HyFun User Privacy Policy

Effective Date: November 14, 2025

Last Updated: July 28, 2022 (Based on original policy)

Preamble

This Privacy Policy (the "Policy") is formulated by Cloud Clipper (Hong Kong) Digital Technology Co., Limited (hereinafter referred to as "Cloud Clipper," "We," "Us," or "Our") regarding the products and services (including cloud gaming services and other network services, collectively, the "Products and Services") provided through the HyFun cloud gaming platform on its website platforms and/or the website platforms and mobile applications of its affiliates.

Cloud Clipper is committed to protecting your privacy. This Policy is designed to comply with applicable data protection laws, including, where relevant, the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).

This Policy will help you understand:

I. How We Collect and Use Your Personal Information
II. Legal Basis for Processing Your Personal Information (EEA/UK Residents)
III. How We Use Cookies and Similar Technologies
IV. How We Share, Transfer, and Publicly Disclose Your Personal Information
V. How We Protect Your Personal Information
VI. Your Rights and Choices
VII. Children's Privacy
VIII. International Data Transfers
IX. Data Retention
X. Potential Changes to This Policy
XI. How to Contact Us

We commit to maintaining your trust by upholding principles such as accountability, purpose limitation, data minimization, accuracy, security, transparency, and data subject participation.

Please read this Policy carefully before using our Products or Services. By using our Products or Services, you acknowledge that you have read and understood the terms of this Policy.

I. How We Collect and Use Your Personal Information

Personal Information (PI) means any information relating to an identified or identifiable natural person. We collect and use your Personal Information for the purposes listed below. If we intend to use your information for any purpose not covered by this Policy, we will seek your separate consent.

Category of PI	Purpose of Collection	Examples of PI Collected
A. Account & Registration Data	To perform the contract for service provision, including account creation and user authentication.	Username, Email Address, Mobile Phone Number. (We generally avoid collecting sensitive identifiers like national ID numbers unless required by local law and we have a strong legal basis.)
B. Financial & Transaction Data	To process payments, manage orders, assess transaction risks, and prevent fraud.	Virtual property information (transaction history, virtual currency balances, virtual items, game redemption codes). We do not store full credit card details.
C. Service Security & Logging Data	To ensure service security, prevent fraud, abuse, and system malfunction, and perform backups.	Unique Device Identifiers (UDID), IP Address, Login/Logout Records, Personal Internet Access Records, System Failure Logs, Communication/Call Records (for customer service).
D. Service Optimization & Analytics	To improve our Products and Services, fix system bugs, and develop new features.	Aggregated or Pseudonymized usage data, performance metrics, system error reports.
E. Personalized Content & Marketing Data	To display and recommend content (including personalized advertisements) that may be of interest to you.	Browsing/Search Preferences, Behavioral Habits, User Profiles (created via recommendation algorithms), Geolocation Data (approximate).
F. Customer Support Data	To respond to your inquiries, address service issues, and maintain communication records.	Your contact information, content of communication (chat logs, emails).
G. Device & Permission Data	To enable specific service features requested by the user and ensure compatibility.	MAC Address, Device Serial Number, AndroidID, WiFi Status (SSID, BSSID), Camera/Album access (with user consent), Application Installation List (for ad effectiveness).

II. Legal Basis for Processing Your Personal Information (EEA/UK Residents)

For users in the European Economic Area (EEA) and the UK, we rely on the following legal bases for processing your Personal Information:

Contractual Necessity: The processing is necessary for the performance of the contract for the provision of the HyFun Products and Services to you (e.g., account administration, payment processing).
Legitimate Interest: The processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your fundamental rights and freedoms (e.g., security, fraud prevention, service improvement, network management).
Consent: We rely on your explicit consent for specific processing activities, such as sending you marketing communications, accessing specific device permissions (e.g., camera), or utilizing optional personalized advertising. You have the right to withdraw your consent at any time.
Legal Obligation: The processing is necessary to comply with a legal or regulatory obligation (e.g., tax, accounting, or audit obligations).

III. How We Use Cookies and Similar Technologies

We use Cookies, pixels, and other similar technologies (collectively, "Cookies") to collect information, including to recognize your device, maintain your login status, customize your experience, and analyze service usage.

You have the right to accept or reject Cookies. Most web browsers automatically accept Cookies, but you can usually modify your browser setting to decline Cookies if you prefer. However, this may prevent you from taking full advantage of the service.

