TernokassHCR-Policies

PRIVACY NOTICE Effective Date: June 1, 2025

S.S Enterprises, with its registered office at 101/2, Sector - 2, Madhav Puram, Meerut, Uttar Pradesh - 250002, (“S.S Enterprises” or “we” or “us” or “our”) owns, operates and manages Witch Racing Rush: Magic Speed (“the Mobile Application”). Our Mobile Application is designed to provide users (“you” or “your”) with an engaging and interactive gaming experience. Through our Mobile Application, we enable you to play, compete, and enjoy various features, including in-app purchases and interactive gameplay. We are dedicated to your security and privacy. We understand the critical importance of safeguarding data about an individual who is identifiable by or in relation to such data (“Personal Data”) such as your name, age, mobile number, email address, profile picture, microphone, etc. as recognized under data protection law and ensuring a secure digital environment. This Privacy Notice (“Notice”) not only outlines the types of Personal Data we gather but also explains the methods of collection, the purposes for which your Personal Data is collected, used, and processed, the parties with whom it may be shared, the choices you have regarding your Personal Data, and the stringent measures we employ to securely store and protect your Personal Data. This document is an electronic record and is governed by the provisions under the Information Technology Act, 2000 and rules made thereunder as may be applicable, and the amended provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures. Our services are offered worldwide. By tapping “Accept”, you explicitly consent to be bound by this Notice. If you do not agree with the terms outlined in this Notice, kindly refrain from accessing, visiting, or using our Mobile Application or providing us with your Personal Data. Please read this Notice carefully to understand our practices regarding your Personal Data. This Notice is designed to comply with the data protection and transparency standards required by Google Play Store’s Developer Policy. If you have any questions or require clarification about any aspect of this Notice, please don’t hesitate to contact our designated Consent Manager.

WHAT WE COLLECT AND FROM WHOM Our Mobile Application and its content are intended for users aged 18 years and above. We do not knowingly collect personal data from anyone under the age of 18. If you are under 18, you are not permitted to access, use, or provide any personal information through the Mobile Application. You must meet the minimum age requirement applicable in your jurisdiction. If a parent or legal guardian becomes aware that their child has provided personal data without consent, they should contact our designated Consent Manager. Upon verification, we will promptly delete such data in accordance with applicable laws. We strongly advise that minors do not access or use the Mobile Application, and we disclaim any liability for consequences arising from unauthorized use by minors in violation of this notice.

When you access, visit, or use our Mobile Application, we collect and store the following information in our secure Firebase database:

  1. Firebase Unique User Identifier (UID) – generated via Firebase Anonymous Authentication.
  2. Player Identifier (UUID) – a randomly generated identifier stored locally on your device and linked to your Firebase record.
  3. Account Creation Timestamp – recorded using a secure Firebase server timestamp.
  4. Device Information – including device model, operating system version, and application version/build number.
  5. Locale/Language Setting – as reported by your device.
  6. Age Consent Proof – including your declared age category (over/under required age), timestamp, and age gate version.
  7. Advertising Consent Information – including whether you consented to personalized or non-personalized ads, consent source (UMP form/manual), region basis, consent status, consent version, timestamp, and (if applicable) TCF consent string.
  8. Policy Consent Proof – including Boolean proof that you agreed to our Terms of Service, End User License Agreement (EULA), and Privacy Policy, along with their version numbers and timestamp.

Age Verification We require all players to confirm they are at least 18 years of age before accessing the game.This age confirmation appears as the first screen when you launch the app, before any advertising, analytics, or other data processing occurs. If you confirm that you are 18 years of age or older, we store a record of this confirmation in our secure Firebase database, including:

  1. Boolean Value – indicating that you confirmed being 18 years or older.
  2. Age Gate Version – the version code of the age confirmation statement you agreed to.
  3. Timestamp (UTC) – the date and time of your confirmation, recorded using a secure Firebase server timestamp.
  4. App Version, App Build, Operating System Version, and Device Model – as reported by your device. Current Age Confirmation Statement Versions: • age_gate_ver: v1 → “I confirm I am 18 years of age or older.” We do not collect your exact date of birth. This record is stored together with your account information and is used solely to demonstrate compliance with applicable age-related laws and regulations.

