Privacy Policy

Dated April 29,2025

This Privacy Policy constitutes a legally binding agreement between you ("You" or "User") and Flushee LTD, a company incorporated under the laws of the Republic of Cyprus, with its registered office at Irodi Attikou 8A, Lakatamia, 2332, Nicosia, Cyprus ("Flushee", "Smutstone.com", or the "Company").

We are committed to respecting your privacy, recognizing its significance, and ensuring the security of your personal data. All data processing is conducted in compliance with applicable privacy laws and this Privacy Policy, safeguarding your data protection rights. To meet legal requirements for personal data processing, privacy, and security, we have implemented technical and organizational measures in all jurisdictions where we operate or where the law applies to us.

PLEASE, READ THIS POLICY CAREFULLY. IF YOU DO NOT AGREE TO ANY UPDATED TERMS, OR IF YOU DO NOT MEET THE AGE REQUIREMENTS SPECIFIED HEREIN, OR IF YOUR ACCESS OR USE OF THE SERVICES IS PROHIBITED UNDER THE LAWS OF YOUR JURISDICTION, YOU MUST IMMEDIATELY DISCONTINUE YOUR USE OF THE SERVICES.

This Policy defines the key principles and responsibilities guiding our processing of your personal data, ensuring transparency and accountability throughout. For any inquiries, please contact us at smutstone@sexgangsters.zendesk.com

1. Definitions

1. Controller means Flushee LTD, which determines the purposes and methods for the collection and processing of Personal Data.
2. Processor refers to any individual or legal entity engaged by the Company to handle Personal Data on its behalf based on a contractual arrangement.
3. Data Subject or User refers to any natural person who accesses the Website or uses the Game or related Services provided by the Company.
4. Personal Data means any information that identifies or can reasonably be used to identify an individual, such as a username, email address, IP address, or device information. Further details are provided in the section “Data We Collect” of this Policy.
5. Cookies are small text files stored on a User’s device, used to support Website functionality, remember preferences (such as language settings), and collect data about interactions and traffic for analytical purposes.
6. Party means either the User (You) or the Company (We). Together, both constitute the Parties to this Privacy Policy.
7. Services refers to all functionalities offered through the Website, the Game, or affiliated platforms, including but not limited to content access, account features, communications, promotions, and third-party integrations.
8. Relevant Legislation means applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other legal requirements depending on the User’s place of residence, as further described in the “General Provisions” section.
9. Standard Contractual Clauses (SCCs) are contractual terms approved by the European Commission for ensuring the lawful transfer of Personal Data outside the European Economic Area (EEA).
10. Sensitive Personal Data includes Personal Data that requires enhanced protection under applicable law, such as information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, biometric data, and sexual orientation.
11. Supervisory Authority refers to an independent regulatory body established to oversee and enforce compliance with data protection regulations.
12. Third-Party Service Providers are external organizations engaged by the Company to provide specific services involving the processing of Personal Data, such as hosting, payment processing, analytics, marketing, or customer support.
13. Anonymization means the process of modifying Personal Data so that an individual can no longer be identified by any means.
14. Pseudonymization refers to a method of processing Personal Data in a way that it cannot be attributed to a specific individual without the use of separately stored additional information.
15. Consent is the freely given, specific, informed, and unambiguous indication by a User that they agree to the processing of their Personal Data.
16. Profiling means any automated processing of Personal Data intended to analyze or predict aspects related to a User’s preferences, behaviors, or movements.
17. Personal Data Breach refers to a security violation resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

2. General Provisions

1. This Privacy Policy forms an integral part of the overall legal framework governing Your relationship with Us, including but not limited to the End-User License Agreement (EULA), the Customer Terms and Conditions, and any other policies, notices, or agreements published on the Website or provided in connection with the Services.
2. As the Data Controller, Flushee LTD defines the purposes and means of processing your Personal Data and is responsible for ensuring that such processing complies with all applicable data protection laws and regulations.
3. The specific data protection framework that applies to You depends on your location. Flushee LTD complies with the following legal instruments:

4. Flushee LTD ensures that the processing of Personal Data is conducted in accordance with the principles and obligations established under GDPR, CCPA, VCDPA, SHIELD Act, and other relevant laws, depending on the User’s place of residence. Compliance includes honoring consumer rights, ensuring data security, maintaining transparency, and implementing lawful data transfer mechanisms.
5. In carrying out its activities, Flushee LTD is committed to:

1. Maintaining transparency and accountability in all Personal Data processing operations;
2. Applying appropriate technical and organizational measures to safeguard Personal Data;
3. Ensuring that Personal Data is processed lawfully, fairly, and transparently with respect to the Data Subjects;
4. Requiring that any third parties, including Processors, engaged in processing activities on behalf of Flushee LTD adhere to applicable data protection laws and contractual obligations.

