Privacy Policy
Welcome to Shmackle! CurlyBlue LTD (“CurlyBlue”) is the owner of Shmackle and your privacy is very important to us. This Privacy Policy (“Policy”) describes the information we collect, how that information may be used, with whom it may be shared, and your choices in connection with your use of Shmackle, our website www.curlyblue.com (our “Website”), and any other products and services that link to this Policy (collectively, our “Services”).
This Policy does not cover information we receive from third parties. If you have any questions regarding this Privacy Policy, please contact us at support@curlyblue.com.
By accessing the Services, you agree to be bound by this Policy. If you do not agree to the terms of this Policy, please do not use the Services. We reserve the right to make changes to this Policy at any time. Any time we make changes to the Policy, we will change the “Effective Date” of the Policy, which appears at the top. Accordingly, when you use the Services, you should check the date of this Policy and review any changes since you last reviewed the Policy. Each time you use the Services, the then-current version of this Policy will apply.
1. What are the age restrictions for Shmackle?
In accordance with the policies of Meta®, Shmackle is available to Quest 3, Quest 3S, and next-gen headset users at least 10 years of age who access Shmackle using a Parent-Managed Account, and Rift® users at least 13 years of age. We do not administer Parent-Managed Accounts. For more information on creating and managing Parent-Managed Accounts, please review Meta’s education hub at https://www.meta.com/quest/safety-center/parental-supervision/.
If you become aware of an underage user, or a user who has accessed Shmackle without using a Parent-Managed Account as required by Meta®, please complete a support ticket at https://discord.gg/jmancurly or email us at support@curlyblue.com, so we may delete their Personal Information.
The “Personal Information” – information that can be used to identify a person — we collect from or about Child users is used to give them access to certain features of Shmackle and communicate with a parent or legal guardian about that Child user’s registration, including for the purpose of verifying their information in connection with the registration.
If you self-identify or are identified as a Child, your gameplay experience in Shmackle will automatically be restricted. For example, unless your parent or legal guardian permits otherwise, you will be (a) restricted from communicating with or otherwise making your Personal Information publicly available to other users of Shmackle, (b) assigned randomly generated name badges, (c) prohibited from joining private servers using room codes, and (d) restricted from purchasing in-game items.
We do not share or otherwise disclose Child users’ Personal Information, except (a) as may be necessary to protect the safety of a Child, including by disclosing their Personal Information, where appropriate, to law enforcement agencies or for an investigation related to public safety, (b) to enable us to take precautions against liability, (c) to protect the integrity, safety, and security of Shmackle, or (d) where required to do so by law or legal process.
At any time, a parent or legal guardian may review their Child’s Personal Information retained by us, require us to correct or delete such Personal Information, request that we delete their Child’s account, and/or refuse to permit us from further collecting or using their Child’s Personal Information by completing a support ticket at https://discord.gg/jmancurly or emailing us at support@curlyblue.com. To protect parents’ and legal guardians’ privacy and security and the privacy and security of Child users, we may require a parent or legal guardian to take certain steps or provide additional information, which we will keep strictly confidential, to verify their identity before we provide any information about the Child or take the requested actions.
2. What categories of Personal Information do we collect?
Depending on the way you use our services, we may collect different types of information, including Personal Information, from you. However, excepting Personal Information of Children users of Shmackle, we do not knowingly or intentionally process any sensitive Personal Information.
The categories of personal information we may collect are listed below. Some types of personal information may belong to multiple categories.
a. Identification code: We may collect your first name, middle name and last name, email address, Shmackle username, Meta® username, postal address, social security number or employer identification number, telephone number, IP address or display name.
b. Classification characteristics protected by California or federal laws: We may collect your date of birth or age and, if you contact us through a support ticket or arbitration opt-out, your first and last name.
c. Business Information: We may collect your purchase and sales history in the game.
d. Voice data: We may receive your voice data through your microphone. Normally, we do not store this information, although for audit purposes, we reserve the right to process your voice data locally in certain public room instances. For audit purposes, some of these voice data can be recorded and sent to third-party services for additional processing. Any such records are anonymous and retained for 30 days. Voice data in private instances has never been processed, stored, or sent to third parties.
e. Sensory data: We may receive your voice through your microphone, as well as animation data obtained from your head movements and facial expressions. We do not store this information.
f. Internet or other similar network activities: We may collect your game history, game settings and preferences, Dynamic-link library (“DLL”) running/loading on your computer or data collected from “small memory dump.”
g. Other categories: We may collect information from content you create and publicly share in the game, as well as information you choose to disclose in the game through multiplayer chat or other public features. We also may collect your Meta age category (i.e., child, teen, or adult) and information from the content that you send to us directly by submitting a support ticket.
