Data protection and privacy policy Updated 05/08/2025
The purpose of this data protection and privacy policy (hereinafter the “Policy”) is to explain the purposes, terms and conditions for carrying out the processing of personal data by the following companies acting as data controller (hereinafter the “Data Controller”):
HIDESEEK GAMES LIMITED, a company registered under the laws of the Republic of Ireland, registered at the Companies Registration Office under number 760 481, with a registered office at Connaught House, 1 Burlington Road, Dublin 4, Dublin, D04 C5Y6, IRELAND and MONEYTIME, SAS, head office 209 ROUTE DE LA CIOTAT 13400 AUBAGNE, FRANCE, 977 626 175.
Data Controller runs mobiles games and an application called “Moneytime” and a loyalty program (hereinafter the “Program”) (https://www.moneytime.dev/loyalty-program-rules) for the games referenced in it.
In the context of their use of the mobile applications “Moneytime” and the games referenced in it eligible to the Program (hereinafter the “App”), the data controller collects and processes personal data concerning users of the App (hereinafter the “User(s)” or the “Data Subject(s)” or “You”).
The Data Controller is concerned about protecting the privacy and personal data of Data Subjects, so that it has adopted and respect the Policy in compliance with the applicable regulation.
Upon their use of the App, the Users can access this Policy at any time at the following link: https://www.moneytime.dev/privacy-policy
The Data Controller may modify this Policy at any time. The most current version applies to the Data Subjects once they have been informed of the modified Policy.
1. Data Controller
Hideseek Games Limited and Moneytime are the Data Controller of personal data collected and processed concerning Users, as part of their use of the App.
The Data Controller is the person or entity which determines the terms and purposes of the processing of personal data. The Data Controller takes responsibility for the processing of personal data that it implements and is the main contact for Data Subjects so that they can obtain information or assert their rights.
The Data Controller can be contacted using the contact details provided at article 10 “Contact” of this Policy.
2. Collection of personal data
2.1. Source of personal data
The Data Controller collects the personal data concerning the Users directly from the Users:
‐ When they download the App,
‐ When they register or log in on the App,
‐ When they use the App,
‐ When they use their camera from the App,
‐ When they apply for a cash out within the framework of the Loyalty Program,
‐ When they reach out to the Data Controller.
2.2. Compulsory nature of the provision of personal data
The provision of certain data is required in order to use the App.
The mandatory information to provide is indicated on the payout form by an asterisk or by the mention “required information”. Failing to provide this information, the Data Controller will not be able to proceed with the necessary verifications and with the payout.
Other data are optional and are only processed by the Data Controller when they are communicated spontaneously by the Data Subject.
Nevertheless, to be eligible to the Program, access to the following data is mandatory:
IP address, location, date and time, time zone, mobile device identifier, advertising identifier, Moneytime User Id.
If you are aged under 18 you must not use the app as it is not designed for you. We do not intend to collect the personal data of anyone under 18. If you are aware that any personal data of anyone under 18 has been shared with the app, please let us know so that we can delete that data.
2.3. Data accuracy
The Data Controller makes its best efforts to keep the personal data of Data Subjects accurate and complete. To ensure that the data concerning them is up to date, Data Subjects can contact the Data Controller using the contact details mentioned at article 10 “Contact” of this Policy.
3. Purposes and legal basis for data processing
The Data Controller processes personal data of Data Subjects pursuant to the following legal basis and for the purposes described hereunder:
As part of the performance of a contract with the Data Subject or in order to take steps at the request of the Data Subject prior to entering into a contract:
‐ the communication and acceptance of the terms and conditions of service and the communication of the present Policy;
‐ the provision of the App pursuant to the terms and conditions of service;
‐ the calculation of loyalty coins;
‐ the payment of User’s reward;
‐ the communication with Users, including following up on any potential complaints;
‐ the administrative Users management.
