Christopher's Genie Privacy Policy

1. Introduction

GMI Partners Inc., operating as GMI Studios ("we," "us," or "our"), is committed to protecting the privacy of all players of Christopher's Genie ("the Game"), a free-to-play mobile match-3 puzzle game available on iOS and Android, based on the YouTube series of the same name.

This Privacy Policy explains what information we collect, how we use and share it, your rights and choices, and how we protect your data. This policy applies to all users worldwide, including players in the European Union/EEA, United Kingdom, California (USA), and Canada.

By downloading, installing, or using the Game, you consent to the data practices described in this policy. If you do not agree, please do not use the Game. For questions, contact us at support@gmistudios.io.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: username/display name, avatar selection, guild preferences
• Authentication data: if you sign in with Apple (Apple user ID, and optionally your name and email) or Google Play Games (Google Play Games player ID)
• User-created content: custom levels you build and share within the Game
• Support communications: messages and information you provide when contacting our support team

2.2 Information Collected Automatically

When you use the Game, we and our third-party service providers automatically collect the following:

• Device information: device model, operating system version, app version, platform (iOS/Android), screen resolution, and language settings
• Device identifiers: push notification token, and through our integrated SDKs, advertising identifiers (IDFA on iOS, GAID on Android) when you have granted permission via Apple's App Tracking Transparency prompt or Android's equivalent
• Gameplay data: game progress, scores, achievements, genie collection and upgrades, Blob League rankings, level completion data, session duration, feature usage, and in-game events
• Purchase history: records of in-app purchases (transactions are processed by Apple or Google; we do not receive or store your payment card details)
• Technical and diagnostic data: crash reports, error logs, performance metrics, and loading times
• Approximate location: coarse, city-level location derived from your IP address (used by Mixpanel for analytics geolocation). We do not request device GPS or precise location permissions
• Referral data: when you use or receive an invite link, metadata such as friend codes, invite identifiers, and referral source information is processed through AppsFlyer

2.3 Information We Do NOT Collect

For clarity, we do not collect: precise GPS location, contacts, photos, microphone or camera access, browsing history, phone number, physical address, or financial account information.

3. Third-Party Services and SDKs

The Game integrates the following third-party services, each of which may collect data as described below and in accordance with their own privacy policies:

Each of these services operates under its own privacy policy. We encourage you to review their respective policies for full details on their data practices.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the Game: deliver gameplay, process purchases, manage accounts, and enable features like guilds and the Blob League
• Improve the Game: analyze gameplay patterns, identify bugs, balance game mechanics, and develop new levels and features
• Communications: send push notifications about events, rewards, and updates (with your consent, revocable at any time via device settings)
• Moderation and safety: review user-created content, enforce our Terms of Service, and detect cheating or fraudulent activity using automated tools, gameplay analytics, and manual review
• Attribution and referrals: track where installations come from and manage the invite/referral system
• Diagnostics: monitor crashes, errors, and performance to maintain service quality
• Legal compliance: comply with applicable laws, respond to lawful requests, and protect our legal rights

5. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• With other players: your username, scores, Blob League rankings, guild membership, and user-created levels are visible to other players within the Game
• With service providers: the third-party SDKs listed in Section 3 process data on our behalf for analytics, attribution, error monitoring, hosting, and notifications, under contractual obligations to protect your data
• With platform partners: Apple and Google receive purchase transaction data through their respective app stores
• For legal reasons: when required by law, subpoena, court order, or governmental request, or when necessary to protect our rights, safety, or property
• In a business transfer: if GMI Studios is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred to the acquiring entity. We will provide notice before your data becomes subject to a different privacy policy

6. Advertising Identifiers and Tracking

Christopher's Genie does not display advertisements. However, the Game includes SDKs that may access advertising identifiers for analytics and attribution purposes:

• iOS: The Game uses Apple's App Tracking Transparency (ATT) framework. You will be asked for permission before any tracking occurs. You can change this at any time in your device's Settings > Privacy > Tracking.
• Android: The Google Advertising ID (GAID) may be accessed by integrated SDKs. You can reset or opt out of personalized advertising in your device's Settings > Google > Ads.
• Meta/Facebook SDK: The Meta SDK is configured with automatic app event logging and advertiser ID collection enabled. This data is used for analytics and attribution, not for serving ads within the Game. You can manage your Meta data preferences at facebook.com/adpreferences.

7. Children's Privacy

Christopher's Genie is rated 9+ and may be used by children. We take our obligations regarding children's privacy seriously and comply with COPPA (U.S.), PIPEDA (Canada), GDPR Article 8 (EU/UK), and equivalent child protection laws worldwide.