In addition, we may collect information that does not allow you to be identified but may be associated with your account. We may use information that does not identify you for any commercial purposes permitted by applicable law.
3. From what sources do we collect Personal Information?
We may collect Personal Information from you in several ways, including:
Directly From You
When you use our Services, you may provide certain information directly to us. For example:
a. When you play Shmackle, we may collect your movement data (tracking your hands and head), voice data (not voiceprints), gameplay information, and game settings and preferences, including parental controls and language.
b. When you contact us through the “Contact Us” form on our Website, we may collect your first and last name, email address, and records and copies of your correspondence.
c. When you submit a support ticket, we may collect your email address and records and copies of your correspondence.
d. When you open Shmackle, we may collect your date of birth.
e. When you self-identify or are identified as a Child user of Shmackle, we may collect your parent or legal guardian’s email address.
f. When you respond to a survey or questionnaire, we may collect the information you provide.
Automatically From You
We may collect your Personal Information automatically as you use our Services. For example, we may collect your Personal Information as you interact with our Website or as you play Shmackle. This information includes the following:
a. Information about your device, such as the operating system, hardware, system version, the Internet Protocol (IP) address, device ID, and device language. When you self-identify or are identified as a Child user of Shmackle, we may automatically collect your Internet Protocol address.
b. The specific actions that you take when you use our Services, including but not limited to the pages and screens that you view or visit, search terms that you enter, how you interact with our Services, and information about your interactions with other users.
c. The time, frequency, connection type, and duration of your use of our Services.
d. Information about your wireless and mobile network connections, such as mobile phone number, service provider, and signal strength.
e. Location information, such as GPS information.
f. Information regarding your interaction with email messages, for example, whether you opened, clicked on, or forwarded the email message.
g. Identifiers associated with cookies or other technologies that may uniquely identify your device or browser (as further described below); and
h. Pages you visited before or after navigating to our Website.
From Third Parties
a. Information from Game Publishers and Other Users
- Game Publishers: When you play Shmackle, we may receive certain information from game publishers such as Meta. This includes your Meta username, purchase history for in-game items or DLCs, and, in the event of a ban, your Meta ID. Additionally, if you self-identify or are identified as a Child user, we may also receive your Meta age category (e.g., child, teen, or adult).
- Support Tickets: When you submit a support ticket for Shmackle, we may receive information such as your Meta ID and any other details you provide in the ticket.
- Other Users: If another user reports that you have violated our Terms of Service or community policies, we may collect the information they provide about you. For Child users, we may also receive a parent or legal guardian’s email address if provided by the Child.
We abide by this Policy when we use Personal Information provided to us by third parties. However, we may not control the Personal Information that third parties collect or how they use that Personal Information. You should review the third parties’ privacy policies for more information about how they collect, use, and share the Personal Information they obtain and use.
Moreover, we cannot control what is done with Personal Information you share with third parties or other players. If you choose to share information publicly through our Services, please understand that we cannot control the actions of third parties who could collect this information.
4. How do we and third parties use cookies and other automatic data collection
technologies?
Cookies are small pieces of text sent to your browser by a website you visit. They help that website remember information about your visit, which can both make it easier to visit the site again and make the site more useful to you.
You have choices with respect to cookies. By modifying your browser preferences or Meta account settings, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject all cookies you may be unable to use those aspects of our Services that require registration to participate. You can learn more about cookies and how they work at www.allaboutcookies.org. You can always disable cookies through your browser settings and Meta account preferences. Doing so, however, may disable certain features on our Services. You can opt-out from third party cookies that are used for advertising purposes on the NAI website at http://www.networkadvertising.com.
We may use third parties, such as Google Analytics or other analytics providers, to analyze traffic to our Website. Google Analytics does not create individual profiles for visitors and only collects aggregate data. To disable Google Analytics, please download the browser add-on for the deactivation of Google Analytics provided by Google at http://tools.google.com/dlpage/gaoptout?hl=en. To learn more about privacy and Google Analytics, please consult the Google Analytics overview provided by Google at http://www.google.com/intl/en/analytics/privacyoverview.html.