All other gameplay-related data is stored locally on your device. In addition, certain technical information — such as IP address, device type and model, operating system version, app version, crash logs, interaction logs, and session duration — may be automatically collected by third-party service providers integrated into our app, including Firebase Crashlytics and others( by Google LLC). This information is used for app performance monitoring, crash reporting, and usage analytics. We do not directly store or access IP addresses or other such technical identifiers ourselves, except for the ones mentioned above; their collection and processing are handled by these third-party providers in accordance with their own privacy policies. All such data practices are also disclosed in the “Data Safety” section of our Google Play Store listing, in compliance with Google Play’s developer policies.

HOW WE COLLECT PERSONAL DATA Our approach to Personal Data collection involves a structured and comprehensive methodology. We utilize a range of formally established channels and mechanisms to ensure the lawful and ethical acquisition of Personal Data. These primary channels through which we gather Personal Data are designed to uphold the highest standards of data privacy and security while enhancing your experience on our Mobile Application. i. Personal Data You Provide: When you engage with our Mobile Application, you may voluntarily provide us with Personal Data. This includes data you share during registration, interactions, or transactions. ii. Automatic: Through the use of technology, we collect automatic information including Personal Data that reflects your interactions with our Mobile Application. This encompasses data related to your device information, interaction logs, gameplay data, and preferences. iii. Technology: Our Mobile Application may utilize technological means to collect data, including analytics tools, web beacons, software development kits (SDKs), and other tracking mechanisms. These technologies aid in analyzing your behavior, preferences, and interactions. iv. Third-Party Sources: We may receive Personal Data from third-party service providers and partners including social media platforms, payment gateways, analytics tools, and advertising networks who are involved in user authentication, transaction processing, or gameplay enhancement.

Firebase SDK (by Google LLC) We use Firebase services from Google LLC in our Android app via the official Firebase SDK for Unity. These include: I. Firebase Authentication – securely authenticates users via Anonymous Sign-In and generates a Firebase UID for consent tracking and required account records. II. Firebase Firestore – stores minimal player information necessary for account operation, legal compliance, and consent record-keeping. III. Firebase Crashlytics – collects crash reports to diagnose and improve app stability. IV. Firebase App Check (Android – Google Play Integrity) – verifies that requests to Firebase (Auth, Firestore) come from a genuine, unmodified Android build of our app. When enforcement is enabled, requests without valid Play Integrity attestation are blocked. During internal testing we may register a temporary “debug token” for designated test devices to allow testing while App Check is enforced. Purpose of Processing I. Create and maintain a unique player account (anonymous authentication). II. Maintain required legal/consent records. III. Diagnose and resolve technical issues (crash reporting). IV. Protect our backend from abuse and fraud by validating app integrity and blocking unauthorized clients (App Check). Data Collected via Firebase SDK I. Device Information (Crashlytics): device model, OS version, language, timezone, and crash context. II. Crash Reports: stack traces, error logs, and associated device information. III. Firebase Unique User Identifier (UID): created during anonymous sign-in and stored while the account exists. IV. Authentication Tokens: short-lived tokens used for identity verification and session management (we do not retain them after use). V. App Check Attestation (Play Integrity): short-lived integrity tokens/verdicts based on signals such as package name, app signing certificate, and device/app environment. We receive only what is needed to validate requests and do not use App Check data for advertising or profiling. Debug tokens may be used only on designated test devices and can be revoked at any time. Retention & Security • App Check attestation tokens are short-lived and used only to authorize requests; we do not retain them beyond operational needs. • Crash and minimal account data are retained only as necessary for the purposes above and as required by law. • Google LLC acts as our service provider for these services; processing may occur on servers outside your country. See Google/Firebase documentation for details on data handling and security. Choices Firebase App Check is a security feature necessary to protect the service. If App Check validation fails (e.g., unauthorized or tampered client), sign-in and data access may not function. All data transmitted to Firebase is encrypted in transit. The processing of this data is governed by Google’s Privacy Policy

