Privacy Policy — Arrow Flow: Path Puzzle
Effective: May 15th, 2026
What Information Do We Collect?
When you open Arrow Flow: Path Puzzle, certain information is gathered in the background — things like your device type, how long you use the app, and basic network details. We group this into:
Automatically collected
| Category | Examples |
|---|---|
| Network & device | IP address, device type, operating system version, browser or WebView details where applicable |
| Identifiers | Device identifiers such as GAID and ANDROID_ID; session and install-related identifiers where permitted |
| Usage data | Screens viewed, session length, interaction timestamps, feature usage, crash reports, and diagnostic logs |
| Mobile context | Device model, carrier or connectivity type, language and region settings |
Collected only with your permission
Depending on your choices and platform settings, we may also process:
- Advertising identifiers (for example GAID or IDFA) for ads and measurement
- Engagement metrics used to improve puzzles, difficulty tuning, and stability
- PayPal account email and name — solely where you choose PayPal for withdrawals or rewards payouts
What Do These Terms Mean?
- Application
- Arrow Flow: Path Puzzle, the software you download and use on your device
- Company
- The entity that operates the Application and decides why and how personal data is processed
- Personal data
- Any information relating to an identified or identifiable individual
- Usage data
- Information generated automatically when you interact with the Application or our backend services
- Device
- Any phone, tablet, or similar hardware you use to access the Application
- Service provider
- A vendor that processes personal data on our instructions (for example hosting, analytics, or advertising)
- Account
- A profile or credential set you create, where the Application offers account-based features
How Is Your Data Used?
Your data powers core functions (gameplay, synchronization, optional accounts), communications (support, important notices), and improvements (analytics, reliability). Specifically, we use personal data to:
- Operate the service — deliver levels, save progress where applicable, and keep servers available
- Authenticate and preferences — manage logins, settings, and in-app choices you save
- Process payouts — complete PayPal withdrawals you initiate, subject to fraud checks
- Communicate — respond to support requests and send service-related messages
- Analyze and improve — understand aggregate usage, fix bugs, and plan updates
- Show ads — where enabled, work with ad partners and mediation platforms
- Legal and safety — detect abuse, enforce terms, and comply with applicable law
- Business transitions — support mergers, acquisitions, or reorganizations involving the Application
International Data Transfers
Personal data may be processed in countries other than where you live. Where required, we rely on appropriate safeguards (such as standard contractual clauses) and technical measures so that your personal data remains protected to a comparable standard.
Traffic to our services uses TLS 1.2 or higher in transit, and we limit access according to role and need.
How Long Do We Store Your Data?
Retention follows the principle of necessity. Personal data is kept only while needed for the purposes in this policy. In particular:
- After 90 consecutive days of inactivity in the Application (no meaningful session or sync attributable to your account or device profile, where we can determine it), we delete associated personal data from our primary systems, except where a longer period is required by law or dispute resolution.
- Usage data may persist in aggregated or de-identified form that does not identify you.
- Backups may retain residual copies for a limited technical window before automatic purging.
What Rights Do You Have?
Depending on your location, data protection laws grant you specific rights over your personal data — including access, correction, deletion, and opt-out choices. The table below summarizes major frameworks; it is not an exhaustive list of every national law.
CCPA / CPRA
- Right to Know (categories, sources, purposes)
- Right to Delete
- Right to Correct
- Right to Opt-Out of sale / sharing for cross-context behavioral advertising (where applicable)
- Right to Limit Use of Sensitive Personal Information (where applicable)
- Right to Non-Discrimination
GDPR
- Access
- Rectification
- Erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability (where technically feasible)
- Withdraw consent (where processing is consent-based)
VCDPA
- Confirm processing and access
- Correct inaccuracies
- Delete
- Data portability
- Opt out of targeted advertising, sale, and profiling (as defined by law)
- Appeal our response to a request
To exercise any of these rights, email meccawksa@gmail.com from an address you control and describe your request with enough detail for us to verify and fulfill it.
How Can You Opt Out?
Personalized ads (device settings)
- Android: Open Settings → Google → Ads → enable Opt out of Ads Personalization (wording may vary by OS version).
- iOS / iPadOS: Open Settings → Privacy & Security → Apple Advertising → turn off Personalized Ads. On older versions, look for Limit Ad Tracking under Privacy → Advertising.
“Do Not Sell or Share” (California and similar states)
Email meccawksa@gmail.com with the subject line “Do Not Sell” or use any in-app privacy controls we provide. We will not discriminate against you for exercising these rights.
Automated decision-making
We do not use automated decision-making or profiling that produces legal or similarly significant effects solely by automated means in connection with Arrow Flow: Path Puzzle.
Disclosure & Legal Bases
- Business transactions: Personal data may be transferred as part of a merger, acquisition, or asset sale, subject to appropriate notices where required.
- Law enforcement: We respond to lawful requests from public authorities, including courts and regulators, when legally compelled.
- Safety and integrity: We may disclose limited data to prevent fraud, protect users, or defend our legal rights.
