Service Name: Cops vs Thieves: Run Controller: BNBASSET Co., Ltd. Effective Date: April 1, 2026
This Privacy Policy explains how BNBASSET Co., Ltd. ("Company", "we", "us") collects, uses, stores, and protects personal data in connection with Cops vs Thieves: Run (the "Service").
1. Controller and Contact Details
- Controller: BNBASSET Co., Ltd.
- Representative: BOKKI KIM
- Address: Room 2127, 2F, 25 Sinchon-ro, Seodaemun-gu, Seoul, Republic of Korea
- General Contact: bnbasset83@gmail.com
- Privacy Contact / Data Protection Contact: bnbasset83@gmail.com
2. Categories of Personal Data
We may process the following categories of personal data:
2.1 Account and Profile Data
- email address;
- linked account identifiers;
- nickname, profile settings, country, language, and timezone.
2.2 Gameplay and Service Data
- role profiles, rankings, season history, replay metadata, reward history, and gameplay event logs.
2.3 Device and Technical Data
- IP address, device type, operating system, app version, notification token, access logs, and crash or error logs.
2.4 Third-Party Connected Data
- running or fitness data made available through Apple HealthKit, Samsung Health, Strava, or similar services, but only to the extent you authorize.
3. Purposes of Processing
We process personal data to:
- create and manage user accounts;
- provide gameplay features, rankings, replays, rewards, and related service functions;
- connect external running-data services when requested by the user;
- send service notices and respond to support inquiries;
- detect abuse, investigate fraud, and maintain service security;
- analyze and improve service performance and stability.
4. Legal Bases
Where required by applicable law, we rely on one or more of the following legal bases:
- performance of a contract with you;
- compliance with legal obligations;
- legitimate interests, such as security, fraud prevention, and service operations;
- your consent, where consent is required, including for optional integrations or optional data processing.
5. Sharing of Personal Data
We do not sell your personal data.
As of the Effective Date, we do not intentionally disclose personal data to third parties except:
- where you have given consent;
- where disclosure is required by applicable law or lawful authority;
- where disclosure is necessary to protect rights, safety, or the integrity of the Service.
6. Processors and Outsourcing
As of the Effective Date, the Company does not maintain a separate list of outsourced personal-data processors for Service operations. If this changes, we will update this Policy and disclose the relevant processor information as required by law.
7. International Transfers
As of the Effective Date, the Company does not separately arrange cross-border transfers of personal data to overseas processors or third parties as part of a distinct transfer program. If international transfers become necessary, we will update this Policy and implement any notice, consent, or safeguard requirements that apply.
8. Retention
We retain personal data only for as long as necessary for the purposes described above or as required by law.
- Account and Service records: until account deletion or the end of the relevant purpose
- Contract or withdrawal-related records: 5 years
- Payment and supply records: 5 years
- Consumer complaints or dispute records: 3 years
- Advertising and display records: 6 months
- Access logs: 3 months
9. Security Measures
We apply reasonable administrative, technical, and physical measures to protect personal data, including access controls, logging, security monitoring, and incident response procedures.
10. Rights of Users
Subject to applicable law, you may request:
- access to your personal data;
- correction of inaccurate personal data;
- deletion of personal data;
- restriction or objection to processing;
- withdrawal of consent for processing based on consent.
Requests may be submitted to: bnbasset83@gmail.com
11. Children
Children may use the Service only where permitted by applicable law and, where required, with parent or legal guardian consent. For users in Korea, parental or legal guardian consent is required for children under the age of 14 before personal data is processed.
12. Deletion and Destruction
When personal data is no longer necessary, and no legal retention obligation applies, we delete or irreversibly destroy it using appropriate technical or administrative measures.
13. Account Deletion Support
A public account deletion support page is maintained at the service-domain path `/legal/account-deletion`. Users who cannot access the in-app deletion flow may request deletion by contacting bnbasset83@gmail.com.
14. Policy Updates
We may update this Privacy Policy from time to time. Material changes will be announced through the Service or on the public legal page before they become effective where required by law.