Google AdMob & Ads Monetization (by Google LLC) We integrate the Google AdMob SDK and Google User Messaging Platform (UMP) SDK, provided by Google LLC, to display banner, interstitial, and rewarded advertisements within the Mobile Application. Ad formats may be personalized or non-personalized depending on user location, consent status, and applicable laws. Purpose of Processing These SDKs are used solely to: I. Monetize the Mobile Application by serving ads. II. Manage and record user consent for ad personalization where legally required. III. Deliver personalized or non-personalized advertisements based on user preference and applicable regulations. Data Processed by Google AdMob In accordance with Google’s policies, AdMob may process: I. Device identifiers (such as Android Advertising ID) II. Application usage data III. Approximate location IV. Advertisement interaction data (impressions, clicks) V. Diagnostic and crash information We do not collect or store this information directly. All ad-serving and related tracking data is collected and processed by Google LLC, acting as the data controller, in accordance with Google’s Privacy Policy. Consent Record Stored by Us For legal compliance purposes, we maintain a minimal consent record in our secure Firebase Firestore database for every player, including: I. Whether the ads are personalized or non-personalized. II. How consent was obtained (UMP form or manual consent panel). III. The legal region basis for the decision (UMP-supported region or other). IV. Date/time of consent. V. Consent form version (if applicable). This record is stored together with your account information and is used solely to demonstrate compliance with applicable advertising and privacy laws. Consent & Legal Compliance In regions where consent is legally required (e.g., the European Union, United Kingdom, California, India), we use the Google UMP SDK to present a consent form at first app launch. Users may choose between: I. Personalized ads II. Non-personalized ads If the user dismisses the form without making a choice, non-personalized ads are displayed by default. In other regions, personalized ads may be displayed by default unless the user opts out via in-app settings or Google’s Ads Settings page. Managing Ad Preferences Users can update their ad preferences at any time by: I. Accessing the “Ad Preferences” section in the app settings to reopen the consent form (in UMP-supported regions) or disable personalized ads (in non-UMP regions) by Visiting Google Ads Settings to manage ad personalization directly in their Google account.

External Links to Legal Documents and Settings Our game may display links to important legal documents, including but not limited to our Privacy Policy, Refund Policy, End User License Agreement (EULA), and Terms and Conditions. These documents are hosted on GitHub Pages or within GitHub repositories to ensure public accessibility and transparency. When you click on any of these links (such as during the consent process), you may be redirected to GitHub’s website to view the respective document. GitHub, Inc. (a Microsoft company) may process certain technical data in accordance with its own privacy practices, which you can review here: GitHub Privacy Statement. For users in non-regulated regions, the Ad Preferences section within our in-app settings may redirect you to an external browser link where you can manage your Google advertising preferences. This site is operated by Google LLC and is subject to Google’s own privacy policies.

WHY WE PROCESS PERSONAL DATA We use the Personal Data we collect as described by this Notice. More specifically, we may use it to: i. Improving Services and Delivering a Personalized Experience: We use your technical information and Personal Data to deliver, operate, enhance, and personalize the gaming experience on our Mobile Application, including delivering requested services, enabling core functionalities, optimizing performance and user engagement, securing user accounts, tailoring features to your preferences, and making data-driven updates to ensure a smoother, more engaging, and user-friendly gaming environment. ii. Customer Support: Our dedicated customer care support relies on your information including Personal Data to respond to your requests, comments, and inquiries promptly. iii. Account Management: We create and manage the accounts you establish with us by providing Personal Data through our Mobile Application. iv. Legal Requirements: In certain cases, we may process your Personal Data without your consent to meet legal obligations, such as identity verification, or for the prevention, detection, investigation, prosecution, and punishment of offenses. v. Security: We use your Personal Data to protect, investigate, and deter fraudulent, unauthorized, and illegal activities on our Mobile Application. USE OF TECHNOLOGIES We use various technologies, including local storage and permitted software development kits (SDKs), to improve functionality, enhance performance, support in-app features, and enable limited contextual advertising within our Mobile Application. These tools help maintain user preferences, ensure secure access, and analyze app usage to optimize the gaming experience. All advertisements are served through Google Play–approved ad SDKs in accordance with applicable laws. You may manage or disable these technologies through the in-app settings; however, doing so may affect certain functionalities such as login continuity, game progress saving, or in-app purchase operations, and may impact overall app performance. ADVERTISING AND PRIVACY Our Mobile Application may display advertisements as part of the user experience. We use only Google Play–approved ad SDKs and advertising partners who comply with applicable policies. This application is intended solely for users aged 18 years and above. We may show interest-based advertisements with your consent, as obtained through in-app settings or prompts.