1. Flushee LTD ensures that Data Subjects can effectively exercise their rights under relevant legislation, including the right to access, rectify, erase, or restrict the processing of their Personal Data.
2. If you are a California resident, the rights and obligations specific to the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply in addition to this Privacy Policy. Further information can be found in Appendix 1 to this Policy.
3. If you are located within the European Economic Area (EEA), additional terms under the General Data Protection Regulation (GDPR) apply to the processing of your Personal Data. Details regarding GDPR-specific rights and obligations are provided in Appendix 2 to this Policy.

3. Your Personal Data Rights and Controls

1. As a Data Subject, you have specific rights regarding your Personal Data under relevant legislation. The Company is committed to ensuring that you can exercise these rights effectively and transparently. Below, we outline your key rights:

2. How to Exercise Your Rights. You can exercise any of Your rights by contacting us at: smutstone@sexgangsters.zendesk.com . We will respond to Your request in accordance with applicable legal timeframes. For security reasons, we may ask You to verify Your identity before acting on Your request.
3. Please note that some rights may be subject to lawful limitations.
   For example, we may retain certain Personal Data to comply with legal obligations, resolve disputes, enforce our agreements, or protect legitimate interests.
4. To process Your request regarding access, correction, or deletion of Personal Data, we may require You to provide information verifying Your identity and Your relationship with the Game. If You do not maintain an active account or we cannot reasonably link Your request to data held by us, we may be unable to comply with the request.
5. You may authorize an agent to submit a request on Your behalf by providing a written authorization or a valid power of attorney, in accordance with applicable law. We may require the agent to verify their identity and confirm the authenticity of the authorization before acting on the request.
6. If we deny Your request, You may have the right to appeal the decision under relevant laws. Details on how to submit an appeal will be provided if applicable.

4. Data Processed

1. Legal Bases for Processing. We process Your Personal Data based on the following legal grounds:

1. Your Consent: We collect and process certain Personal Data only after obtaining Your explicit consent, typically through opt-in mechanisms within the Game, Website, or associated Services, as outlined in this Privacy Policy.
2. Performance of a Contract: The processing of certain Personal Data is necessary for the execution of the agreement between You and Flushee LTD, allowing us to provide You with access to the Game and related features in accordance with the Terms and Conditions.
3. Legitimate Interests: We may process Personal Data as necessary to pursue our legitimate interests, including improving and personalizing the Game and Services, maintaining the security and integrity of our systems, preventing fraud, and ensuring a smooth user experience, provided that such interests are not overridden by Your fundamental rights and freedoms.

1. Categories of Personal Data We Process. We may collect and process the following categories of Personal Data:

1. Registration Information: such as username and email address.
2. Optional Profile Information: such as year of birth, relationship status, and sexual orientation (where voluntarily provided by the User).
3. Technical Data: including IP address, device type, browser type, operating system, language settings, and access times.
4. Cookies and Tracking Data: information collected through cookies and similar tracking technologies about Your interactions with the Website or Game.
5. Communications: records of any correspondence You send to us, including support inquiries and feedback.
6. Usage Data: details about Your activity within the Game, interactions with content, participation in promotions, and in-game purchases.
7. Payment Information: limited to transaction records processed via third-party payment providers (we do not store full payment credentials).

5. Purpose for Using Your Personal Data

1. We process Your Personal Data for the following purposes, always in accordance with applicable data protection laws:

1. To provide and operate the Game and Services: including account creation, authentication, access management, and delivery of digital content.
2. To facilitate transactions: such as processing purchases of Credits, Additional Content, and other in-game features through authorized payment providers.
3. To personalize Your experience: including tailoring content, recommendations, and promotional offers based on Your preferences and interactions.
4. To ensure security and prevent fraud: including monitoring for suspicious activities, protecting against unauthorized access, and maintaining the integrity of the Game and Services.
5. To communicate with You: including responding to Your inquiries, providing support, sending administrative messages, and notifying You about important updates or changes.
6. To comply with legal obligations: including obligations arising under applicable consumer protection, tax, financial, and data protection regulations.
7. To conduct research and development: including improving the Game, developing new features, optimizing performance, and analyzing aggregated data for operational insights.
8. To enforce our rights: including the investigation of potential violations of our Terms and Conditions, EULA, or applicable laws.

