Privacy Policy

Data Controller & Contact

The entity responsible for processing your personal data is:

Data Protection Officer & Backend Infrastructure

In accordance with Articles 13 and 14 of the GDPR, and applicable international data protection laws, we designate a Data Protection Officer (DPO) responsible for overseeing compliance with this Privacy Policy.

Backend Infrastructure & Data Processing Endpoints

Primary backend services are hosted under the following domains operated by us:

• pixorbigames.com

These domains support account management, authentication, reward attribution, fraud prevention, and transaction processing.

Third-Party Infrastructure Processors

The App integrates third-party service providers (processors) that may receive technical data such as device identifiers, Advertising ID, IP address, event logs, and crash reports in order to deliver services, measure performance, and prevent fraud.

Scope

This Privacy Policy applies to the mobile application GemRush (the "App") and all related services we provide, including support channels, reward/offer integrations, analytics, advertising, fraud prevention, and payout/withdrawal processing where applicable.

This policy does not govern third-party websites, applications, or services that you may access through the App (such as offer providers, survey providers, or payment provider pages). Those entities process data under their own privacy policies.

Plain-Language Summary

• We collect account and technical data to operate the App and attribute rewards correctly.
• We use third-party SDKs (ads, analytics, offerwalls, surveys) that may collect identifiers such as Advertising ID (AAID/IDFA).
• We use security and anti-fraud signals (IP, device integrity, event logs) to protect rewards from abuse.
• We do not sell personal data for monetary compensation, but certain sharing may qualify as "sharing" for targeted advertising under applicable U.S. laws.
• You can request access, deletion, or correction of your data, and opt out of targeted advertising, via email or device controls.

Personal Data We Collect

5.1 — Data You Provide Directly

• Account information: email address; optional name fields if entered.
• Support communications: messages and information you share with our support team.
• Withdrawal/payout information: details needed to process payouts; in many cases provided directly to the payment provider.

5.2 — Data Collected Automatically

• Identifiers: Advertising ID (AAID on Android; IDFA on iOS if applicable), app instance identifiers, and similar identifiers used for ads, attribution, and fraud prevention.
• Device information: device model, OS version, language, app version, network type, time zone.
• Usage data & events: app opens, sessions, feature usage, interaction events, conversion/attribution events.
• Log data: IP address, timestamps, diagnostics logs, security logs, error logs.
• Approximate location/region: inferred from IP or device settings for offer availability, compliance, analytics, and fraud prevention. No precise GPS is collected unless explicitly disclosed in-app.

5.3 — Reward / Offer Attribution & Anti-Fraud Data

Because this is a rewards-based application, we process additional technical and event data to: (a) attribute offers correctly, (b) prevent fraud and abuse, and (c) verify reward eligibility.

• Offer/provider identifiers, click identifiers, transaction and conversion identifiers
• Conversion timestamps, reward status, and completion state
• Risk signals such as proxy/VPN likelihood and abnormal behavioral patterns
• Device and app integrity signals used to detect abuse

5.4 — Sensitive Data

We do not intentionally request or require sensitive data categories (medical data, biometric identifiers, or precise geolocation) for core App functionality. If a third-party partner requests such information for a specific offer, you will be informed at the point of interaction and the partner's own policy will govern.

Device Permissions & Controls

The App uses certain Android permissions to provide core functionality including rewards tracking, offer attribution, fraud prevention, notifications, and security. You may manage or revoke permissions at any time via device settings: Settings → Apps → GemRush → Permissions

App Usage & Package Statistics

Permission: PACKAGE_USAGE_STATS

Used by reward partners (such as engagement-based SDKs) to verify eligibility and completion of tasks in third-party apps, and to prevent fraud. Disable via: Settings → Privacy/Security → Special app access → Usage access.

Installed Apps / Package Visibility

May be used by third-party reward/fraud-prevention SDKs to perform integrity checks, detect abuse, and validate offer eligibility. We do not compile, sell, or use a complete list of installed applications for marketing or profiling.

Advertising, Attribution & AdServices

Permission: AD_ID and Android AdServices APIs. Used to display ads/offers, measure performance, attribute rewards, and limit fraud. Manage via: Settings → Privacy → Ads.

Notifications

Permission: POST_NOTIFICATIONS (Android 13+). Used to notify you about reward status, account updates, and offer alerts. Disable via: Settings → Notifications → App notifications.

