Original Effective Date: December 10, 2023
Last Updated: June 12, 2025
Cygames, Inc., as well as its subsidiaries and affiliated entities (“Cygames,” “we,” or “us”), takes the protection of your personal data very seriously. The following privacy policy (the “Privacy Policy”) will provide you with information about personal data that we collect and how it is processed and used.
PLEASE READ THIS PRIVACY POLICY CAREFULLY BECAUSE, BY USING THE SERVICES, YOU CONSENT TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY AND TO OUR PROCESSING OF PERSONAL DATA FOR THE PURPOSES STATED BELOW. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.
In order to ensure the secure processing of your personal data, we have implemented all safeguards required by law.
This Privacy Policy applies only to services related to “Shadowverse: Worlds Beyond” controlled by Cygames (the “Services”).
We may collect the following personal data:
Personal data is collected directly from you, collected indirectly from service providers and platforms and other third parties, or inferred from collected data.
We use cookies in the Services.
Cookies are small text files that websites send to your device for the purpose of keeping records. Cookies identify your device and, typically, your web browser. Some cookies are necessary to operate our website (e.g., establishing sessions), while other cookies provide enhanced functionality, gather analytical data to improve performance, enable us or our AdTech partners to deliver personalized advertisements by tracking you across the Internet, or enable sharing via social media.
You can choose whether to allow us or third parties (e.g., our analytics, AdTech, and social media partners) to set cookies which are not strictly necessary for the functioning of our website via the cookie banner and settings provided on our website.
Please be aware that when we talk about “cookies,” this term also includes other technologies (such as pixel tags and web beacons) which have the same purpose as the cookies described in this Privacy Policy.
First-party cookies are put on your device directly by the website you are visiting.
Third-party cookies are placed on your device, not by the website you are visiting, but by a third party such as an advertiser or a provider of analytics software.
If you would like to know the details of our use of cookies or change settings for the use of cookies, please refer to our Cookies Settings.
You may also set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. If you do so, you may not be able to take advantage of the personalized features enjoyed by other users of the Services.
We engage in targeted advertising and use advertisers to serve advertisements on and off our Services. These third parties use cookies and similar technologies to collect or receive information from our Services and elsewhere on the Internet and use that information to provide you with targeted ads. You may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out via their official website (https://optout.networkadvertising.org/?c=1), or of companies participating in the Digital Advertising Alliance program by opting out here: https://optout.aboutads.info/?c=2&lang=EN. You can also use the Digital Advertising Alliance mobile app, available on the App Store, Google Play, and Amazon’s Appstore, to control interest-based advertising on apps on your mobile device. Mobile app guidance is available here: https://digitaladvertisingalliance.org/app.
Additionally, we use Google Analytics. Google Analytics is a web analytics service provided by Google LLC (“Google”) which collects anonymous statistical and analytical information about how our users use the Services. For example, Google gathers and aggregates data on page views and clicks within the Services. These analytics are not used to track your journey to other websites or to identify you. The information generated by the Google Analytics cookies about your use of the Services (including your IP address) will be transmitted to and stored by Google on servers in the United States.
You can find a more detailed account of Google’s privacy policy here:
https://policies.google.com/privacy?hl=en
Instructions on how to opt out of Google Analytics using a specific plug-in are available at the following link: https://tools.google.com/dlpage/gaoptout. Note that this opt-out is specific to Google activities.
We use Google Analytics for Firebase and Firebase Crashlytics. Google Analytics for Firebase is a web analytics service provided by Google which collects anonymous statistical and analytical information about how our users use the Services. Firebase Crashlytics is provided by Google and collects information about the device on which you are using the Service, information about crash conditions, and other information. The collection and use of device and other information is governed by the Firebase Policy, available at the following link: https://firebase.google.com/support/privacy.
We also use Adjust, an advertisement tracking tool for smartphone apps provided by Adjust GmbH. This tool makes it possible to measure and analyze the effectiveness of smartphone advertising. Adjust collects personal information as described below and aggregated information (information about groups or categories of persons, which does not identify and cannot reasonably be used to identify an individual person). Adjust uses IDFA, GPS, ADID, and log files to help the app analyze how users use the app. The information held in log files includes the user's IP address, internet service provider, and date/time stamp, as well as user activity. Furthermore, Adjust utilizes a variety of tracking methods to collect information.
You can find a more detailed account of Adjust’s privacy policy here: https://www.adjust.com/terms/privacy-policy.
We use Datadog, which is provided by Datadog, Inc., in conjunction with the use of the Services. Datadog is a service that acquires anonymized system log information issued in conjunction with the use of the Services and measures the your activity history, etc.