6. Disclosing Your Personal Data

1. We may share Your Personal Data with authorized third parties where necessary to provide our Services, comply with legal obligations, or fulfill our legitimate interests. The categories of recipients and the purposes of data sharing include:

1. Service Providers and Partners. We share Your Personal Data with trusted third-party service providers who support our operations, including hosting services, payment processing platforms, marketing and advertising networks, analytics services, and customer support solutions.  These providers act only under our instructions and in accordance with applicable data protection laws.

Examples of service providers and partners include:

• Analytics providers such as Google Analytics to evaluate Website and Game performance;
• Advertising platforms like Google Ads for promoting our Services;
• Social media platforms including Facebook, Instagram, LinkedIn, Twitter, YouTube, Telegram, GitHub, Discord, Medium, and Reddit for marketing and community engagement purposes.

2. Third Parties for Service Integrations. Certain functionalities of the Game and Website rely on integrations with external systems. In such cases, we share limited Personal Data (e.g., technical information, usage statistics) as needed to enable these features.
3. Legal and Regulatory Authorities. We may disclose Your Personal Data to government agencies, courts, regulatory bodies, or law enforcement officials where required by law, regulation, legal process, or in response to valid government requests.
4. Business Transfers. In the event of a corporate transaction, such as a merger, acquisition, reorganization, or sale of assets, Personal Data may be transferred to the involved parties under strict confidentiality and only insofar as necessary for the transaction.
5. Advertising and Marketing Partners. Subject to Your consent, we may share non-sensitive Personal Data (such as technical data, preferences, and usage information) with marketing and advertising partners to deliver tailored advertisements and measure campaign performance.
6. Dispute Resolution and Legal Proceedings. We may disclose Your Personal Data to legal advisors, courts, arbitration bodies, or other third parties involved in managing, mediating, or litigating claims, disputes, or breaches of agreements.
7. Consent-Based Sharing. Where You provide explicit consent, we may share Your Personal Data with additional third parties for purposes not specifically listed above. You retain the right to withdraw such consent at any time.

1. We require all third parties who receive Personal Data from us to maintain the confidentiality and security of Your information and to process it strictly in accordance with applicable data protection laws, including GDPR and related frameworks. While we take reasonable steps to select reputable partners and ensure adequate safeguards are in place, we are not liable for independent breaches, misuses, or failures by these third parties. We do not sell Your Personal Data to unauthorized third parties under any circumstances.

7. Data Retention

1. We retain your Personal Data ONLY for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Notice, and to comply with our legal, regulatory, contractual, or legitimate business obligations. Retention periods vary depending on the type of data, the purpose of its processing, and applicable laws.
2. Account and Service-Related Data: Personal Data associated with your account, such as your name, email, and login credentials, is retained for as long as your account remains active. If you deactivate your account or cease using our services, we retain this data for a reasonable period to facilitate account recovery, fulfill legal obligations, or address potential disputes.
3. Technical and Usage Data: Technical and usage data, such as IP addresses, browser information, and activity logs, is retained for shorter durations unless required for security monitoring, fraud prevention, or legal compliance. Data used for analytics and service optimization may be anonymized and retained for longer periods to improve our offerings.
4. Legal and Compliance Data: Data required for compliance with legal obligations, regulatory reporting, or legal claims is retained for as long as mandated by applicable laws or until the resolution of the matter. For instance, documents related to contractual disputes or litigation may be retained for the duration of the statutory limitation periods, which vary by jurisdiction.
5. Marketing and Communication Data: Personal Data used for marketing, such as email addresses or preferences, is retained until you withdraw your consent or opt out. After opting out, we may retain minimal information (e.g., email address) to ensure your preferences are respected and to prevent future communications.
6. Backup and Archival Data: Data stored in backups for disaster recovery purposes is retained for a limited period according to our internal data retention policy. These backups are securely encrypted and used solely for restoring critical systems in case of emergencies.