We may also use cookies, pixels, beacons, or other web tracking technologies to track the amount of time spent on our Services and whether certain content, such as a video was viewed. We may work with a third party to collect and process this information for us, based on our instructions and in compliance with this Policy.
At the present time our Services do not respond to “Do Not Track” signals or similar mechanisms.
5. How do we use your Personal Information?
In general, we collect information from you so that we can provide our Services, operate our business, and provide information that you request from us. This includes the following uses and purposes:
a. To provide or improve our Services: We may use your Personal Information to process your requests to access our Services and certain of their features and to generally present and improve our Services. For example, we may use your Personal Information to create your account for Shmackle, to grant you access to Shmackle, to fulfill in-game purchases, and to improve our games or Websites.
b. To administer our Services: We may use your Personal Information for any lawful business or operational purpose in connection with administering our Services. For example, if you reach out to us, we may use your Personal Information to respond to support tickets or business inquiries sent by you.
c. To market our Services: We may use your Personal Information to market our Services to you. For example, with your prior consent, we may share news and updates about our Services through our Games’ Discord channels.
d. In furtherance of legal and safety objectives: We may access, use, and share with others your Personal Information for purposes of safety and other matters in the public interest. We may also provide access to your Personal Information to cooperate with official investigations or legal proceedings (e.g., in response to subpoenas, search warrants, court orders, or other legal processes). We may also provide access to your Personal Information to protect our rights and property and those of our agents, users, and others, including to enforce our agreements, policies, and our Terms of Service. For example, we may use your Personal Information to respond to inappropriate or reported conduct in-game, and to enforce user bans for Shmackle.
e. In connection with a sale or other transfer of our business: In the event all or some of our assets are sold, assigned, or transferred to or acquired by another company due to a sale, merger, divestiture, restructuring, reorganization, dissolution, financing, bankruptcy, or otherwise, your Personal Information may be among the transferred assets.
f. As we may describe to you when collecting your Personal Information: There may be other situations when we collect your Personal Information and simultaneously describe the purpose for that collection.
Please know that we will only collect, use, or store your Personal Information for a lawful basis such as:
a. You voluntarily provide it to us with your specific, informed, and unambiguous consent;
b. It is necessary to provide you with a Service that you have requested (for example, providing you access to Shmackle);
c. We have a legitimate business interest that is not outweighed by your privacy rights (for example, to ban users); or
d. It is necessary to protect your vital interests or the vital interests of others (for example, where necessary to protect the safety of one of our users or someone else).
6. In what situations do we disclose your Personal Information?
We never sell your personal information. Like most companies, we share information in certain circumstances with third parties through operation of our Services and our business. When we disclose Personal Information for a business or operational purpose, we enter into a contract with the service provider or contractor that describes the purpose and requires the service provider or contractor to both keep that Personal Information confidential and not use it for any purpose except performing the contract. Below we explain when we may share your Personal Information.
Other Users
Some of your profile information may be publicly visible to all users and it may be displayed to other users to facilitate user interaction within the Services. When you communicate with other users or interact on the Services, you may provide information and content to forums or message boards – and to facilitate your interaction we may provide that content and information, as well as your profile information, to such other users. When you are connected with other users, they will also see your full profile information, including activity in the Services that you and the other user(s) have participated in together, such as for example, if you and user(s) both participate in forums or message boards on the Services. As noted earlier, users that you interact with may, in some cases, be able to save that content or copy it outside of the Services, so do not post or share content that you would not want another user to save or share.
Your account privacy settings may allow you to limit the other users who can see certain information in your profile and/or what information in your profile is visible to others.
Community Partners
“Community Partners” are local businesses, restaurants, non-profit companies and other organizations in your community. If you RSVP for an event involving a Community Partner, redeem a coupon offer or loyalty reward with a Community Partner, purchase an item to be redeemed with a Community Partner, or otherwise interact with a Community Partner on the Services, certain profile information, such as your username and contact information, is shared with the Community Partner.
Service Providers
We use third parties to assist us with operating our business and providing our Services, such as our technology vendors that help us maintain our Services and partners that assist us with our marketing and communication. These service providers will have access to your information to provide Services to us. Additionally, if you make a purchase through the Services, our third-party payment processors have access to your information to process your transaction.