As part of the Data Controller’s legal obligations:
‐ the compliance with any legal or regulatory obligations to which the Data Controller may be subject, such as (without limitation) the tax declaration relating to transactions and the retention of invoices;
‐ accounts keeping;
‐ the management of Data Subjects requests regarding their rights pursuant to the applicable data protection regulation;
‐ the response to any request or order from a judicial or administrative authority.
As part of the legitimate interest pursued by the Data Controller, while respecting the rights and freedoms of the Data Subject:
‐ the contacts between the Data Controller and the Users or the prospective Users who have reached out to the Data Controller (the Data Controller’s legitimate interest is to promote and improve its services by responding to questions and communications from Data Subjects);
‐ the sending of newsletters, push notifications and other marketing communications to existing or past Users that already benefited from the payment of reward (the Data Controller’s legitimate interest is to promote its services);
‐ the maintenance and improvement of the App (the Data Controller’s legitimate interest is to develop its activity and improve its services);
‐ the detection, investigation, prevention or actions regarding illegal activities, abuse, breach of the Terms and Conditions or the Loyalty Program Rules or suspected fraud (the Data Controller’s legitimate interest is to prevent fraud and prohibit any illegal activities, as well as to enforce and execute its rights);
‐ the collection of proof in case of any litigation (the Data Controller’s legitimate interest is to enforce and execute its rights);
‐ the protection and defense of its rights and interests before the competent courts, jurisdictions or authorities (the Data Controller’s legitimate interest is to enforce and execute its rights).
With the User’s consent:
‐ the collection of a photography and a scan of facial geometry of the Users to check that they are real Users and not bots and to check their identity before paying any reward, for the purposes of the Data Controller’s legitimate interest mentioned above to prevent fraud and illegal activities;
‐ the sending of newsletters, push notifications and other marketing communications to Users prior to the payment of any reward.
‐ in extraordinary circumstances, if the Data Controller wishes to process personal data for new purposes that may not be compatible with those mentioned above, the Data Controller will do so on the basis of the Data Subject’s consent.
4. Categories of personal data
A. General
The Data Controller may collect and process the following categories of personal data:
‐ When communicating with the Data Controller: first and last name, email, and any other information communicated spontaneously by the Data Subject.
‐ When downloading the App: required information are transmitted to the app store chosen. In particular, IP address, location, date and time, time zone, mobile device identifier, advertising identifier (e.g. Google advertising ID) and your internet service provider. You can find the stores privacy policies directly on their website.
‐ In order to receive payment of payout: first and last name, email. The purpose is to pass this information to the external payment service provider. The payment providers are either PayPal: 2211 N 1st St, San Jose, CA, USA (https://www.paypal.com/us/legalhub/privacy-full) or Tangocard: 4700 42nd Ave SW #430, USA (https://www.tangocard.com/legal/privacy-notice). We also collect the transactions IDs. Please note that we do not process your payment data and bank account details but use external providers that handle the payments.
We also collect a photography and a scan of facial geometry to confirm your identity and that you are a real individual and not a bot and to confirm that you have created only one account and not multiples ones. Consequently, the App requests access to your device’s camera for verification purposes. This is facilitated via Facetec which helps us verify the account authenticity. You can read their privacy policy here: https://dev.facetec.com/privacy-sdk.
‐ For marketing communications: first and last name, email.
‐ When using the App: we collect automatically information such as IP address (including approximate location and country), exact geolocation data (including longitude and latitude), mobile device identifier, advertising identifier (e.g. Google advertising ID) or other unique identifiers from third parties, data about your operating system, device model and device language, log data. This can be modified using your settings in your device and in the App. We also use Usercentrics as CMP (https://usercentrics.com/privacy-policy/).
- In order to detect fraud and prevent it, gaming behaviour and IP addresses are evaluated. If we detect a fraudulent behaviour, Data Subjects are partially or completely excluded from using the App.
B. Specifics terms for photography and a scan of facial geometry
To activate the Moneytime cash-out feature for the first time, you must scan your face with your device camera via FaceTec. This produces (a) a biometric template unique to you and (b) a facial photograph. We use these items to:
Verify you are a real person
Prevent fraud: compare your template with those submitted by other users in the past four months to deter multiple-account abuse (we store templates for that same four-month period)
Your biometric template and photo are stored on servers rented from AWS.