Where Does Your Data Go? (Analytics & Endpoints)
Primary service endpoint
Core Application traffic — including configuration, gameplay-related requests, updates, and related telemetry permitted by your device — may be sent to:
https://pejoi.afopp.com/
We use this infrastructure for reliable delivery of content, anti-abuse signals, and operational analytics in line with this policy.
Security practices
- Encryption in transit
- TLS 1.2+ for connections to our services and industry-standard configurations for partner SDKs where they terminate TLS.
- Access controls
- Role-based access, least-privilege accounts, and logging of administrative access where appropriate.
- Vendor oversight
- Data processing agreements or equivalent terms with processors that handle personal data on our behalf.
- Assessments
- Periodic review of security practices; no method of storage or transmission is 100% secure, but we use commercially reasonable safeguards.
Third-Party & Advertising Partners
We may display advertisements through mediation networks (for example AppLovin MAX and integrated demand partners). Partners may receive limited technical data to select, deliver, and measure ads.
Typical categories shared
- Advertising identifiers (resettable in device settings)
- Device attributes (model, OS, language, approximate region)
- App session metrics (frequency, duration, ad impressions and clicks)
- Fraud and measurement signals required by the ad stack
What we do not intentionally share for ads
- Passwords or authentication secrets
- Contents of private messages you send to support (except as needed to handle that ticket)
- Precise GPS coordinates collected solely for ads (we do not request location solely for advertising in the baseline permission set below)
Partner privacy policies (full list)
Each partner processes data under its own notice. Review their policies for details:
Why Does the App Need Permissions?
Arrow Flow: Path Puzzle requests Android permissions only when a corresponding feature or SDK requires them. Purposes may evolve slightly with updates; the Play listing and system prompts remain authoritative.
| Permission (Android) | Typical purpose | Data implications |
|---|---|---|
INTERNET | Connect to https://pejoi.afopp.com/, ads, and updates | Network traffic metadata |
ACCESS_NETWORK_STATE | Adapt behavior to Wi-Fi vs cellular | Connection type / status |
ACCESS_WIFI_STATE | Stability checks on Wi-Fi | Wi-Fi status (not your browsing) |
AD_ID / ad ID access | Personalized or contextual ads, frequency capping | Resettable advertising ID |
VIBRATE | Haptics for interactions | None stored remotely for this alone |
ACCESS_ADSERVICES_TOPICS | Privacy Sandbox topics signal (where supported) | Topics API output |
ACCESS_ADSERVICES_ATTRIBUTION | Attribution APIs (where supported) | Attribution payloads |
BIND_GET_INSTALL_REFERRER_SERVICE | Understand install source / campaign | Referrer parameters |
BIND_APPHUB_SERVICE | Ad mediation / hub integrations where used | Ad-related parameters |
ACCESS_ADSERVICES_AD_ID | Ad services identifiers on supported devices | Ad services ID |
FOREGROUND_SERVICE | Critical foreground work when declared | Depends on feature; often none beyond operational logs |
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION | Internal broadcast security pattern | None by itself |
Is Your Data Safe?
Security isn’t an afterthought — we encrypt personal data in transit with modern TLS, restrict internal access to authorized personnel, and require partners who process personal data to maintain reasonable safeguards. No online service can promise perfect security; if we become aware of an incident that affects your personal data, we will follow the notification approach described below.
What About Children?
Arrow Flow: Path Puzzle is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has provided personal data, contact meccawksa@gmail.com and we will take steps to delete it promptly, subject to legal retention obligations.
Third-Party Links & Web Content
The Application may open links to third-party sites (for example support pages or partner offers). Those sites have their own privacy practices. We are not responsible for their content or policies; please read their notices before you submit personal data.
Data Breach Notification
If we discover a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data, we will investigate promptly, mitigate harm, and notify affected users and regulators where required by applicable law — typically without undue delay and, where GDPR applies, within 72 hours of becoming aware for controller notification to authorities, alongside direct user notice when high risk to individuals is likely.
Do Not Track (“DNT”) Signals
There is no universally adopted standard for how mobile apps should interpret browser-level DNT signals inside embedded web views. We currently do not respond to DNT signals in a standalone, standardized way beyond honoring platform ad choices (for example limiting ad tracking or personalized ads through iOS and Android settings) and any applicable opt-out rights you exercise by email as described above.
California “Shine the Light”
California Civil Code § 1798.83 permits California residents to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes as defined in that law without appropriate choice mechanisms; you may still contact meccawksa@gmail.com with questions.
Will This Policy Change?
- Updated versions will be posted with a new effective date at the top of this page.
- Where changes are material, we will provide additional notice when required (for example an in-app message or email).
- Continued use after the effective date may constitute acceptance where permitted by law; if you disagree, you should stop using the Application and uninstall it.
How Can You Reach Us?
Privacy inquiries for Arrow Flow: Path Puzzle:
Email: meccawksa@gmail.com
In-app: Settings → Help & Support (if available in your build)
Response time: We aim to acknowledge and substantially respond within 48 hours on business days, complex requests may take longer where verification or legal review is needed.