7.1 Data Collection from Children Under 13

• We do not knowingly collect personal information from children under 13 (or the applicable age of consent in your jurisdiction) without verifiable parental consent
• We do not serve behavioral or targeted advertising to any users, including children
• We minimize the data collected from all users to what is necessary to provide the Game

7.2 Parental Rights

Parents and guardians may at any time:

• Review the personal information we have collected from their child
• Request correction or deletion of their child's data
• Refuse further collection or use of their child's information
• Request that we stop sending push notifications to their child's device

To exercise these rights, contact us at support@gmistudios.io. We will verify the parent-child relationship before processing any request.

7.3 Parental Controls

We strongly encourage parents to use the built-in parental control features on their child's device (Apple Screen Time, Google Family Link) to manage in-app purchases, screen time limits, and app access.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:

• Account and gameplay data: retained while your account is active and for up to 12 months after account deletion to handle any outstanding issues or disputes
• Analytics data: retained in identifiable form for up to 24 months, after which it is aggregated or anonymized
• Purchase records: retained as required by applicable tax and financial reporting laws (typically 7 years)
• Crash and error logs: retained for up to 12 months
• Support communications: retained for up to 24 months after resolution

Upon account deletion, we will delete or anonymize your data within the retention periods above, except where longer retention is required by law.

9. Data Security

We implement technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL)
• Access controls limiting employee access to personal data on a need-to-know basis
• Infrastructure hosted on AWS with industry-standard security practices
• Cloudflare for DDoS protection and web application security
• Regular monitoring through Sentry and Firebase Crashlytics for anomalies

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach affecting your personal information, we will notify you and applicable authorities as required by law.

10. International Data Transfers

GMI Studios is headquartered in Vancouver, Canada. Your data is primarily stored and processed on AWS servers in the US West (us-west-1) region, with additional processing by our third-party providers in various locations globally.

When we transfer personal data outside of your jurisdiction, we rely on the following safeguards:

• Canada: recognized by the European Commission as providing an adequate level of data protection
• United States: transfers to US-based processors (AWS, Mixpanel, Sentry, AppsFlyer, Meta) are governed by Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework, as applicable
• Other lawful transfer mechanisms: recognized under GDPR and applicable data protection laws

11. Your Privacy Rights

11.1 All Users

Regardless of where you live, you may:

• Request access to the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your account and associated data
• Disable push notifications through your device settings at any time
• Manage advertising identifier access through your device settings

To exercise these rights, email support@gmistudios.io. We will respond within 30 days.

11.2 EU/EEA/UK Residents (GDPR)

Under the General Data Protection Regulation, you additionally have the right to:

• Receive your personal data in a structured, commonly used, machine-readable format (data portability)
• Restrict the processing of your personal data in certain circumstances
• Object to processing based on our legitimate interests
• Withdraw consent at any time where consent is the legal basis for processing
• Lodge a complaint with your local supervisory authority

Legal bases for processing: We process your data based on: (a) your consent (for example, push notifications and ATT opt-in), (b) performance of our contract with you (Terms of Service), (c) our legitimate interests in operating, improving, and securing the Game, and (d) compliance with legal obligations.

11.3 California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and California Privacy Rights Act:

• You have the right to know what personal information we collect, use, and disclose (detailed in Sections 2-5)
• You have the right to request deletion of your personal information
• You have the right to opt out of the "sale" or "sharing" of personal information. We do not sell personal information. Our use of analytics and attribution SDKs may constitute "sharing" under CPRA; you may opt out by adjusting your device's tracking settings
• You have the right to non-discrimination for exercising your privacy rights

To submit a verifiable consumer request, email support@gmistudios.io. We will verify your identity before processing.

11.4 Canadian Residents (PIPEDA)

Under PIPEDA, you have the right to access your personal information, challenge its accuracy, and withdraw consent for collection and use. As a Canadian company, we are directly subject to PIPEDA and the oversight of the Office of the Privacy Commissioner of Canada. Contact our Privacy Officer at support@gmistudios.io.

12. "Do Not Track" Signals

Some web browsers transmit "Do Not Track" signals. As a mobile application, Christopher's Genie does not currently respond to browser-based DNT signals. However, you can control tracking through your mobile device's settings as described in Section 6.

13. Third-Party Links and Content

The Game may contain links to external services, including the Christopher's Genie YouTube channel and social media pages. These are outbound links only and do not involve authentication or data sharing. These third parties have their own privacy policies, and we are not responsible for their practices.

14. Changes to This Privacy Policy

This Privacy Policy is effective as of March 16, 2026 and supersedes all prior versions of any privacy policy for the Game. By continuing to use the Game on or after this date, you acknowledge and accept the practices described in this policy.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through an in-game notification or pop-up. The effective date at the top of this policy will be updated accordingly. Continued use of the Game after the effective date constitutes acceptance of the revised policy. If a change materially expands how we use your personal data or reduces your rights, we will seek renewed consent where required by law.

15. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights:

For EU/UK residents, you may also contact your local data protection authority if you believe your privacy rights have been violated.