged user.
-
-
Policy statements
-
Principle of least privilege
Access controls must be allocated on the basis of business need and ‘least privilege’. Users must only be provided with the absolute minimum access rights, permissions to systems, services, information and resources that they need to fulfil their business role.
-
User access account management
User account management procedures must be implemented for user registration, modification and de-registration on all information systems.
These procedures must also include processes for monitoring active, redundant and inactive accounts.
All additions, deletions, suspensions and modifications to user accesses should be captured in an audit log, showing who took the action, when and to whatThese procedures shall be performed only by suitably trained, certified and/or authorised employees.
Access control standards must be established for all information systems, at an appropriate level for each system. This minimises information security risks, yet allows the organisation’s business activities to be carried out without undue hindrance.
A review period will be determined for each information system and access control standards will be reviewed regularly at those intervals.
All access to information systems must be controlled by an approved authentication method supporting a minimum of a user ID and password combination that provides verification of the user’s identity.
Users will normally be limited to only one user account for each individual information system for non-administrative purposes. Any variations from this policy must be authorised by the Owner
All users will have a user ID for their sole use for access to all computing services. All individual user IDs must be unique for each user and never duplicated.
All user accounts that have not been accessed for a previously agreed period, without prior arrangement, must be automatically disabled. All administrator and privileged user accounts must be based upon job function and authorised by the Owner
All changes to privileged accounts must be logged and regularly reviewed.
Procedures shall be established for all information systems to ensure that users’ access rights are adjusted appropriately, and in a timely manner, whenever there is a change in business need, a user changes their role, or a user leaves the organisation. Users’ access rights will be reviewed at regular intervals no longer than annually.Access to systems by individual users must be authorised by their manager.
All access will be revoked after 12 months and re-granted by the owner
Each account after leaving the organization will have its rights revoked and be immediately deleted from the IAM system
-
-
Monitoring user access
-
Systems will be capable of logging events that have a relevance to potential breaches of security
-
User access will be subject to management checks.
-
-
Responsibilities
- Owner is responsible for ensuring that the requirements of this policy are implemented within any programme, projects, systems or services for which they are responsible.
- The Security team is responsible for ensuring that a robust checking regime is in place and complied with to ensure that legitimate user access is not abused.
- The Owner may delegate responsibility for the implementation of the policy, but retains ultimate accountability for the policy and associated checking regime.
- Any non-compliance with this policy must be supported by a documented and evidence-based risk decision accepted by the Owner.
-
Managers
- Managers are responsible for ensuring that members of their team have the minimum levels of access to systems they need to perform their job.
- They must authorise the access rights for each individual team member and keep a record of the latest access permissions authorised.
- Managers should ensure that the access rights of people who have a change of duties or job roles or left the organisation are revoked immediately. Managers must also ensure that any access tokens (smartcard/USB dongle) are recovered.
- All managers should review the access levels of their people to ensure they’re appropriate.
-
IT support teams
- IT support teams are responsible for granting access to systems as described in local work instructions. This also includes the use of Role Based Access Controls Matrix in accordance with the relevant procedures.
- IT support teams must evaluate and, if necessary, challenge authorised access to help identify any obvious anomalies in the access levels granted or requested.
-
Exceptions
- Exceptions to the guiding principles in this policy must be documented and formally approved by the owner and Adpia Games.
-
Policy exceptions must describe:
- • the nature of the exception
- • a reasonable explanation for why the policy exception is required
- • any risks created by the policy exception
- • evidence of approval by all appropriate parties
-
Compliance
- Compliance against this policy will be assessed regularly.
- Any violation of this policy must be investigated and may result in disciplinary action being taken.
- Review of this document: annually by the Adpia Games
- Next review date: August 19, 2021
USER ACCESS CONTROL POLICY
- Only our employees with authorized accounts and certified PCs are allowed to access game projects through the internal connection for the purpose of interacting with and utilizing the source code. We have stringent security measures in place to prevent fraud, and project permissions are granted strictly. Regular checks are conducted to ensure compliance. If any suspicious activity is detected, immediate actions will be taken, including revoking permissions and conducting investigations into the account holder.
CHANGE
- We have the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our App. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.
YOUR ACCEPTANCE OF THESE TERMS
- By using this App, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our App. Your continued use of the App following the posting of changes to this policy will be deemed your acceptance of those changes.
- We do not represent or warrant that our Apps will be available at all times, or that your use of the Apps will be uninterrupted or error-free. We are not responsible for your ability to access the Apps or for matters beyond our control. This Privacy Policy is governed by VietNam law, excluding its provisions on choice of law.
CONTACTING US
If you have any questions about this Privacy Policy, the practices of this App, or your dealings with this App, request to delete your data, please contact us at: ichihime18818@gmail.com