Except as stated here, we do not sell, lease, trade, or otherwise profit from your biometric data or photos.
C. California users
These California-specific terms add to our main privacy policy and apply only to people who live in California. In the past 12 months we have disclosed and “sold” (as defined in the CCPA) California consumers’ personal information to third parties for business or commercial purposes.
When California residents use our apps, we may gather information set out below.
Type of Personal Data:
Sources from which we obtain information:
Business or commercial reasons for collecting, using and sharing information:
Provided to these categories of third-party recipients for business purposes:
Provided to the following categories of third parties:
Personal and online identifiers (such as unique online identifiers, IP address)
Consumers
Marketing; Advertising; Authentication; Identity resolution; Fraud detection; Fulfillment services; Facilitating transactions; Auditing related to our interactions with you; Legal compliance; Detecting and protecting against security incidents, fraud, and illegal activity; Debugging; Performing services (for us or our service providers) such as account servicing, processing orders and payments, and analytics; Internal research for technological improvement; Internal operations; Activities to maintain and improve our services; and Other one-time uses
Affiliates; Service providers; and Government agencies
Advertising/marketing companies; Advertising networks; Social networks
Internet or other electronic network activity information (such as interactions with an application, or advertisement)
Consumers; Service Providers
Marketing; Advertising; Authentication; Identity resolution; Fraud prevention; Fulfillment services; Facilitating transactions; Auditing related to our interactions with you; Legal compliance; Detecting and protecting against security incidents, fraud, and illegal activity; Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics; Internal research for technological improvement; Internal operations; Activities to maintain and improve our services; and Other one-time uses
Affiliates; Service providers
Advertising/marketing companies; Advertising networks; Social networks
Commercial or transactions information (such as records of personal property or products or services purchased, obtained or considered; purchasing or consuming histories or tendencies)
Consumers; Service Providers; App store providers
Fulfillment services; Facilitating transactions; Auditing related to our interactions with you; Debugging; Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics;Internal research for technological improvement; Internal operations; Activities to maintain and improve our services;and Other one-time uses
Affiliates; Service providers; App store providers
Geolocation information
Service Providers
Marketing; Advertising; Fulfillment services; Facilitating transactions; Auditing related to our interactions with you; Legal compliance; Debugging; Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics; Internal research for technological improvement; Internal operations; Activities to maintain and improve our services; and Other one-time uses
Affiliates; Service providers
Advertising/marketing companies; Advertising networks; Data analytics providers; and Social networks
Inferences drawn from the above information about your predicted characteristics and preferences
Consumers
Marketing; Advertising; Legal compliance; Detecting and protecting against security incidents, fraud, and illegal activity; Debugging; Performing services (for us or our service provider) such as account servicing, processing orders and payments, and analytics; Internal research for technological improvement; Internal operations; Activities to maintain and improve our services; and Other one-time uses
Affiliates
Some of the ways we disclose information are treated as “selling” or “sharing” under the CCPA. For cross-context behavioural advertising or other sales we may disclose:
Identifiers
Internet or other electronic-network activity
Geolocation data
We share or sell these categories mainly to third-party advertisers and analytics providers so we can show you relevant ads, run marketing campaigns, perform analytics, improve our services and carry out reporting, attribution and market-research tasks. We have no actual knowledge of selling or sharing the personal information of users under 18.
