Privacy Policy
Last updated: May 1, 2026
This Privacy Policy explains how the Viking Adventure mobile application and any related online services that we operate to support the game (together, the “Service”) collect, use, share, and protect personal information. It works alongside our Terms of Service; if there is a conflict on data-protection topics, this Policy prevails to the extent required by law.
By using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree with it, please do not use the Service.
1. Who is responsible for your data
In this Policy, “we,” “us,” and “our” refer to the operator of Viking Adventure and its backend services, who is the controller of the personal data described below. If we provide a legal entity name, registered address, or contact email inside the app (Settings / About / Support), that information identifies the controller for formal correspondence.
2. What information we collect
We collect only what we need to run the game, secure your account, and improve the Service.
2.1 Account and authentication data
You provide this directly when you register or sign in:
- Username and display name
- Email address
- Password (stored using industry-standard one-way hashing; we do not store passwords in plaintext)
- Email verification status
We also generate or store on our systems:
- Authentication tokens and session identifiers
- Short-lived password-reset tokens
2.2 Gameplay and progression data
We collect this automatically as you play:
- Game state snapshots and progression (e.g., unlocked levels)
- Run or session identifiers
- Scores and timing
- Difficulty preferences
- In-game events submitted in connection with a run
- Leaderboard entries, where you participate in features that publish scores
2.3 Technical and operational data
Automatically collected when the app communicates with our servers:
- App version and platform type (iOS, Android, etc.)
- Network-related diagnostics when requests fail (e.g., HTTP status, error codes)
- Timestamps of requests
- Error and crash information
- IP address as observed by our servers when you make requests
We do not collect precise location, advertising identifiers, contacts, photos, microphone input, or other device data unless a future feature explicitly requests permission.
2.4 Story or narrative content (if enabled)
If a feature in the Service generates or fetches stories or similar content, the inputs you provide and the outputs returned to you may be processed on our servers to deliver that feature. We may retain limited records of these interactions to enforce these and the Terms, comply with law, and improve safety and quality where permitted.
2.5 Information stored on your device
The app may store data locally on your device:
- Authentication tokens in the platform’s secure storage
- Preferences and settings
- Cached game assets for performance and offline play
This data stays on your device unless you explicitly send it (for example, by playing online).
2.6 What we do not do
- We do not use third-party advertising SDKs in the current dependency set of the Service.
- We do not sell your personal information.
- We do not build profiles of you for advertising purposes.
- We do not share your data with cross-context behavioural advertising networks.
If any of this changes in a future release, we will update this Policy and, where required, ask for your consent before the change takes effect.
3. How we use your information
We use the categories above for the following purposes:
| Purpose | Categories used |
|---|---|
| Creating and securing your account | 2.1, 2.3 |
| Signing you in and keeping sessions valid | 2.1, 2.5 |
| Saving your progress and providing gameplay features | 2.2, 2.5 |
| Scoring, leaderboards, and fair-play integrity | 2.2, 2.3 |
| Delivering story or narrative features you invoke | 2.4 |
| Troubleshooting, debugging, security monitoring | 2.3 |
| Preventing fraud, abuse, and unauthorised access | 2.1, 2.3 |
| Communicating service messages (e.g., security or legal notices) | 2.1 |
| Improving game balance, performance, and compatibility | 2.2, 2.3 |
| Complying with legal obligations | any of the above as required |
We do not use your data for personalised advertising or for sale to data brokers.
4. Legal bases for processing (EU/EEA/UK)
If you are in the European Union, the European Economic Area, the United Kingdom, or another region with comparable laws, we rely on the following legal bases under Article 6 GDPR (and equivalent):
- Performance of a contract (Art. 6(1)(b)) — to provide the Service to you (account, gameplay, progression).
- Legitimate interests (Art. 6(1)(f)) — to keep the Service secure, prevent abuse, debug issues, operate fair-play, and improve the Service. We balance these interests against your rights and freedoms.