As Directed By You and With Your Consent
Except as otherwise provided in this Policy, we share information with companies, organizations or individuals outside of CurlyBlue only at your direction or when we have your consent to do so.
Legal Proceedings
We may share information with third-party companies, organizations, governmental authorities, or individuals outside of CurlyBlue if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
a. Meet any applicable law, regulation, subpoena, legal process, or governmental request;
b. Enforce a contract, including but not limited to any applicable Terms of Service, including investigation of potential violations thereof;
c. Detect, prevent, or otherwise address fraud, security, or technical issues; or
d. Protect against harm to the rights, property, or safety of CurlyBlue, our users, customers, or the public as required or permitted by law.
Sale or Merger
We may share information about you as part of a merger or acquisition. If CurlyBlue or any of its affiliates is involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business to another company, we may share your information with that company before and after the transaction closes. In such a case, unless permitted or otherwise directed by applicable law, your information would remain subject to the terms of the applicable privacy policy in effect at the time of such transfer.
Aggregate Information
We may de-identify or aggregate information so that you are not identified as an individual and use and provide that information to third parties without restriction. We may also provide aggregate usage information to third parties (or allow third parties to collect that information from you), who may use such information to understand how often and in what ways people use our Services. However, we never disclose aggregate usage or de-identified information to a third party (or allow a third party to collect such information) in a manner that would identify you as an individual person
7. How do we secure your Personal Information?
We take the security of your personal information very seriously. As such, we protect your Personal Information through a combination of collection, security, and retention policies.
a. Limited retention: We retain each category of Personal Information only for as long as necessary to fulfill the purposes for which the Personal Information was provided to us or, if longer, to comply with any legal obligations, to resolve disputes, and to enforce contracts. For example, we may retain Personal Information collected about you to prevent repeated violations or suspected violations of our Terms of Service if your account has been banned or your access to our Services has been disabled for any reason. To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of the Personal Information, the purposes for which we process the Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, subject to the foregoing considerations, it is our policy to delete your Personal Information if we stop operating our Games or the feature through which the Personal Information was acquired.
b. Purpose limitation: We will use your Personal Information only for our Services you choose to access and for the purposes notified to you, unless we otherwise obtain your consent. We limit the collection of Personal Information to what is adequate, relevant, and reasonably necessary for those purposes.
c. Security measures: We use reasonable security measures to ensure a level of security appropriate to the volume and nature of Personal Information processed and risk involved, considering the size, scope, and type of our business, and have implemented contractual, technical, administrative, and physical security measures designed to protect your Personal Information from unauthorized access, disclosure, use, and modification. As part of our privacy compliance processes, we review these security procedures on an ongoing basis to consider new technology and methods as necessary. However, please understand that our implementation of security measures as described in this Policy does not guarantee the security of your Personal Information. In the event of a security breach, we will promptly notify the proper regulatory authorities and any affected users of the breach after we become aware of the breach to the extent required by applicable law.
Please bear in mind that we may store or process your Personal Information outside of the country where we collect the information or the country in which you reside. When transferring Personal Information out of foreign countries, we implement technical, organizational, and physical safeguards to protect your Personal Information. Please contact us if you have questions related to the relevant transfer mechanism for your Personal Information.
Finally, please play your part in protecting your Personal Information. Although we will do our part, your practices and activities are likewise very important for the protection of your Personal Information. You should take certain steps to help protect your Personal Information, such as being mindful of what you share publicly in Shmackle, including the below.
a. Do not use your real name when selecting a username.
b. Do not share your real name or anything private about yourself or anyone else with other users of Shmackle.
c. Do not pick a password that is easy to guess, and do not share your password.
Please remember that we have no control over what other users do with the content of your communications and no responsibility or obligation regarding other users.
8 What rights do you have to your Personal Information and how do you exercise those
rights?
