Privacy Policy — Wildborn

Last updated: 29 March 2026 (rev 5)
Effective date: March 2026

This privacy policy explains how Right Advance Digital Ltd collects, uses, and protects your data when you use the Wildborn mobile game (“App”). We have written it in plain language so you can understand exactly what happens with your information.

1. Data Controller

We are the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
ICO registration reference: ZC102846

For data protection queries, contact the directors at privacy@rightadvancedigital.com.

2. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we process your data on the following legal bases:

Lawful Basis	Data Processed	Why
Consent (Art. 6(1)(a))	Analytics events, personalised advertising	You opt in via our consent screen. You can withdraw consent at any time in the App’s settings.
Contractual necessity (Art. 6(1)(b))	Gameplay save data, cloud sync, account data	Required to provide the game service you have chosen to use.
Legitimate interest (Art. 6(1)(f))	Anti-cheat validation, server-side purchase verification, non-personalised advertising	Our legitimate interest in maintaining game integrity and supporting the App with advertising revenue. We have conducted a Legitimate Interest Assessment for each of these purposes, which is available on request. These interests do not override your rights — you can object at any time (see Section 10).
Legal obligation (Art. 6(1)(c))	IAP receipts (tax and accounting records), consent records (GDPR compliance)	We are required by law to retain financial transaction records and evidence of consent.

3. What Data We Collect

Automatically collected

Anonymous user ID — a randomly generated identifier created on first launch. This is not linked to your name, email, or device identity.
Gameplay data — your save file including scores, unlocked cryptos, run history, gem balance, and egg inventory. Required for the game to function.
Session information — app version, device platform (e.g. Android or iOS), session duration, and a randomly generated session identifier used to group events within a single play session. Each event is timestamped. We also calculate the number of days since you first launched the App. No other device-level information is collected automatically.

Collected with your consent

Analytics events — screen views, actions (run distance, coins collected, eggs hatched, abilities used), and errors. Analytics events include a one-way hashed version of your user ID (pseudonymous — cannot be reversed to identify you). Only collected if you have opted in.
Ad interaction data — ad views and reward claims. Personalised ad data is only collected with your explicit consent.

Collected when you make a purchase

Purchase records — IAP receipts and gem transaction history. Payment card details are handled directly by Google Play or Apple App Store — we never see or store them.

Optionally collected

Email address — only if you choose to link your account for recovery purposes. Stored by our authentication provider (Supabase) and used only for account recovery.

Consent records

Age declaration, consent state, and timestamps — recorded to demonstrate our compliance with UK GDPR.

Not collected

Your real name
Location data
Contacts or camera access
Payment card details (handled by Google Play or Apple App Store)

4. How We Use Data

Gameplay: To save and restore your game progress across sessions via cloud sync
Analytics: To understand how players interact with the game so we can improve it (consent required)
Daily missions and notifications: To deliver daily missions and egg hatch notifications
Advertising: To display ads that support the App (personalised ads require consent; non-personalised ads are shown based on legitimate interest)
Purchase validation: To verify in-app purchases server-side and prevent fraud
Anti-cheat: To validate gameplay data server-side and maintain game integrity
Legal compliance: To retain financial records and consent evidence as required by law

We do not sell your data. We do not share it with third parties for their own marketing purposes.

We may use aggregated, non-identifying analytics data to improve the game experience for all players (for example, adjusting difficulty or feature placement). This does not constitute profiling as defined under Article 4(4) of UK GDPR, as no decisions are made about individual users based on automated processing of their personal data.

5. Data Retention Periods

We retain your data only as long as necessary for the purpose it was collected:

Data Type	Retention Period	Reason
Gameplay save data	Until you delete your account	Required to provide the game service
Anonymous user ID	Until you delete your account	Linked to your save data
Analytics events	90 days (rolling)	Sufficient for gameplay analysis and improvement
Ad interaction data	90 days (rolling)	Consistent with analytics retention
IAP receipts and purchase records	7 years from date of transaction	UK tax and accounting obligations (HMRC)
Consent records	Duration of your account + 6 years after deletion	Required to demonstrate GDPR compliance and defend against potential claims within the statutory limitation period
Email address (if provided)	Until you delete your account or unlink your email	Only retained while needed for account recovery

When you use the “Delete My Data” feature, all data except legally required records (IAP receipts and consent records) is deleted within 30 days.

6. International Data Transfers

Your data is processed in the following locations:

Processor	Location	Safeguard
Supabase (auth, database, edge functions)	EU (AWS eu-west-1, Ireland)	Data remains within the EU. UK adequacy decision for EU applies.
Google (AdMob, Play Store)	US/EU	EU-US Data Privacy Framework; Standard Contractual Clauses
Apple (App Store)	US/EU	Standard Contractual Clauses
Cloudflare (website, DNS, email)	Global edge network	Standard Contractual Clauses
Firebase (beta app distribution)	US/EU	EU-US Data Privacy Framework; Standard Contractual Clauses

The UK has adequacy decisions in place for the EU/EEA. Where data is transferred to the US, our processors maintain certification under the EU-US Data Privacy Framework or rely on Standard Contractual Clauses (SCCs) to ensure your data receives equivalent protection.

In the event that any adequacy decision or transfer mechanism relied upon above is invalidated, we will promptly implement alternative safeguards (such as Standard Contractual Clauses or equivalent measures) to ensure your data continues to receive adequate protection. If no adequate safeguard can be implemented, we will cease the relevant data transfer.