You can find a more detailed account of Datadog’s privacy policy here: https://www.datadoghq.com/legal/privacy/.
Our online services are not designed to respond to “Do Not Track” requests from browsers. However, you may communicate your privacy preference via the Global Privacy Control opt-out preference signal. To install Global Privacy Control, which is a device-specific browser or browser extension, please visit their official website (https://globalprivacycontrol.org/).
We may process your personal data for the purposes described below:
Provision of your personal data is mandatory in some cases, such as for a statutory reason, contractual requirement, or a requirement necessary to enter into a contract. We may be unable to provide our service to you if you don’t provide such personal data.
We may share or disclose your personal data specified in Article 2 (Personal Data Collected (Categories and Sources of Personal Data)) to the extent necessary with or to third parties for the following purposes:
No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information that you transmit to us, and you understand that any information that you transfer to Cygames is transmitted at your own risk. Cygames specifies rules for the protection of personal data, and incorporates appropriate administrative, technical, organizational, and physical security measures that are required under applicable regulations. We use firewalls to protect your information from unauthorized access, disclosure, alteration, or destruction. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of said firewalls and secure server software.
If we learn of any security systems breach, we may attempt to notify you electronically so that you can take the appropriate protective measures. By using the Services or providing personal data to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. We may post a notice on our Services if a security breach occurs. We may also send an email to you at the email address you have provided to us.
We respect the rights you have under the personal data protection regulations applicable to you. You may demand the disclosure of, correction of, addition to, or deletion in the content of; stoppage or elimination of usage of; or stoppage of third-party provision of your personal data or disclosure of records for the provision of your personal data to third parties pursuant to the Act on the Protection of Personal Information of Japan. In addition to these rights, other rights may be granted to you under the applicable personal data protection regulations of other countries, as may be applicable. For example, in accordance with personal data protection regulations of an applicable country, you may be granted the following rights, and if the conditions prescribed by such personal data protection regulations are satisfied, we will comply with your exercise of such rights.
If you wish to exercise any of the foregoing rights, please inquire with us using the contact information stated in Article 17 (Contacting Us). In order to confirm your identity, it may be necessary for us to ask for specific information from you. In addition, in order to streamline correspondences from us, we may contact you to ask for additional information in connection with your inquiry.
Further, you may directly file a complaint with the relevant supervisory agency in connection with our processing of your personal data.
Access to your account and our Services is sometimes only possible through the use of an individual user ID and password. To protect the confidentiality of personal data, you must keep your password confidential and not disclose it to any other person. Please note that we will never ask you to disclose your password in an unsolicited phone call or email. CYGAMES IS NOT RESPONSIBLE FOR ACTIONS TAKEN REGARDING YOUR ACCOUNT WHILE A USER IS LOGGED IN USING YOUR USER ID AND PASSWORD.
We retain personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for compliance and protection purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Personal data which you choose to provide to us will be stored in Japan. We may transfer (by any means including sending or allowing access) that information to countries or areas outside of the country or area where you live in accordance with applicable laws and regulations. At this moment, we transfer personal data to Japan and the United States. In addition, our service providers also use cloud servers provided by AWS, and your personal data may be processed in any of the regions or edge locations stated in the page below:
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Such personal data may be processed by such parties for the term necessary to fulfill purposes specified in Article 7 (Disclosure to Third Parties).
Please note that any information you include in a message you post to any chat room, forum, or other public posting area is available to anyone with Internet access. If, for example, you do not want people to know your email address, do not include it in any message you post publicly. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION IN CHAT ROOMS, FORUMS, AND OTHER PUBLIC POSTING AREAS. WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF THE INFORMATION THAT YOU DISCLOSE IN CHAT ROOMS, FORUMS, AND OTHER PUBLIC POSTING AREAS.
This Privacy Policy applies solely to information collected on the Services. The Services may contain links to other web services. We are not responsible for the privacy practices or the contents of these other web services.
We reserve the right to change this Privacy Policy from time to time. When we do, we will also revise the “last updated” date at the top of this Privacy Policy. For some changes to this Privacy Policy we may attempt to obtain your consent before implementing the change by placing a notice on the Services. The continued use of the Services following such notice will be viewed as consent to such changes unless otherwise specified.
If we learn that we have collected personal data from a child under the age of 13 without legal grounds, we will delete the information as quickly as possible. If you believe that we may have any information from or about a child under the age of 13 without legal grounds, please contact us by email at 
.
If you have any questions about this Privacy Policy, our privacy practices, or regarding information on or the correction, blockage, or deletion of data, please contact us by email at .
For residents of the European Economic Area and the UK, the following shall also apply.
We will always process your personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). We process your personal data for the purposes stipulated in the following paragraphs based on the legal grounds listed below.