Biometric Authentication (Optional)

Permission: USE_BIOMETRIC / USE_FINGERPRINT. Used only when you enable biometric sign-in. Biometric templates are handled entirely by your device OS — we never store them.

Network & Connectivity

Permissions: INTERNET, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE. Required for server connectivity, loading offers, and synchronizing reward status.

Background Reliability

Permissions: Foreground Service and WAKE_LOCK. Maintains reliable App operation during active offer flows and reduces interruptions.

Install Referrer

Google Play Install Referrer service. Used to understand the source that referred you to install the App and to support attribution and analytics.

Sources of Data

• From you: account details, support communications, payout requests.
• From your device/app use: usage events, logs, identifiers, diagnostics.
• From partners: offer, survey, and ad partners provide conversion and validation signals to enable correct reward crediting and fraud prevention.

Why We Process Personal Data

• Account registration and authentication
• Core App functionality, features, content, and personalization
• Reward features: offerwalls, surveys, tasks, completion tracking, and awarding points/prizes
• Advertising: personalized or non-personalized depending on consent and applicable settings
• Analytics and performance measurement
• Fraud prevention, abuse detection, and security
• Customer support and communications
• Crash reporting and troubleshooting
• Payout/withdrawal processing via third-party providers where applicable
• Legal compliance and dispute handling

Legal Bases (GDPR — EEA Users)

Where GDPR applies, we rely on one or more of the following legal bases:

• Contractual necessity: Processing required to deliver App services, reward attribution, and account functionality you request.
• Legitimate interests: Securing the App, preventing fraud and abuse, maintaining system integrity, improving performance, and conducting analytics.
• Consent: Where required by applicable law — for example, certain targeted advertising or consent-based tracking in specific regions.
• Legal obligation: Processing necessary to comply with applicable laws, regulatory requirements, or lawful governmental requests.

Who We Share Data With

We may share personal data with third parties to operate the App, provide ads/offers, measure performance, prevent fraud, and process withdrawals. Shared data may include identifiers (AAID/IDFA), device information, IP address, app usage events, and conversion/attribution data.

10.1 — Installed Application & App Usage Data

The App integrates third-party SDKs, including adjoe Playtime, that may access information about applications installed or recently used on the user's device through Android package visibility or usage statistics permissions. Such access is used strictly for: fraud prevention and abuse detection, verification of reward eligibility, and security and integrity monitoring. We do not independently compile, sell, or use a complete list of installed applications for marketing or profiling.

10.2 — Categories of Recipients

• Advertising networks — to show ads and measure ad performance
• Offerwall / reward partners — to present offers and attribute rewards
• Survey providers — to provide survey offers and validate completion
• Analytics and crash reporting providers — to understand usage and fix issues
• Security / fraud prevention services — to protect integrity and prevent abuse
• Hosting/infrastructure providers — to run backend services
• Payment/payout providers — to process withdrawals where applicable

10.3 — SDKs & Partners Used in the App

Do Not Sell or Share My Personal Information

Certain privacy laws, including the CCPA/CPRA and VCDPA, provide the right to opt out of:

• The sale of personal data
• The sharing of personal data for cross-context behavioral advertising
• Targeted advertising and certain profiling activities

Do We Sell Personal Data?

We do not sell personal data for monetary compensation. However, we may share identifiers and limited usage information (such as Advertising ID, device information, IP address, and app interaction data) with advertising, analytics, and reward attribution partners for operational, measurement, fraud-prevention, and advertising purposes. Under certain U.S. privacy laws, this activity may qualify as "sharing" for cross-context behavioral advertising.

How to Opt Out

• Email: iskandermerzoug131@gmail.com — Subject: Do Not Sell or Share Request (include your account email)
• Device controls (Android): Settings → Privacy → Ads → Reset or Delete Advertising ID
• Industry opt-out tools: Network Advertising Initiative ↗ / YourAdChoices ↗

We process verified opt-out requests within 30 days or sooner where required by law. We do not discriminate against users for exercising their privacy rights.

Additional Opt-Out & Appeal Rights

Depending on your U.S. state of residence, you may have additional rights including:

• Right to access personal data
• Right to correct inaccuracies
• Right to delete personal data
• Right to data portability
• Right to opt out of targeted advertising and certain profiling activities

The App does not engage in profiling that produces legal or similarly significant effects (such as decisions related to credit eligibility, employment, housing, or insurance).

