Privacy Policy

Effective Date: January 11, 2025

This Privacy Policy (hereinafter referred to as the "Policy") applies to the collection, use, storage, and sharing of personal information by Shearwater Data LLC (hereinafter referred to as "we," "us," or the "Company") through its official website (https://www.shearwatergames.com) and affiliated services. This Policy strictly complies with the requirements of the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the California Online Privacy Protection Act (CalOPPA), aiming to protect the privacy rights of California residents (hereinafter referred to as "you").

I.Scope and Purpose of Information Collection

1. Actively Collected Information

- Personal Identifiers: Name, email address, phone number, mailing address, social media accounts, and copies of government-issued identification (if applicable).

- Device and Behavioral Data: IP address, browser type, device model, operating system, browsing history, clickstream data, page dwell time, and geolocation (with your authorization).

- Financial Information: Payment card numbers, bank account details (collected only during subscription services or product purchases, and encrypted).

- Sensitive Personal Information (as defined by CPRA): Race, religious beliefs, health status, biometric data (e.g., fingerprints, facial recognition), and precise geolocation (with explicit authorization).

2.Passively Collected Information

Technical data automatically collected through cookies, pixel tags, local storage (e.g., browser cache), including session IDs, advertising identifiers (e.g., IDFA), and device advertising IDs.

3.Purpose of Information Collection

- To provide, maintain, and optimize website services (e.g., user registration, content access);

- To process transactions and fulfill contractual obligations (e.g., product delivery, service subscriptions);

- To send marketing communications (subject to your prior consent or compliance with CCPA "opt-out" rules);

- To ensure website security, prevent fraud, and mitigate abuse;

- To comply with legal obligations (e.g., tax reporting, court subpoenas);

- To conduct internal research for product and service improvement (separate authorization required for anonymized data usage).

II. Information Sharing and Disclosure

1.Third-Party Sharing

- Service Providers: Cloud storage providers (e.g., AWS), payment gateways (e.g., Stripe), and email marketing platforms (e.g., Mailchimp) receive only the minimum data necessary to perform their duties, and sign data protection agreements.

- Business Partners: Joint marketing activities require prior disclosure of partner identities and data sharing scope; you may withdraw consent at any time via the "Do Not Accept" option.

- Legal Requirements: Information may be disclosed in response to government investigations, court orders, or to protect the Company, users, or public safety.

2.Data Sales and "Opt-Out" Rights

Under CCPA, you have the right to opt out of the sale of your personal information at any time via the "Do Not Sell My Personal Information" link or by calling the dedicated line (1-971-363-5655). We pledge not to discriminate against you for exercising this right, including denying services or increasing prices. "Sale" includes exchanging personal information for monetary or other consideration, including targeted advertising partnerships.

3.Sensitive Personal Information Handling

The collection, use, or sharing of sensitive personal information requires your explicit consent. We will not use sensitive information for advertising purposes unless explicitly authorized.

III. Consumer Rights and Exercise Methods

1.Right to Access

You have the right to request, free of charge, up to twice per year, the categories of personal information collected in the past 12 months, specific information content, sources, business purposes, and third-party sharing lists. Responses will be provided within 45 days, extendable to 90 days with written notice.

2.Right to Delete

You may request the deletion of collected personal information. We will complete deletion within 15 business days (excluding legal retention periods) and notify third parties to cease use.

3.Right to Correct

If information is found to be inaccurate or incomplete, you may submit a correction request, which will be verified and updated.

4.Right to Restrict Processing

Under specific circumstances (e.g., during abuse complaints), you may request the suspension of personal information processing.

5.Right to Data Portability

You have the right to obtain a copy of your personal information in a structured, commonly used, and machine-readable format for transfer to another service provider.

6.Exercise Methods

Submit requests through the website’s "Privacy Center," email [email protected], or mail to:

Shearwater Data LLC

Attn: Privacy Officer

4407 Yardarm Ct, Soquel, CA 95073 US

Requests must include your name, contact information, specific rights claimed, and request details. For identity verification, proof of identity (notarized for sensitive requests) may be required.

IV. Data Security Measures

1.Technical and Organizational Safeguards

- Sensitive data is stored using AES-256 encryption, and TLS 1.3 is used for transmission;

- Implement access controls (role-based permissions), multi-factor authentication, regular security audits, and penetration testing;

- Employees undergo annual privacy and security training and sign confidentiality agreements;

- Maintain an incident response plan to notify affected users of data breaches within 72 hours.

2.Data Minimization and Retention Periods

Only the minimum data necessary to achieve collection purposes is collected, with regular cleanup of expired information. Personal information is retained no longer than necessary to fulfill collection purposes, except where legally required (e.g., tax records retained for 7 years).

V. Children’s Privacy Protection

We do not knowingly collect personal information from children under 13. If information from a user under 13 is discovered, it will be deleted immediately, and the account terminated. California parents or guardians may contact us to request deletion of a minor’s information.

VI. Third-Party Links and Content

The website may contain links to third-party websites (e.g., social media, partner sites). These third parties are not bound by this Policy, and we are not responsible for their privacy practices. We recommend reviewing their privacy policies.

VII. Policy Updates and Notifications

This Policy is reviewed at least every 12 months. Significant changes (e.g., expanded purposes of information use, new third-party sharing) will be announced 30 days in advance via website notices, email, or prominent pop-ups.

VIII. Contact Us

For questions about this policy or privacy practices, contact:

Email: [email protected]

Phone: 1-971-363-5655 (Monday-Friday, 9:00 AM-5:00 PM PST)

This Policy is governed by California law, and all interpretations are reserved by Shearwater Data LLC.