7. Third-Party Processors

We use the following third-party processors. Each has a Data Processing Agreement (DPA) in place:

Processor	Purpose	Data Shared
Supabase Inc.	Authentication, database, edge functions	All server-side data (anonymous user ID, save data, analytics, purchase records)
Google (AdMob)	Advertising	Device identifier, ad interaction data
Google (Play Store)	App distribution and billing (Android)	Purchase data
Apple (App Store)	App distribution and billing (iOS)	Purchase data
Cloudflare Inc.	Website hosting, DNS, email routing	Web traffic to our website
Firebase (Google)	Beta app distribution	Device information, app version

Our processors may engage sub-processors to assist in providing their services. We review our processors’ sub-processor lists periodically. If a change in sub-processors materially affects where or how your data is processed, we will update this policy accordingly.

8. In-App Purchases

Purchases are processed by Google Play or Apple App Store depending on your platform. We do not store or process payment card details. Purchase receipts are validated server-side for fraud prevention and retained as a financial audit trail for 7 years (see Section 5). Gem balances resulting from purchases are stored in your cloud save.

9. Advertising

The App displays ads served by Google AdMob. There are two types:

Non-personalised ads — shown based on general context, not your personal data. Displayed under our legitimate interest basis.
Personalised ads — tailored to your interests based on your activity. Only shown to users aged 16 and over who have given explicit consent via our consent screen.

Users aged 13–15 are shown non-personalised ads only. The App is rated 13+ and is not available to users under 13 (see Section 12).

You can change your advertising preferences at any time in the App’s settings.

10. Your Rights

Under UK GDPR (Articles 15–22), you have the following rights:

Right	What It Means	How to Exercise It
Access (Art. 15)	You can request a copy of all personal data we hold about you.	Contact us at privacy@rightadvancedigital.com
Rectification (Art. 16)	You can ask us to correct inaccurate data.	Contact us at privacy@rightadvancedigital.com
Erasure (Art. 17)	You can ask us to delete your data.	Use “Delete My Data” in the App’s settings, or contact us
Restriction (Art. 18)	You can ask us to limit how we process your data while a concern is being resolved.	Contact us at privacy@rightadvancedigital.com
Data portability (Art. 20)	You can request your data in a machine-readable format.	Contact us at privacy@rightadvancedigital.com
Object (Art. 21)	You can object to processing based on legitimate interest (including non-personalised ads and anti-cheat).	Contact us at privacy@rightadvancedigital.com
Automated decision-making (Art. 22)	You have the right not to be subject to decisions based solely on automated processing.	We do not use automated decision-making that produces legal or similarly significant effects.

To withdraw consent for analytics or personalised advertising, use the settings screen in the App at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

We may ask you to verify your identity before processing a rights request, to protect your data from unauthorised access.

We will respond to all rights requests within one month. If your request is complex, we may extend this by a further two months, but we will let you know within the first month.

11. Right to Complain

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk
Helpline: 0303 123 1113

You are free to contact the ICO at any time. However, we welcome the opportunity to address your concern directly — please contact us at privacy@rightadvancedigital.com.

12. Children’s Privacy

Wildborn is rated 13+ and is not intended for children under 13. The App is listed as age 13+ on the App Store and Google Play Store.

We do not knowingly collect personal data from children under 13. If you believe a child under 13 is using the App, please contact us at privacy@rightadvancedigital.com and we will delete their data promptly.

Players aged 13–15:

Personalised advertising is disabled regardless of consent — only non-personalised ads are shown
Analytics require opt-in consent
In-app purchases are available, subject to any parental controls configured on their device

Our practices are designed to align with the principles of the UK Age Appropriate Design Code (Children’s Code). We apply age-appropriate defaults for younger users and minimise data collection across all age groups.

13. Notifications

The App may send local push notifications for:

Egg hatch timers
Daily mission reminders

You can disable these at any time in your device settings or within the App’s settings screen. These notifications are generated locally on your device — no data is sent to our servers.

14. Data Storage and Security

Game progress is stored:

Locally on your device
In the cloud via Supabase (EU-hosted), linked only to your anonymous user ID

We protect your data using industry-standard security measures, including but not limited to:

Encryption at rest and in transit
Token-based authentication with secure local storage
Access controls on all database tables
Principle of least privilege for all service accounts
No personally identifiable information in application logs

We regularly review and update our security practices to reflect current best practices and evolving threats.

15. Data Deletion

Selecting “Delete My Data” in the App’s settings will:

Delete your local save file
Delete your cloud save record
Delete your anonymous Supabase account
Delete your analytics data

Once confirmed, deletion is processed within 30 days and cannot be reversed. We recommend backing up any information you wish to keep before requesting deletion.

Note: IAP receipts are retained for 7 years and consent records for 6 years after deletion, as required by law (see Section 5).

16. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, providing details of the breach and the steps we are taking to address it.

17. Changes to This Policy

We may update this policy from time to time. When we do, we will:

Update the “Last updated” date at the top of this page
Increment our internal CONSENT_VERSION, which triggers a re-consent prompt in the App

Material changes to this policy will trigger a re-consent prompt in the App. You will be given the opportunity to review changes and provide fresh consent where required before data processing under the updated policy begins. If you do not provide consent, data processing activities that require your consent will cease, but the App may continue to function with reduced features.

18. Contact

Right Advance Digital Ltd
Registered in England and Wales, company number 17048101
Registered address: 2 Monks Farm Cottage, St Marys Lane, Upminster, Essex, RM14 3PF
Email: privacy@rightadvancedigital.com
Website: https://rightadvancedigital.com
Privacy policy URL: https://wildborn.pages.dev/
Terms of Service: https://wildborn.pages.dev/terms