8. Transfer to Other Countries

1. Due to the global nature of our business, we may transfer your Personal Data to other countries, including those outside your country of residence, to facilitate our operations and provide services. This may involve sharing Personal Data with our group companies, subcontractors, and trusted partners as described in this Privacy Policy.
2. Whenever we transfer Personal Data internationally, we take reasonable steps to ensure that such transfers comply with applicable laws. This includes efforts to verify that the recipient country or organization offers an adequate level of data protection or implementing additional safeguards where necessary. While we strive to ensure the security and compliance of all data transfers, we are not liable for breaches, misuse, or non-compliance by third parties after taking reasonable and proportionate measures to safeguard your data.
3. We employ various measures to ensure that your Personal Data remains protected during international transfers. These safeguards may include:
4. Standard Contractual Clauses: Ensuring data transfers to countries outside the country of residence are governed by approved clauses.

1. Technical Protections: Using encryption, pseudonymization, and secure transmission protocols to safeguard your data during transfer and storage.
2. Policies and Processes: Implementing strict internal policies to challenge disproportionate or unlawful government requests for access to Personal Data.
3. Binding Corporate Rules: Applying intra-group data transfer agreements to maintain consistent data protection standards across our organization.

1. Depending on the nature and destination of the data transfer, we may use additional measures to enhance security and compliance, including:

1. Limiting data transfers to the minimum necessary for the purpose.
2. Employing dedicated teams to assess and manage risks associated with international data transfers.

9. Cookies

1. Cookies are used when users are logged in, so that the service provider can remember and identify you as users. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.
2. When you submit data through a form such as a contact page or comment box, cookies may be set to remember your user details for future correspondence.
3. Some of the cookies used are persistent, which means that they remain stored on your device for one year.
4. In some cases, service providers may provide you with custom content based on what you tell them about yourself, either directly or indirectly if you link a social media account. These types of cookies simply allow these service providers to provide you with content that they feel may be of interest to you.
5. Company uses the following types of cookies:

1. Necessary cookies: help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. These cookies may detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.
2. Statistics cookies: help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. These cookies may register data on visitors' website-behaviour, collect statistics on the user’s interaction with the real-time price- and stock bar on the website.
3. Marketing: are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

1. In some special cases service providers also use cookies provided by trusted third parties. Third-party analytics are used to track and measure usage of website so that service providers can continue to produce engaging content. These cookies may track things such as how long users spend on the site or pages they visit, which helps them to understand how they can improve the site for you as users.
2. Regularly, service providers may test new features and make subtle changes to the way the site is delivered, during this period, these cookies may be used to ensure that users receive a consistent experience on the site.

10. Storage of Personal Data

1. We store your Personal Data securely using appropriate technical and organizational measures to protect it from unauthorized access, loss, or misuse. The storage and processing of your Personal Data comply with applicable laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Your Personal Data may be stored on servers located within the European Economic Area (EEA), the United States, or other jurisdictions where we or our trusted service providers operate. We take measures to ensure that the location of storage complies with applicable data protection regulation.
3. We implement a range of security measures to safeguard your data, including:

1. Encryption: Personal Data is encrypted both in transit and at rest where applicable.
2. Access Controls: Access to your Personal Data is restricted to authorized personnel only.
3. Regular Security Audits: Our systems and processes are regularly reviewed to identify and address vulnerabilities in line with our certification.

1. We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in Clause “Data Retention”. When the retention period expires, or the data is no longer required, it will be securely deleted or anonymized.
2. We may use trusted third-party service providers for data storage. These providers are contractually obligated to ensure the confidentiality and security of your data in accordance with applicable laws
3. Your Personal Data may be stored in encrypted backups to ensure business continuity and disaster recovery. Backup data is securely stored and accessible only to authorized personnel.
4. In certain circumstances, we may be required to retain your Personal Data longer to comply with legal obligations, such as financial reporting or regulatory requirement.