We strive to provide you with choices with respect to your information. Also, remember, you can opt not to disclose certain information to us – but keep in mind some information may be needed to create a Shmackle account or to take advantage of some of our Services and features. Subject to any limitations and exceptions under applicable law, you have the right to request access to your Personal Information and exercise the below rights.
a. You have the right to receive a copy of your personal data that you have provided to us in a structured, commonly used, and machine-readable format, allowing you to transmit this data to another service provider, where technically feasible. To exercise this right, please submit a data portability request through our designated channels, and we will provide your data within a reasonable timeframe, subject to verification of your identity and compliance with applicable data protection laws.
b. You have the right to correct or update certain types of Personal Information. In many cases, you can review or update your account information by accessing your account online.
c. You have the right to request deletion of your Personal Information. If you choose to have your Personal Information removed from our Services, we will carry out your request within 30 days of account verification, subject to extension, and we will only retain minimal Personal Information to document your request and the actions we took to carry out your request.
d. You have the right to restrict certain processing of your Personal Information and the right to object to some types of processing of your Personal Information.
e. You have the right to withdraw your consent at any time.
f. You have the right to lodge a complaint regarding our collection, storage, or processing of your Personal Information with a data protection supervisory authority in the country where you live or work.
If you would like to exercise any of these rights, please complete a support ticket at https://discord.gg/jmancurly, or email us at support@curlyblue.com with the subject line “Privacy Request.” Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. The verifiable consumer request must:
a. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
b. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. We will only use Personal Information provided in a verifiable consumer request to verify your identity or authority to make the request.
We will try to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. We will comply with your requests in accordance with, and subject to, applicable law. For example, we are not required to delete your Personal Information if we have an overriding legitimate ground for retaining that information, such as to prevent fraud. Please note that we are legally prohibited from carrying out requested actions in some instances, including (1) when we are unable to confirm your identity or (2) where doing so would adversely affect the rights or freedoms of others. Further, we are not required to carry out a requested action in some instances, including where the request is considered excessive.
Any disclosures we provide will only cover the 12-month period preceding the receipt of a verifiable consumer request, unless you request a longer period of time for Personal Information we collected about you. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
To appeal a decision regarding your verifiable consumer request, please submit your appeal using one of the two methods above. Your appeal should include an explanation of the reason you disagree with our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
For data portability requests, we will select a format to provide your Personal Information that is readily usable, easy-to-understand, and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
9. Additional Notice for California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia Residents
California Online Privacy Protection Act
The following applies to California residents:
We do not track users of our Services over time and across third party websites or online services and therefore do not respond to Do Not Track signals. We are not aware of any third party that tracks users of our Services over time and across third party websites or online services. Please note that Do Not Track is a different privacy mechanism than the Global Privacy Control, a legally recognized browser-based control that indicates whether you would like to opt out of the processing of your Personal Information for certain purposes.
State Privacy Laws
The following applies to California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia residents (in the event of a conflict between this Section 9 and any other section in this Policy, this Section 9 controls):
a. Right to Know and Access: You have the right to request that we disclose certain information to you about our collection and use of your Personal Information. Once we receive and confirm your verifiable consumer request, we will disclose to you the following, to the extent retained by us:
- The categories of Personal Information we collected about you;
- The categories of sources for the Personal Information we collected about you;
- Our business or commercial purpose for collecting, selling, or sharing that Personal Information;
- The categories of third parties with whom we disclose that Personal Information;
- The specific pieces of Personal Information we collected about you (also known as a data portability request); and
- If we sold or shared your Personal Information, two separate lists disclosing: (1)Sales, identifying the Personal Information categories that each category of recipient purchased, and (2)Disclosures for a business or operational purpose, identifying the Personal Information categories that each category of recipient obtained.
b. Right to Deletion: You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers and contractors to delete) your Personal Information from our records, unless an exception under applicable law applies. We may deny your deletion request if retaining the information is necessary for us or our service providers or contractors to:
- Complete the transaction for which we collected the Personal Information, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide our Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Help to ensure the security and integrity of our Services to the extent the use of your Personal Information is reasonably necessary and proportionate to those purposes;
- Debug our Services to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another user to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the Personal Information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided consent;
- Enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us and compatible with the context in which you provided the Personal Information; or
- Comply with a legal obligation.
c. Right to Correction: You have the right to request that we correct inaccurate Personal Information. Once we receive and confirm your verifiable consumer request, we will use commercially reasonable efforts to correct the inaccurate Personal Information, considering the nature of the Personal Information and the purposes of the processing of the Personal Information.
CONTACT US
Please also feel free to contact us if you have any questions about this Policy or our practices, or if you are seeking to exercise any of your statutory rights. We will respond within a reasonable timeframe. You may contact us at support@curlyblue.com.