We process your personal data because it is necessary for the performance of a contract or in order to take steps at the request of the data subject (that is, you) prior to entering into a contract (Article 6(1)(b) of the GDPR).
We process your personal data because it is necessary to do so in order to pursue our legitimate interests (Article 6(1)(f) of the GDPR).
We process your personal data based on your consent (Article 6(1)(a) of the GDPR).
The above legal grounds shall include the following purposes:
If an adequacy decision is made with respect to a third country, we share or disclose your personal data to a person in that third country on the basis of the adequacy decision (Article 45 of the GDPR). For transfer to Japan, we will transfer your personal data based on the adequacy decision for Japan (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019D0419&from=EN).
If no adequacy decision is made with respect to a third country, we share or disclose your personal data to a person in that third country by executing with the transferee the standard data protection clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) (Article 46(2)(c) and (5) of the GDPR) approved by the European Commission.
You have the following rights:
For data protection matters, we have appointed Bird & Bird GDPR Representative Services SRL as our representative in the EEA and Bird & Bird GDPR Representative Services UK as our representative in the UK.
You can contact them by email at the addresses listed below. Your message will be forwarded to appropriate members of their data privacy teams.
EEA Residents: EUrepresentative.Cygames@twobirds.com
UK Residents: UKrepresentative.Cygames@twobirds.com
For residents of California, the following shall also apply.
This addendum contains disclosures required by the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA”). We may collect or process various categories of personal data described under the CCPA (“California Personal Data”). Information on the categories of California Personal Data collected and/or whether we sell or share California Personal Data is contained in Sections 2 (Categories of California Personal Data Collected by Us) and 5 (Recipients of California Personal Data) below. Information on the length of time the business intends to retain California Personal Data is contained in Section 6 (Retention Period) below.
Information on your rights regarding your California Personal Data is contained in Section 8 (Your Rights Concerning California Personal Data) below.
We have collected the following categories of California Personal Data from and about you in the preceding 12 months:
In the past 12 months we have collected the California Personal Data specified in Section 2 of this Addendum from the categories of sources as specified in Article 2 (Personal Data Collected (Categories and Sources of Personal Data)) of the Privacy Policy.
We use California Personal Data for the purposes set forth in Article 6 (Use of Personal Data) of the Privacy Policy.
Our business purposes for the use of California Personal Data include:
Our commercial purposes for the use of California Personal Data include advancing commercial or economic interests, such as by inducing consumers to buy or subscribe to goods or services, or enabling or effecting, directly or indirectly, a commercial transaction including distributing targeted advertising.
We have not disclosed California Personal Data to anyone other than service providers under the CCPA.
We have sold/shared the following categories of California Personal Data to the following categories of recipients for the business and commercial purposes listed in Section 4 (Use of California Personal Data) above in the preceding 12 months, namely for purposes of distributing targeted advertising.
| Category of California Personal Data | Category of third parties sold to/shared with |
|---|---|
| Identifiers | Third-party Internet advertising networks that provide you with relevant Internet-based advertisements across the Internet |
| Personal data contained in customer records | N/A |
| Commercial information | Third-party Internet advertising networks that provide you with relevant Internet-based advertisements across the Internet |
| Internet or other similar network activity | Third-party Internet advertising networks that provide you with relevant Internet-based advertisements across the Internet |
| Geolocation data | Third-party Internet advertising networks that provide you with relevant Internet-based advertisements across the Internet |
| Inferences drawn from personal data | Third-party Internet advertising networks that provide you with relevant Internet-based advertisements across the Internet |
We retain California Personal Data for the period explained in Article 11 (Retention Period) of this Privacy Policy.
We do not use or disclose sensitive personal information for any purpose beyond those for which it was provided.
California residents have certain rights with respect to California Personal Data we collect. If you are a California resident, you may exercise the following rights regarding your California Personal Data, subject to certain exceptions and limitations:
To exercise the above rights except for the right to opt out of our sale(s) or sharing of your California Personal Data, please contact us using the information in Article 17 (Contacting Us) of the Privacy Policy and submit the required verification information described below.
To opt out of sales or the sharing of your California Personal Data, please select and implement either of the following measures:
Verification procedures and necessary information: We may request that you provide additional information to verify your identity or to correctly understand, evaluate, and respond to your request, but you are not required to create an account with us in order to have it fulfilled. We ask you to provide specific California Personal Data for our records and reference. We will require you to provide, at a minimum, your name and email address.
Authorized agent: If you are a California resident, you may designate an authorized agent to submit requests on your behalf by designating such an agent in writing. We may require the agent to provide us with proof that you have authorized the agent to make requests on your behalf prior to accepting requests from the agent.
