Privacy Policy

Effective date: Aug 15, 2025

1. Introduction

Monterey’s Coast, Inc. ("Company," "we," or "Castle") respects your privacy and is committed to protecting your information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you access our application ("App") or website ("Website"), collectively the "Service."

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service. We may update this Policy and will notify users of material changes via appropriate means.

2. Information We Collect

Information You Provide

  • Contact details: Email and/or phone number, date of birth
  • Parental and child contact details (for users under 13)
  • Account and profile data
  • User-generated content (e.g., decks, comments, chats)
  • Responses to surveys, contests, or support inquiries

Automatically Collected Information

  • Device and browser type, IP address
  • Usage patterns, interactions
  • Cookies and tracking technologies (see Section 6)

Note: We have optional, opt-in-only features that use face-tracking, but we do not process, store, or retain that data on our servers. It never leaves your device.

3. Legal Bases for Processing (EU/EEA Users)

We rely on:

  • Contractual necessity: To provide our Services
  • Consent: For optional features (e.g., email marketing, cookies)
  • Legitimate interests: Service improvement, fraud prevention

You may withdraw your consent at any time at support@castle.xyz.

4. How We Use Information

  • Provide and personalize our Services (e.g., deck suggestions)
  • Communicate with you (e.g., service updates, support)
  • Moderate user-generated content
  • Comply with legal and regulatory obligations
  • Conduct internal research and Service improvement
  • Measure and optimize the performance of ads

We do not use data for behavioral advertising. We do not profile children or target them with ads.

5. Disclosure of Information

We may share data:

  • With service providers (e.g., Amazon, Google)
  • In response to lawful requests from regulators or rights holders
  • To protect users and maintain platform integrity
  • During business transfers (e.g., mergers, sales)
  • With your consent

We do not sell or share your personal information as defined by the California Consumer Privacy Act (CCPA/CPRA) or other applicable state laws. If that changes, we will update this policy and provide a clear opt-out mechanism at that time.

6. Cookies and Pixels

We use cookies and/or web beacons on web for:

  • Service functionality
  • Usage analytics via Google Analytics

You can disable cookies via your browser. Some features may be limited if cookies are disabled.

7. Children and Parental Consent (COPPA & GDPR)

We offer a restricted version of Castle for users under 13. We collect:

  • Email (child and parent), IP, phone, synced contacts (optional)

Parental consent is required before access is granted. Parents may:

  • Review/delete their child's data
  • Withdraw consent at any time via https://castle.xyz/parents

We do not profile or target advertising to children.

8. User Rights

You may request to:

  • Access, correct, or delete your data
  • Port your data
  • Object to or restrict processing

To exercise your rights, email support@castle.xyz.

Users may also appeal moderation decisions by contacting support@castle.xyz.

9. U.S. State Privacy Rights (Including California, Virginia, Colorado, Connecticut, and Others)

Residents of California, Virginia, Colorado, Connecticut, and other U.S. states with comprehensive privacy laws have certain rights regarding their personal information, including:

  • The right to know what personal information we collect, use, and disclose
  • The right to access, correct, or delete personal information
  • The right to data portability
  • The right to opt out of certain uses of personal information (e.g., targeted advertising or profiling, where applicable)
  • The right to limit use and disclosure of sensitive personal information (where applicable)
  • The right not to receive discriminatory treatment for exercising these rights

We do not use or disclose sensitive personal information for the purpose of inferring characteristics about users.

Categories of Personal Information We Collect:

  • Identifiers (e.g., email address, phone number, IP address)
  • App activity (e.g., interactions with our services)
  • User-generated content
  • Geolocation data (derived from IP address)

Purposes of Collection:

  • To provide and improve our services
  • To fulfill your requests
  • To protect the security and integrity of our platform
  • To comply with legal obligations

Data Retention:

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Retention periods vary by data category and usage context.

Methods to Submit a Request:

You may exercise your privacy rights in-app (for deletion) or by emailing us at support@castle.xyz (for all requests). Please include the state you reside in to help us process your request in accordance with applicable laws.

We do not sell or share your personal information as defined by applicable state laws. If that changes, we will update this policy and provide appropriate opt-out mechanisms.

10. EU Digital Services Act (DSA) Compliance

For EU users:

  • We maintain a Notice-and-Action mechanism to report illegal content.
  • We provide Statements of Reasons for content removal.
  • Our recommender system suggests games based on gameplay history and popularity; no profiling is used for personalization.
  • Users may adjust recommendation settings in account preferences.

11. UK Online Safety Act (OSA) Compliance

We:

  • Conduct risk assessments on illegal and harmful content and children’s safety
  • Provide transparent content reporting and moderation appeal processes
  • Embed safety-by-design principles in our features
  • Respond promptly to UK regulator (Ofcom) and rights holder requests

12. Data Security

We use encryption, firewalls, and secure servers to protect your information. Users are responsible for maintaining password confidentiality.

13. Data Retention

We retain personal data only as long as necessary for service delivery, legal compliance, or legitimate business purposes.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by appropriate means, which may include posting a notice in the Service or contacting you via the email associated with your account.

The revision date is posted at the top. Please check periodically.

15. Contact Us

For questions or to exercise your rights, contact: support@castle.xyz.