- Legal obligation (Art. 6(1)(c)) — to comply with applicable law (for example, retention required by accounting or security regulations).
- Consent (Art. 6(1)(a)) — where we ask for it explicitly, for example for an optional feature or marketing communication you opt into. You can withdraw consent at any time without affecting prior processing.
5. Who we share data with
We do not sell your personal information. We share it only in the situations below.
5.1 Service providers (processors)
We use third-party service providers to run the Service on our behalf, for example:
- Cloud infrastructure (compute, storage, databases, content delivery)
- Transactional email delivery (account verification, password reset)
- Error and operational monitoring
These providers process data only on our instructions and under written agreements that require appropriate technical and organisational safeguards.
5.2 Legal and safety disclosures
We may disclose information if we believe in good faith that disclosure is necessary to:
- Comply with a law, regulation, court order, subpoena, or other legal process.
- Enforce our Terms of Service, including investigation of potential violations.
- Detect, prevent, or address fraud, security, or technical issues.
- Protect the rights, property, or safety of users, the public, or us.
5.3 With your consent or at your direction
We may share your information for other purposes if you ask us to or have given us your consent.
6. International data transfers
Our servers and the servers of our service providers may be located outside the country where you live. By using the Service you understand that your data may be transferred to and processed in those countries.
7. How long we keep your data
We keep personal data only as long as needed for the purposes described in this Policy.
- Active accounts: for as long as you keep your account.
- Deleted accounts: account data is removed by our deletion process; brief soft-delete and backup retention may apply during which the account is recoverable, then data is permanently removed.
- Authentication and session tokens: short-lived; expired tokens are routinely cleaned up.
- Gameplay progression and scores: while your account exists, plus archival as needed for leaderboard integrity.
- Operational and security logs: the shortest period necessary for debugging and incident response, rotated regularly.
- Records required by law (e.g., accounting): for the minimum period required by the applicable law.
Where we are required to retain data longer than the above for legal claims or regulatory obligations, we retain only what is necessary for that specific purpose.
8. How we protect your data
We apply technical and organisational measures appropriate to the risk, including:
- Encryption in transit (TLS) for traffic between the app and our servers, and between our backend services.
- Encryption at rest for data stored in our managed databases and object storage, using cloud-provider managed keys.
- One-way hashing for passwords; we never store passwords in plaintext.
- Network segmentation and least-privilege access between our internal services.
- Audit logging for sensitive operations.
- Patching and dependency monitoring of our open-source dependencies.
No system is perfectly secure. We cannot guarantee that unauthorised access will never occur, but we work to detect, respond to, and where required notify you and regulators of incidents.
9. Children’s privacy
The Service is not directed to children under the age of 13 (or the equivalent minimum age in your country, where higher). We do not knowingly collect personal information from children below that age.
If we become aware that we have collected personal information from a child below that age, we will take reasonable steps to delete it.
10. Cookies and similar technologies
The Viking Adventure mobile application does not use HTTP cookies. It stores certain data locally on your device as described in Section 2.5 (authentication tokens, preferences, cached assets) — strictly to provide the features you have requested.
The Viking Adventure website at vikingadventure.dvagolab.com is a static informational site. It does not set cookies, does not use analytics, and does not load third-party scripts.
If we add features in the future that use cookies or comparable technologies, we will update this Policy and, where required, present a consent mechanism.
11. Third-party links
The Service and the website may contain links to third-party websites — for example, artist or licensor pages in our Credits section. We do not control those sites. Their privacy practices are governed by their own policies, which we encourage you to read.
App store providers (Apple, Google, etc.) operate their own platforms and have their own privacy notices that apply to your use of those platforms.
12. Changes to this Policy
We may update this Privacy Policy from time to time. When we do, we update the “Last updated” date at the top. If changes are material, we will provide additional notice (for example, in-app notice) and, where required, obtain your consent.
We encourage you to review this Policy periodically.