5. Recipient of personal data
The personal data collected and processed by the Data Controller may be transferred to, only to the extent necessary for the purposes referred to in article 3 of this Policy:
‐ Affiliates;
‐ authorized individuals among employees, interns, temporary workers, mandataries and other agents of the Data Controller who need to have access to these data for the purposes mentioned above;
‐ third party service providers, either data controller or data processor, used by the Data Controller to achieve the purposes described in article 3 of this Policy, which are: AWS (hosting provider), Facetec (ID authentication service provider) and Usercentrics (consent management platform);
‐ third party service providers used by the Data Controller for analytics purposes and third party partners involved for advertising purposes including without limitation, Google, Facebook (including their sub-contractors) who will use your data, amongst other things, to review and improve their products and services, to help them identify new products and services, for statistical analytical purposes and for the purpose of directly marketing their products and services to you, subject to you consenting to their private policies as presented in each of their websites. You can read the list of these third parties, access to their privacy policy and allow them or not to process your personal data at any time through Usercentrics’ consent management platform inapp in the settings (https://usercentrics.com/privacy-policy/) ;
‐ police services as well as administrative and/or judicial authorities (or in general any public bodies when the Data Controller is under a legal obligation to do so);
‐ Data Controller’s insurance company, lawyers and legal advisors as needed and in order to enforce and execute its rights and protect its interests;
‐ any new owner or shareholder in case of any merger or acquisition operation.
We recommend reviewing each partner’s privacy notice to learn how they handle your data, the legal grounds they rely on, and the choices they offer for managing that processing. Because our partners act as separate, independent controllers, we are not responsible for their data-handling practices.
Advertising partners
Advertising partners are companies whose code we integrate into our app so they can deliver ad services within our inventory—helping to show you ads that are most relevant to your interests.
Our Advertising partners include:
Brand Name
Privacy Policy Link
AdColony
https://www.adcolony.com/privacy-policy/
AdMob
https://policies.google.com/privacy?hl=en
Google Ads
https://policies.google.com/privacy?hl=en
AppLovin
https://www.applovin.com/privacy/
Audience Network
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Bidmachine
https://bidmachine.io/privacy-policy/
ChartBoost
https://answers.chartboost.com/en-us/articles/200780269
Digital Turbine
https://www.digitalturbine.com/privacy-policy/
Facebook Ads
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Fyber
https://www.digitalturbine.com/privacy-policy/
InMobi
https://www.inmobi.com/privacy-policy
Iron Source
https://www.is.com/privacy-policy/
Liftoff
https://liftoff.io/privacy-policy/
Mintegral
https://www.mintegral.com/en/privacy/
Mistplay
https://www.mistplay.com/legal/privacy
Moloco
https://www.moloco.com/privacy-policy
Pangle
https://www.pangleglobal.com/privacy
Tapjoy
https://www.is.com/privacy-policy/
Unity Ads
https://unity.com/legal/privacy-policy
Liftoff
https://liftoff.io/privacy-policy/
Data processing partners
Data-processing partners are firms that build and maintain demographic and interest profiles—drawing on device IDs, location details, and other personal data—to help us refine and improve our products and services for you.
Our Data Partners include:
Brand Name
Privacy Policy Link
Amplitude
Redshift
https://aws.amazon.com/compliance/data-privacy/
Usercentrics
https://usercentrics.com/privacy-policy/
Tableau
https://www.salesforce.com/ap/company/privacy/
Thinking Data
Onesignal
https://onesignal.com/privacy_policy
AWS Athena
https://aws.amazon.com/compliance/data-privacy/
Adjust
Firebase
https://policies.google.com/privacy
Google Analytics
https://policies.google.com/privacy
6. Data hosting and transfer outside the European Economic Area
The personal data collected and processed by the Data Controller are hosted by an external service provider, AWS, which servers are located in the USA.
Some personal data may also be transferred to third party service providers mentioned above outside of the European Economic Area (hereinafter the “EEA”), mostly to the USA. You can find the location of the processing of personal data by these third parties inapp in the settings of usercentrics (https://usercentrics.com/privacy-policy/). Some personal data may be transferred to our maintenance providers in Ukraine and Estonia.
As an entity based in the EEA, the Data Controller must comply with GDPR standard.
