Privacy Policy

Welcome to FinPintar ("the Game", "we", "us", or "our"). FinPintar is a 2D side-scrolling action RPG developed by FinPintar Studio. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you play our game, visit our website at finpintar.com, or otherwise interact with our services (collectively, the "Services").

We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this policy or our practices regarding your personal information, please contact us at the details provided in Section 12.

We collect information in three ways: information you provide to us directly, information collected automatically, and information from third parties.

2.1 Information You Provide Directly

• Account Registration: When you create an account, we collect your username, email address, and password (stored in hashed form).
• Profile Information: Optional display name, avatar selections, and region preferences.
• Communications: If you contact our support team, we collect the content of your messages, email address, and any attachments you send.
• Feedback and Reviews: Any written feedback, bug reports, or reviews you submit through the game or website.
• Payment Information: If you make in-app purchases, payment processing is handled by third-party processors (e.g., Stripe, Google Pay, Apple Pay). We do not store full payment card details on our servers.

2.2 Information Collected Automatically

• Gameplay Data: Stage progress, scores, inflation rates achieved, items purchased in-game, play session duration, and character build choices.
• Device Information: Device model, operating system version, unique device identifiers, browser type, and language settings.
• Log Data: IP address, access times, pages or screens viewed, links clicked, and referring URL.
• Performance Data: Frame rates, crash logs, and error reports to help us improve game stability.
• Location Data: Approximate geographic location derived from IP address (country/region level). We do not collect precise GPS location.

2.3 Information from Third Parties

• Social Login: If you log in via Google, Apple, or similar services, we receive your public profile information (name, email, profile photo) as permitted by that service.
• Analytics Providers: Aggregated usage data from analytics services to understand how players interact with the game.
• Platform Stores: Basic purchase records and device information from Google Play, Apple App Store, or Steam.

We use the information we collect for the following purposes:

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service Providers: We share data with trusted third-party vendors who assist us in operating the Services (e.g., cloud hosting, payment processing, analytics, email delivery). These providers are contractually obligated to protect your data and use it only for the services they perform for us.
• Business Transfers: If FinPintar Studio is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any change in ownership or use of your personal data.
• Legal Requirements: We may disclose your information if required to do so by law, court order, or in response to a valid request by government authorities (e.g., in Malaysia, under the Personal Data Protection Act 2010).
• Protection of Rights: We may disclose information when we believe disclosure is necessary to protect the rights, property, or safety of FinPintar Studio, our users, or the public.
• Aggregated/Anonymised Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you—for example, publishing general player statistics.

Our website uses cookies and similar tracking technologies to enhance your experience and gather analytics data.

Types of cookies we use:

• Essential Cookies: Required for the website to function (e.g., session management, authentication). Cannot be disabled.
• Performance Cookies: Collect anonymised data about how visitors use our site (e.g., Google Analytics). Help us improve site performance.
• Preference Cookies: Remember your settings and choices (e.g., language, region).
• Marketing Cookies: Used to deliver relevant advertisements. Only active if you have given explicit consent.

You can control cookies through your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect your ability to play the game but may limit some website features.

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for as long as your account is active, plus 90 days following account deletion to allow for recovery requests.
• Gameplay Data: Retained for the duration of your account, then anonymised or deleted within 30 days of account deletion.
• Log & Diagnostic Data: Retained for up to 12 months, then automatically purged.
• Support Communications: Retained for up to 3 years for quality assurance and dispute resolution purposes.
• Payment Records: Retained for 7 years to comply with financial regulations in Malaysia.
• Marketing Preferences: Retained until you withdraw consent or delete your account.

When data is no longer needed, we securely delete or anonymise it so it can no longer be associated with you.

Depending on your jurisdiction, you may have the following rights regarding your personal data. We honour these rights for all users globally where possible.

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data, subject to legal retention obligations.
• Right to Restriction: You may request that we limit our processing of your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, machine-readable format (where technically feasible).
• Right to Object: You may object to our processing of your data for marketing or profiling purposes.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
• Right Not to be Subject to Automated Decision-Making: We do not make legally significant automated decisions about you.

To exercise any of these rights, please contact us at privacy@finpintar.com. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are based in Malaysia, you may also contact the Personal Data Protection Commissioner if you believe we have not adequately addressed your concerns. EU/UK residents may contact their local Data Protection Authority.

FinPintar is intended for players aged 13 years and older. We do not knowingly collect personal data from children under the age of 13 (or the applicable minimum age in your jurisdiction).

If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete that information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@finpintar.com and we will promptly investigate and act.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. These measures include:

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of sensitive data at rest using AES-256.
• Passwords stored using bcrypt hashing with salt.
• Role-based access controls limiting who within our organisation can access personal data.
• Regular security audits and penetration testing.
• Two-factor authentication for all internal administrative systems.
• Automated intrusion detection and anomaly monitoring.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you in accordance with applicable law.

FinPintar Studio is based in Sarawak, Malaysia. Your information may be transferred to, stored, and processed in countries other than your own, including Malaysia, Singapore, or countries where our cloud service providers operate (such as the United States).

When we transfer personal data internationally, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the relevant authority for transfers to third countries.
• Ensuring that recipient countries provide an adequate level of data protection, or that alternative safeguards apply.
• Data Processing Agreements with all international sub-processors.

By using our Services, you consent to the transfer of your information to Malaysia and other countries as described in this policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Display a prominent notice within the game or on our website.
• Send an email notification to registered users for significant changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

If you have questions, concerns, or wish to exercise your data rights, please contact our Privacy Team using the details below. We aim to respond to all requests within 30 business days.