The House of Fables

1Data Controller

The data controller within the meaning of Art. 4(7) GDPR is:

This Privacy Policy applies to the mobile game Ocean Merge available on Google Play. The game does not require account registration with an email address – identification is performed solely through the Device ID.

2Data We Collect

We collect only the data necessary for the Game to function properly. We do not collect your name, email address, or phone number – unless you voluntarily provide them when contacting us.

3Legal Bases for Processing

4Purpose & Retention Period

After the specified periods, data is deleted or anonymised in a manner preventing identification of the individual concerned.

5Data Sharing

We do not sell, rent, or transfer your personal data to third parties for marketing purposes.

Your data may only be shared with:

• Google LLC (Firebase) – as a data processor under a Data Processing Agreement, for storing save data and crash reports;
• Google LLC (Google Play Billing) – to the extent necessary for transaction processing;
• Public authorities – only where required by applicable law;
• Legal or financial advisors – only to the extent necessary to protect the Controller's rights.

6Transfers Outside the EEA

We use Firebase and Google Play services provided by Google LLC (USA). Your data may be processed on servers located outside the European Economic Area (EEA).

Transfers to the USA are safeguarded by:

• Google LLC's participation in the EU–US Data Privacy Framework (European Commission adequacy decision of 10 July 2023);
• Google LLC's use of Standard Contractual Clauses (SCCs) as an additional safeguard.

More information is available in Google's Privacy Policy.

7Firebase & Google Services

The Controller has entered into a Data Processing Agreement (DPA) with Google LLC in accordance with GDPR requirements. Google LLC processes data solely on our documented instructions.

8In-App Purchases

All transactions are processed exclusively through Google Play Billing. The Controller does not store payment card details – these are processed directly by Google.

The Controller receives from Google Play only: transaction ID, product ID, payment status, and transaction date – in order to deliver the Virtual Content to the Player's Account.

Purchase data is retained for 5 years from the end of the tax year in which the transaction was made, as required by applicable accounting and tax law.

9Advertising

The current version of the Game does not display advertisements and does not share data with advertising networks.

10Children's Data

Ocean Merge is directed at a general audience and is not specifically intended for children under 13 years of age.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at contact@thehouseoffables.com. We will delete such data promptly upon verification.

11Your Rights (GDPR)

Under the GDPR you have the following rights. To exercise any of them, contact us at contact@thehouseoffables.com. We will respond within 30 days.

12Data Security

We implement appropriate technical and organisational security measures, including:

• Encryption of data in transit (HTTPS / TLS);
• restricted access to data – limited to authorised personnel only;
• secured Firebase infrastructure with Google Cloud security certifications;
• regular monitoring of systems for potential threats.

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Art. 34 GDPR.

13Policy Updates

We will notify you of any material change at least 14 days in advance via an in-game notification or a notice on thehouseoffables.com.

The current version of this Privacy Policy is always available at: thehouseoffables.com/privacy-policy-en.

14Contact