Virginia Appeal Rights

Virginia residents may appeal a denied privacy request by replying to our response email with subject line: Virginia Privacy Appeal. We respond within the timeframe required by applicable law.

Data Retention

• Account data: retained while your account is active; deleted or anonymized after a verified deletion request where feasible.
• Reward / transaction records: retained for audit, dispute handling, fraud prevention, and compliance requirements.
• Security logs: retained for a limited period necessary to prevent abuse, investigate incidents, and troubleshoot.
• Analytics/crash data: retained according to provider settings and operational needs.

When retention is no longer required, data is deleted or anonymized where technically feasible.

Security Measures

• Access controls and least-privilege permissions for internal systems
• Encryption in transit (HTTPS) across all supported communication channels
• Monitoring and logging to detect abuse and anomalies
• Passwords stored using strong hashing — never in plaintext
• Rate limiting and anti-fraud logic to protect reward integrity

International Data Transfers

Depending on your location, your data may be processed in countries other than your own, including where our vendors and third-party processors operate. Where required, we rely on appropriate safeguards — such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms — to ensure your data is protected in compliance with applicable law.

Account Deletion & Data Deletion Requests

You may request account deletion and/or deletion of personal data by emailing iskandermerzoug131@gmail.com with subject: Account Deletion Request.

Please include in your request:

• Account email used in the App
• User ID (if available)
• Request type: Account Deletion / Data Deletion / Data Access / Correction

We may ask for additional information to verify your identity and protect your account.

Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, please contact us and we will take reasonable steps to delete such data promptly.

Push Notifications

We may send push notifications for operational and user experience purposes such as reward status updates, account alerts, and relevant offer information. You can disable notifications at any time via: Settings → Notifications → App notifications → GemRush.

Your Rights — EEA / UK (GDPR)

Depending on your location and applicable law, you may have the following rights:

• Right to access your personal data
• Right to correction of inaccurate data
• Right to erasure (deletion) in certain circumstances
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent where processing is consent-based

Where GDPR applies, you may lodge a complaint with a supervisory authority. References: EU Commission data protection ↗, EDPB ↗.

Brazil Privacy Rights (LGPD)

If you are located in Brazil, your personal data is protected under the Lei Geral de Proteção de Dados (LGPD – Law No. 13.709/2018).

• Confirmation of the existence of data processing
• Access to personal data
• Correction of incomplete, inaccurate, or outdated data
• Anonymization, blocking, or deletion of unnecessary or excessive data
• Data portability to another service provider
• Deletion of personal data processed with consent
• Information about entities with whom we share data
• Withdrawal of consent at any time

Brazilian users may submit requests at iskandermerzoug131@gmail.com with subject: Brazil LGPD Request.

California Privacy Rights (CCPA / CPRA)

We do not sell personal information for monetary compensation. We may "share" certain identifiers and activity data for cross-context behavioral advertising as described in Section 11.

Your Rights (California Residents)

• Right to know/access: categories and specific pieces of personal information collected
• Right to know what is sold/shared and to whom (by category)
• Right to delete (subject to exceptions)
• Right to correct inaccurate personal information
• Right to opt out of sale/sharing where applicable
• Right to non-discrimination for exercising privacy rights

Virginia Privacy Rights (VCDPA)

This section applies to Virginia residents under the Virginia Consumer Data Protection Act (VCDPA).

• Access: confirm processing and access your data
• Correct inaccuracies in your personal data
• Delete personal data we hold about you
• Data portability where applicable
• Opt out of targeted advertising, sale, and certain profiling

Other U.S. State Privacy Rights

If you reside in a U.S. state with a comprehensive privacy law — including Colorado, Connecticut, Utah, Oregon, Montana, and others — you may have rights similar to those described above: access, deletion, correction, portability, and opt-out of targeted advertising.

Submit your request to iskandermerzoug131@gmail.com with subject: U.S. Privacy Request.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We recommend reviewing this page periodically. If changes materially affect your rights or how we handle your data, we will provide notice as required by applicable law.

Definitions & Legal References

• GDPR – Regulation (EU) 2016/679 ↗
• Google Play User Data Policy ↗
• Google Play Data Safety ↗
• Firebase Play Data Disclosure ↗
• Google Mobile Ads Play Data Disclosure ↗