IV. How We Share, Transfer, and Publicly Disclose Your Personal Information

A. Sharing with Third Parties

We may share your Personal Information with the following parties:

Affiliates: We may share data with our affiliated companies, subject to the terms of this Policy.
Service Providers: We engage third-party companies and individuals to facilitate our services (e.g., payment processors, hosting services, customer support). These providers are contractually obligated to protect your data and only process it according to our instructions.
Third-Party SDKs/APIs: Our Products integrate third-party SDKs for functions like analytics, advertising, and crash reporting. These SDK providers may directly collect your information. We strongly recommend reviewing their privacy policies. Key examples include: [List major SDKs used, e.g., Google Analytics, advertising partners, payment platforms].

B. Selling or Sharing of Personal Information (CCPA/CPRA)

The use of certain third-party advertising or analytics services may be considered "Selling" or "Sharing" of Personal Information for cross-context behavioral advertising under the CCPA/CPRA.

California Residents have the right to opt-out of the Sale or Sharing of their Personal Information. Please see Section VI for details.

C. Public Disclosure

We will only publicly disclose your Personal Information with your explicit consent or as required by law (e.g., responding to a legal summons or court order).

V. How We Protect Your Personal Information

We have implemented technical and organizational security measures designed to protect your Personal Information from unauthorized access, use, modification, damage, or loss. These measures include data encryption (e.g., SSL/TLS), access controls, and regular security audits. While we strive to protect your Personal Information, no security system is impenetrable, and we cannot guarantee the absolute security of your data.

VI. Your Rights and Choices

Subject to applicable laws, you have the following rights regarding your Personal Information:

Right	Description (Applicable Jurisdictions)
Right to Know/Access	The right to know what PI we have collected about you and to obtain a copy of that PI. (All)
Right to Rectification/Correction	The right to have inaccurate or incomplete PI corrected. (GDPR, CCPA)
Right to Erasure/Deletion	The right to request the deletion of your PI under certain conditions. (GDPR, CCPA)
Right to Object	The right to object to the processing of your PI based on legitimate interests, including for direct marketing. (GDPR)
Right to Data Portability	The right to receive your PI in a structured, machine-readable format and to transmit that data to another controller. (GDPR)
Right to Opt-Out of Sale/Sharing	The right to direct us not to Sell or Share your PI for cross-context behavioral advertising. (CCPA/CPRA)
Right to Limit Use of SPI	The right to limit the use of Sensitive Personal Information. (CCPA/CPRA)
Right to Non-Discrimination	The right not to be discriminated against for exercising your privacy rights. (CCPA)

How to Exercise Your Rights:

To exercise any of these rights, please submit a request to us via:

Email: [Insert Dedicated Privacy Email Address, e.g., privacy@hyfun.com]
Request Portal: [Insert Link to Privacy Request Web-Form, if available]

We will respond to verifiable consumer requests in accordance with applicable law.

VII. Children's Privacy

The HyFun Products and Services are not intended for children under the age of 13. We do not knowingly collect Personal Information from children under 13 without verifiable parental consent. If we learn that we have collected PI from a child under 13 without consent, we will take steps to promptly delete the information.

For residents of the EEA/UK, the age of digital consent may be higher or lower depending on the member state (generally 13 to 16).

If you believe we may have collected information from a child without parental consent, please contact us immediately.

VIII. International Data Transfers

As we operate globally, your Personal Information may be transferred to and processed in countries outside of your jurisdiction, including Hong Kong and other jurisdictions, which may have different data protection laws than your country.

For transfers of EEA/UK user data outside of the EEA/UK, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other legal mechanisms, to ensure your data receives an adequate level of protection.

IX. Data Retention

We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements (e.g., maintaining your account while it is active, and for a period thereafter for backup and audit purposes).

X. Potential Changes to This Policy

We reserve the right to modify or update this Policy from time to time. We will notify you of any material changes by posting the new Policy on this page and updating the "Last Updated" date. We encourage you to review this Policy periodically.

XI. How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your Personal Information, please contact our Data Protection Officer (DPO) or Privacy Team at:

Cloud Clipper (Hong Kong) Digital Technology Co., Limited
Attention: Privacy Team / Data Protection Officer
Email: [Insert Dedicated Privacy Email Address]
Address: [Insert Company Address in Hong Kong or primary processing location]

[End of Policy]