TRANSFER OF PERSONAL DATA We value your privacy and are committed to safeguarding your Personal Data. We do not engage in the business of selling customers’ Personal Data to others. However, we may share your Personal Data as described below: i. Transactions Involving Third Parties: We offer various services provided by third parties for use through our Mobile Application. This includes services such as making in-app purchases through payment processors, logging in via social media or external accounts, or interacting with third-party advertising networks. When you engage in transactions with these third parties, we may share your Personal Data related to those transactions with the respective third party for the purpose of facilitating your in-app purchases, ad personalization, account authentication, etc. ii. Third-Party Service Providers: We may engage other companies and individuals to perform functions on our behalf. These include processing payments, analyzing data, providing customer service, and more. These third-party service providers have access to the Personal Data necessary to perform their functions, but they are not allowed to use it for other purposes. iii. Data in Aggregate Form: We may use non-identifiable personal information in aggregate or anonymized form for statistical analysis, demographic studies, and measuring user behavior. Such aggregate data may be shared with suppliers, advertisers, affiliates, and business partners for legitimate purposes. iv. Business Transfers: As S.S Enterprises continues to evolve, we may engage in business compromise, arrangement, mergers, amalgamation, acquisitions, or asset sales. In such transactions, Personal Data may be one of the transferred assets, subject to the commitments made in any pre-existing privacy notice. v. Protection of S.S Enterprises and Others: We prioritize the safety and integrity of our Mobile Application and users. Consequently, we may disclose your Personal Data when necessary to comply with legal obligations, enforce our terms and agreements, safeguard the rights, property, or safety of S.S Enterprises, our users, or others, collaborate with law enforcement agencies and regulatory bodies, protect against fraud or illegal activities, and facilitate the prevention, detection, investigation, or prosecution of any offense or contravention of the law. This disclosure aligns with our commitment to ensuring a secure and law-abiding environment for all stakeholders.

INTERNATIONAL DATA TRANSFERS As part of providing our services through the Mobile Application, your Personal Data may be transferred to, stored in, or otherwise processed in countries outside your country of residence, including but not limited to India, the United States, the European Economic Area (EEA), and other jurisdictions where our or our service providers’ infrastructure is located. These countries may have different data protection standards than those in your home jurisdiction. In such cases, we implement appropriate safeguards, such as Standard Contractual Clauses approved by relevant authorities, reliance on adequacy decisions, or other legally recognized mechanisms to ensure your Personal Data remains protected. If you have any questions or concerns about our Transfer of data practices, please feel free to contact our designated Consent Manager. HOW SECURE IS YOUR PERSONAL DATA At S.S Enterprises, we prioritize the security and privacy of your Personal Data. We have implemented various measures to ensure the protection of your Personal Data: i. Data Protection Measures: Our systems are designed with your security and privacy in mind. We work diligently to safeguard the security of your Personal Data during transmission by utilizing encryption protocols and software. ii. Physical, Electronic, and Procedural Safeguards: We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, processing, and disclosure of Personal Data. Our security procedures may require occasional proof of identity before disclosing Personal Data to you. iii. Secure Transmission: We use secure HTTPS connections, protected by TLS (Transport Layer Security), to transmit sensitive data such as login credentials and purchase information between the Mobile Application and servers. iv. Access Control: We restrict access to Personal Data to employees, agents, contractors, and authorized third parties with a legitimate business need for such access.

SOCIAL NETWORK PLUG-INS The Mobile Application may incorporate plug-ins and/or buttons for social networks, which allow Personal Data sharing on your favorite social networks. The collection and processing of Personal Data obtained by using the plug-ins and/or buttons are governed by the respective third-party privacy policies of the social networks. Such social networks are not under our control or supervision, and therefore we do not accept any responsibility or liability related to your use of the same. RETENTION OF PERSONAL DATA We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected, or as required under applicable laws. Generally, account-related information, gameplay data, and customer support records are retained for a minimum of 3 years from the date of last activity to ensure service continuity and support issue resolution. Payment and transaction data may be retained for up to 10 years to meet regulatory and financial record-keeping requirements. Analytics data is anonymized where possible and retained for no longer than 13 months. Where appropriate, certain Personal Data may be securely retained for a limited duration of up to 3 years after service use to support service validation or issue resolution, following which it is securely deleted or anonymized. We periodically review our data retention practices to ensure they remain appropriate and compliant with applicable data protection principles.