If the personal data, for which the Data Controller is responsible, is transferred outside the EEA (for instance to a service provider or data processor), where the GDPR is not applicable, in order to ensure a data protection equivalent to that offered in the EEA, data transfer outside the EEA would be either:
‐ In destination to a country having received an equivalence decision by the European Commission, which is the case for the transfers to the USA pursuant to the Data Privacy Framework;
‐ To an entity that has adopted binding rules compliant with GDPR; or
‐ Regulated by contractual provisions based on the standard clauses published by the European Commission.
7. Data security
The Data Controller implements and maintains appropriate security measures in order to ensure a level of security of personal data adapted to the risk of personal data breach, in line with the state of the art in computer science.
The Data Controller notifies the competent supervisory authority, and where required the Data Subjects, of any personal data breach within the required time period after becoming aware of it, unless applicable legislation does not provide to do so.
8. Data retention
The Data Controller retains the personal data of Data Subjects for the time necessary to achieve the purposes pursued, if applicable increased by the legal periods for archiving and retention, and/or increased by the limitation periods if needed. At the end of these periods, personal data will be either deleted or irreversibly anonymized by the Data Controller.
‐ The retention period depends on the type of personal data and the purpose pursued. The retention period is determined in particular according to the following criteria:
‐ The duration of the contractual relationship with the User;
‐ The regularity of the use of the App by the User;
‐ The regularity of the contacts with the Data Controller;
‐ The existence of legal or contractual obligations requiring the Data Controller to retain the data;
‐ The existence of a retention period specially defined by the applicable regulations (for example requirement to keep invoices for 10 years); and
‐ The type of personal data in particular those requiring special attention and precautions (such as banking information).
In this context, the Data Controller applies the following retention periods:
‐ Personal Data concerning Users are kept for the entire duration of the contractual relationship with the User, which is equivalent to the time during which the User holds the App on any device. However, the Data Controller deletes or anonymizes the Personal Data of any User who uninstalls the App from all devices or does not use the App for a period of three (3) years, subject to the following provisions.
‐ Personal Data necessary for marketing purposes will be kept at the latest for (3) three years following the term above and/or following the last interaction with the Data Controller concerning marketing contents.
‐ Personal data required for our opposition list will be kept for five (5) years from the date of your opposition.
‐ The data will then be irreversibly deleted or anonymized by the Data Controller, unless this data must be retained for accounting purposes, in the context of legal obligations, dispute resolution, recovery or fraud prevention. In those cases, the data will be kept for the period required by law or for the applicable limitation periods, usually five (5) years..
‐ Invoices are kept for a period of ten (10) years from their date of issuance.
‐ Photographs and scans of facial geometry are stored as long as the User use the App but usually for three (3) months from their collection. Photographs and scans of facial geometry are irreversibly deleted by appropriate means at the end of this retention period or when you uninstall the App.
For more information regarding the retention period of personal data, Data Subjects are invited to contact the Data Controller using the contact details provided at article 10 below.
8. Data Subjects rights
A. General
Data Subjects have the following rights pursuant to applicable regulation:
Right to information: Data Subjects have the right to obtain information from the Data Controller relating to the processing of personal data concerning them.
Right of access: Data Subjects have the right to obtain confirmation from the Data Controller that their personal data are or are not processed, and when they are, access to the personal data that is processed, as well as information relating to the purposes of such processing.
Right of rectification: Data Subjects have the right to obtain from the Data Controller, as soon as possible, the rectification of their personal data that they consider to be inaccurate.
Right to erasure: Data Subjects have the right to obtain from the Data Controller the erasure of their personal data, except when the processing is based on a legal obligation. In addition, when the processing is necessary for the performance of a contract, the Data Controller will not be able to perform the said contract nor to implement the services concerned in the event of erasure.
Right to limitation of processing: Data Subjects may obtain from the Data Controller the limitation of the processing of their personal data, except when the processing is based on a legal obligation. In addition, when the processing is necessary for the performance of a contract, the Data Controller will not be able to perform the said contract nor to implement the services concerned in the event of limitation of the processing.
