This Privacy Policy ("Policy") describes how Pool Merge Master ("the Application," "we," "us," or "our") collects, uses, shares, and protects personal data. By using the Application, you acknowledge this Policy. We designed it to address requirements under the GDPR, CCPA/CPRA, and VCDPA.
Article I — Key Definitions
1.1 "Application" means Pool Merge Master and related services we provide.
1.2 "Company" means the operator of Pool Merge Master.
1.3 "Personal Data" means information relating to an identified or identifiable individual.
1.4 "Usage Data" means data generated automatically through use of the Application.
1.5 "Device" means hardware used to access the Application.
1.6 "Service Provider" means a third party that processes Personal Data on our behalf.
1.7 "Account" means a user profile or session tied to Application features.
Article II — Information Collection
2.1 Automatic collection. When you use Pool Merge Master, we may collect:
(a) IP address, device model, operating system, and app version;
(b) Device identifiers such as GAID and ANDROID_ID;
(c) Usage Data including levels played, session length, and interaction timestamps;
(d) Crash logs and diagnostic reports;
(e) Network and carrier information where available.
2.2 With your consent, we may also collect advertising identifiers (GAID, IDFA), engagement metrics, and PayPal email and name solely for withdrawal processing.
Article III — Use of Personal Data
3.1 Personal Data is processed to:
(a) operate merge gameplay, progress sync, and core features;
(b) manage accounts, authentication, and preferences;
(c) process PayPal withdrawals and conduct fraud prevention;
(d) send service messages, support replies, and permitted notifications;
(e) analyze usage, measure campaigns, and improve the Application;
(f) support compliance and business transitions.
Article IV — Disclosure and Sharing
4.1 We may disclose Personal Data to service providers, affiliates, business partners (for joint features you choose), during business transfers, when you share content publicly, when required by law, or with your consent.
PayPal Data Protection Notice: PayPal email and payout details are never sold or rented. They are disclosed only for withdrawal processing, fraud prevention, or when legally required.
Article V — Data Security
5.1 We apply TLS 1.2+ encryption, role-based access controls, data minimization, periodic security assessments, and contractual security requirements for partners.
5.2 No method of transmission or storage is completely secure; we cannot guarantee absolute security.
Article VI — Third-Party Advertising
6.1 Advertisements may be served through AppLovin and its mediation network.
Data shared
- Advertising IDs (resettable in device settings)
- Device model, OS, screen size
- Session frequency and duration
- Ad impressions, clicks, conversions
- Country and language
Never shared
- Email or phone number
- Account credentials
- Gameplay progress tied to identity
- Precise GPS location
- PayPal payout details
6.2 Partner privacy policies are listed in Schedule A below.
Schedule A — Advertising Partner Directory
Article VII — Application Permissions
| Permission | Purpose | Data |
|---|
INTERNET | Connectivity, ads, updates | Network status |
ACCESS_NETWORK_STATE | Adapt to connection quality | Network type |
ACCESS_WIFI_STATE | Stabilize Wi-Fi sessions | Wi-Fi status |
AD_ID | Ad delivery and measurement | Resettable ad ID |
VIBRATE | Haptic feedback | None |
ACCESS_ADSERVICES_TOPICS | Ad topic preferences | Topic signals |
ACCESS_ADSERVICES_ATTRIBUTION | Campaign attribution | Attribution data |
BIND_GET_INSTALL_REFERRER_SERVICE | Install source tracking | Referrer params |
BIND_APPHUB_SERVICE | Ad delivery via AppHub | Ad parameters |
ACCESS_ADSERVICES_AD_ID | Ad service API compliance | Ad service IDs |
FOREGROUND_SERVICE | Essential background tasks | None |
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION | Secure internal messaging | None |
Article VIII — Analytics and Endpoints
8.1 Our backend at https://togin.plmmaster.com supports gameplay delivery, progress synchronization, performance monitoring, anonymized analytics, issue detection, and customer support.
8.2 Endpoint safeguards include TLS 1.2+ encryption, access controls, data minimization, security assessments, and Data Processing Agreements with subprocessors.
Article IX — Children's Privacy
9.1 Pool Merge Master is not directed to individuals under 13. We do not knowingly collect Personal Data from children.
Article X — Your Privacy Rights
10.1 GDPR (EEA / UK where applicable): Access, Rectification, Erasure, Restrict Processing, Object.
10.2 CCPA / CPRA (California): Right to Know, Delete, Opt-Out of sale/sharing, Non-Discrimination.
10.3 VCDPA (Virginia): Access, Correct, Delete, Data Portability, Opt-Out of targeted advertising.
Article XI — Opt-Out Mechanisms
11.1 Android: Settings → Google → Ads → Opt out of Ads Personalization.
11.2 iOS: Settings → Privacy & Security → Tracking → limit ad tracking.
11.4 We do not perform profiling that produces legal or similarly significant effects.
Article XII — Data Retention
12.1 Personal Data is retained only as long as necessary for the purposes in this Policy.
12.2 After 90 consecutive days of inactivity, Personal Data is deleted from active systems.
12.3 Usage Data may remain in anonymized, aggregated form for analytics.
Article XIII — International Transfers
13.1 Personal Data may be processed outside your country. We use TLS 1.2+ encryption and contractual safeguards designed to ensure comparable protection.
Article XIV — Disclosure Requirements
14.1 We may disclose Personal Data during business transactions, in response to valid legal process, or to prevent fraud, abuse, or harm.
Article XV — Third-Party Links
15.1 The Application may link to external sites we do not control. Review their privacy policies before sharing Personal Data.
Article XVI — Data Breach Notification
16.1 If a breach is likely to pose high risk to your rights, we will notify affected users and authorities as required by law, generally within 72 hours where feasible.
Article XVII — Cookie and Tracking Technologies
17.1 Pool Merge Master may use cookies, SDKs, and similar technologies in web views or embedded content for sessions, performance measurement, and advertising. You may limit tracking through device advertising settings and the opt-out options in Article XI.
Article XVIII — Amendments
18.1 We may update this Policy. Revisions are posted here with an updated effective date.
18.2 Material changes will be communicated via email or prominent in-app notice before taking effect where required.
Article XIX — Contact Information
19.2 In-Application: Settings → Help & Support
19.3 We respond to privacy inquiries within forty-eight (48) hours.