WHAT ARE YOUR RIGHTS We hold your rights in high regard when it comes to the processing of your Personal Data. We offer you a range of options and choices, allowing you to: i. Manage, review, or withdraw your consent, as well as exercise any rights conferred upon you by applicable laws concerning the Personal Data we have in our possession. ii. Request a comprehensive summary of the Personal Data undergoing processing. iii. Request and receive a copy of your Personal Data in a structured, commonly used, and machine-readable format, and to have that data transmitted directly to another data fiduciary, where technically feasible and legally permitted. iv. Object to the processing of your Personal Data on grounds relating to your particular situation, especially where such processing is based on our legitimate interests or involves direct marketing. Additionally, you may request that we restrict the processing of your Personal Data under specific circumstances—for example, while we verify the accuracy of the data, assess an objection you’ve raised, or when the data is no longer needed but you request its retention for legal purposes. v. Seek disclosure of the identities of all other data fiduciaries and data processors with whom your Personal Data has been shared. vi. Exercise your right to correction, completion, updating, or erasure of your Personal Data as required including your account deletion. vii. Nominate a representative to act on your behalf in the event of your death or incapacity to exercise your rights as the data principal.

Data Deletion You have the right to request the deletion of your personal data at any time. For your convenience, we provide a dedicated “Delete My Data” button within the settings menu of the Mobile Application. This in-app function is the sole and exclusive channel for initiating a deletion request. Upon activation of the Delete My Data feature:

  1. All game-related data stored locally on your device, including gameplay progress, preferences, and cached identifiers, will be permanently removed.
  2. All personal information stored in our active Firebase Firestore database, including your account identifier(s) and consent records, will be permanently deleted.
  3. Prior to deletion, and solely for legal compliance and dispute-resolution purposes, we will retain a minimal legal archive record containing only: o Irreversibly hashed identifiers (e.g., Firebase UID, local player ID) o Versions and timestamps of your Age Gate confirmation, policy agreements, and ad-consent choices o Application version, operating system version, device model, and locale at the time of consent o Timestamp of account deletion This record contains no personally identifiable information and cannot be used to directly identify you. The archived record is stored securely for a limited period and is accessible only for the purpose of demonstrating compliance with applicable laws and regulations in the event of a legal dispute. After the retention period expires, the record will be permanently destroyed. Please note that in some cases, your ability to control and access your Personal Data may be subject to applicable laws and legal requirements.

WHAT ARE YOUR DUTIES You have a pivotal role in ensuring the responsible and lawful processing of your Personal Data. To facilitate this, we kindly request that you: i. Comply with Applicable Laws: Please adhere to all the provisions of applicable data protection and privacy laws, rules, and regulations when engaging with our Mobile Application. ii. Authentic Representation: Avoid impersonating another individual, ensuring that the data you provide accurately represents yourself. iii. Full Disclosure: Refrain from suppressing any material data that may be relevant to the processing of your Personal Data. Open and honest communication is crucial. iv. Authentic Complaints: When raising grievances or complaints, do so in a truthful and genuine manner. We are here to assist you effectively, and accurate information is vital for resolution. v. Accuracy of data: Furnish only data that is verifiably authentic and precise. This aids in maintaining the integrity and security of your Personal Data. By adhering to these principles, you play an essential part in ensuring that your Personal Data is processed in a manner that respects your privacy and complies with all relevant legal requirements. We value your cooperation in this regard.

GOVERNING LAW This Notice and any disputes or claims arising from or related to it shall be governed by and construed in accordance with the laws of India. Any dispute or matter arising under or in connection with this Notice, including disputes or claims, shall be subject to the exclusive jurisdiction of the courts in Meerut, Uttar Pradesh. CHANGES TO THIS NOTICE We reserve the right to update or amend this Notice as needed. Any modifications will be posted on our Mobile Application to keep you informed. We recommend reviewing this Notice periodically to stay informed about our Personal Data processing practices. Your continued use of our services after any changes to this Notice are published will signify your acceptance of the revised terms. If significant changes are made, we may also notify you as required by applicable law. CONTACT If you have any questions, concerns, or grievances related to this Notice or S.S Enterprises’s data practices, please don’t hesitate to contact our designated Consent Manager: Name: Sparsh Singhal

Email 1: contact@ternokass.com Email 2: Ternokass@gmail.com The Consent Manager is identified above pursuant to the provisions of the Digital Personal Data Protection Act, 2023 and the rules enacted under those laws. We are committed to addressing your inquiries promptly and effectively. Your feedback is important to us, and we will make every effort to assist you with any privacy-related concerns.