Right to object: Data subjects have the right to object at any time, for reasons relating to their particular situation, to the processing of their personal data, except when the processing is based on a legal obligation. In addition, when the processing is necessary for the performance of a contract, the Data Controller will not be able to perform the said contract nor to implement the services concerned in the event of opposition to the processing of personal data.
Right to portability: Data Subjects have the right to receive from the Data Controller, the personal data concerning them, or to ask the Data Controller to send to a third party the personal data concerning them, in a structured, commonly used and machine-readable format.
Right to withdraw consent: Data Subjects have the right to withdraw their consent to the processing of their data if this processing is based on consent. Withdrawal of this consent does not affect the lawfulness of processing based on consent given before its withdrawal.
Right to op-out : You can op-out from any data sharing and use of data (including emails and newsletters) by typing the link in the app’s Settings to make your choice. You may also send an opt-out preference signal through our websites or mail.
Right to organize the fate of their personal data after their death: Data Subjects can define general or specific post-mortem instructions, relating to the conservation, erasure and/or communication of their personal data after their death.
Right to lodge a complaint with a supervisory authority: Without any prejudice to any other administrative or judicial remedy, Data Subjects have the right to lodge a complaint with a supervisory authority if they consider that the processing personal data concerning them constitutes a violation of the applicable regulations.
In Ireland, the supervisory authority is the Data Protection Commission, which head office is located at 6 Pembroke Row, Dublin 2, D02 X963, Ireland, and which website is accessible at the following address: www.dataprotection.ie
Users are however invited to contact the Data Controller prior to making any complaint to a supervisory authority or before initiating any other administrative or legal action.
Data Subjects may exercise these rights through the Data Controller (at the contact details indicated at Article 9 “Contact” below), free of charge, except in case of manifestly unfounded, excessive or repeated requests, in which case charges may be applied.
We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us. We may use Email Marketing Service Providers to manage and send emails to You.
B. Photography and a scan of facial geometry
Depending on your location, you may be entitled to:
Access – see the biometric data we hold and learn how it has been used or shared
Correction – ask us to amend inaccurate or incomplete records
Deletion – request that we erase your biometric data, subject to legal exceptions
Withdrawal of consent – revoke permission for future collection or use (which will disable FaceTec features)
C. California & US based Users
This are applicable for US based users:
you have several rights regarding your personal information:
Right to know : You are entitled to request full details of the personal information we hold about you, including:
Types of data gathered: the categories of personal information we have collected.
Where it came from: the sources from which we obtained each category of data.
Why we use it: our business or commercial reasons for collecting, selling, sharing, or otherwise disclosing the information.
Who receives it: the categories of third parties with whom we share personal information.
Sales or sharing details: for every category of data that has been sold or shared, the types of third parties that received it.
Business disclosures: for every category of data disclosed for a business purpose, the types of recipients involved.
Exact data items: the specific pieces of personal information we have collected about you.
Right to delete : You may ask us to erase the personal information we hold about you, except where specific legal exceptions apply.
Right to correct : You may ask us to amend any personal data we hold about you that you believe is incorrect.
Right to op-out : You can tell us not to sell your personal data or share it for cross-context behavioural advertising. Simply tap the “Opt-Out” link in the app’s Settings to make your choice. You may also send an opt-out preference signal through our websites or mail.
Right to non-discrimination : We won’t treat you unfavorably or penalize you for using your privacy rights.
To invoke your privacy rights, send an email to contact@moneytime.dev with “CCPA and US Rights Request” in the subject line. We’ll first need to confirm who you are—typically by comparing the information you provide with the data in our records. If we can’t verify your identity, we may be unable to act on your request. You can use the same address to seek disclosures under California’s Shine the Light law.
9. Contact & DPO
For more information on the data processing concerning them or to exercise their rights, the Data Subjects may contact the Data Controller using the following contact details:
Address: Connaught House, 1 Burlington Road, Dublin 4, Dublin, D04 C5Y6, IRELAND.
Email: contact@moneytime.dev
You can also contact our DPO at raffaello@hideseek.lol.