11. Right to Withdraw Consent

1. You have the right to withdraw Your consent to the processing of Your Personal Data at any time, where consent was previously provided as the legal basis for such processing.
2. To withdraw Your consent, You must contact us by submitting a written request via the communication channels specified in this Privacy Policy (e.g., by email at smutstone@sexgangsters.zendesk.com ). We may require You to verify Your identity before we act on Your request in order to protect Your security and privacy.
3. Upon receipt and verification of Your withdrawal request, We will cease processing Your Personal Data for the specific purposes for which consent was originally given. However, the withdrawal of consent does not affect the lawfulness of any processing conducted prior to the withdrawal.
4. Please note, if You refuse to provide necessary Personal Data, or withdraw Your consent to its processing where consent is the legal basis, this may affect Our ability to deliver the Services to You.
5. Certain Personal Data is essential for the performance of the Services, including, but not limited to, account creation, access to the Game, participation in transactions, or communication regarding Your account.
   Without such information, We may be unable to create or maintain Your account, process transactions, grant access to certain features, or otherwise provide You with full functionality of the Website, the Game, or associated Services.
6. In cases where consent is withdrawn for non-essential data processing (e.g., marketing communications or optional analytics), Your access to the core Services will not be impacted. However, withdrawing consent for the processing of essential Personal Data or refusing to provide such data may result in the suspension, limitation, or termination of Your access to the Services.
7. We will process Your withdrawal request promptly and in accordance with applicable laws and regulations.

   ---

Appendix 1 — California Notice at Collection

Effective Date: April 29, 2025

This California Notice at Collection applies exclusively to residents of the State of California, in accordance with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). It describes the categories of personal information we collect, the purposes for which it is processed, and your rights regarding that information.

1. General Provisions and Categories of Personal Data Collected

1. This Notice supplements our main Privacy Policy and applies solely to Users residing in California.
2. In the event of any conflict between this Notice and the broader Privacy Policy, the terms of this California Notice shall govern for California residents.
3. The following table identifies the categories of personal information collected, using the terminology required by the CCPA, along with examples and corresponding purposes:

2. Purpose for Using Personal Data

1. We process your personal information for the following purposes:

1. To provide access to the Game and related Services;
2. To resolve technical issues and support inquiries;
3. To enhance features, develop new functionality, and improve user experience;
4. For marketing, promotions, and personalized advertising;
5. To meet legal and regulatory obligations;
6. To protect intellectual property and address reports of inappropriate content;
7. For internal business management, audits, and analytics;
8. To maintain security and prevent unauthorized activities.
9. A more detailed breakdown can be found in our Privacy Policy.

3. Data Retention

1. Retention periods vary depending on the type of information collected and the purpose for which it is processed:
2. Account data is retained while the account is active and for a reasonable time thereafter to comply with legal requirements;
3. Payment-related information may be retained for five (5) to ten (10) years in accordance with financial regulations;
4. Technical data may be anonymized and retained for service optimization.
5. Please refer to the "Data Retention" section of our Privacy Policy for more information.

4. Your Rights and Choices

1. As a California resident, you have the following rights:

1. Right to Know: Request information regarding the categories of personal information collected, purposes of processing, and third parties with whom information is shared.
2. Right to Delete: Request the deletion of your personal information, subject to exceptions permitted by law.
3. Right to Correct: Request correction of inaccurate personal information.
4. Right to Opt-Out: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
5. Right to Limit Use of Sensitive Data: Restrict how certain sensitive personal information is used.

1. You can exercise these rights by contacting us at smutstone@sexgangsters.zendesk.com .

5. How to Opt-Out of Sale or Sharing

1. Although we do not sell personal information in the traditional sense, we may share limited data for targeted advertising purposes.
2. You can exercise your right to opt out at any time by using the opt-out tools provided or by contacting us at smutstone@sexgangsters.zendesk.com.
3. Please note that some personalization features may be affected if you opt out.

6. Changes to This Notice

1. We may update this Notice from time to time.
2. Material changes will be communicated prominently via the Website or other appropriate means.

7. Contact Information

1. For questions about this Notice or to exercise your rights, you may contact our Data Protection Officer at smutstone@sexgangsters.zendesk.com.

Appendix 2 — GDPR Compliance Notice

Effective Date: April 29, 2025

This GDPR Compliance Notice is issued for Users located within the European Economic Area (EEA) in accordance with the General Data Protection Regulation (EU Regulation 2016/679, "GDPR"). It outlines how Flushee LTD processes, transfers, and protects Personal Data, particularly in cases of international data transfers.

1. General Provisions

1. This GDPR Compliance Notice supplements our primary Privacy Policy and applies solely to individuals residing within the EEA.
2. In case of any inconsistency between this Notice and the general Privacy Policy, the provisions of this GDPR Compliance Notice shall prevail for EEA residents.
3. Flushee LTD may update this Notice from time to time. Where material changes are made, we will notify You prominently through the Website, the Game, or other appropriate means.

2. International Transfers of Personal Data

1. Your Personal Data may be transferred outside the EEA to partners and service providers located in jurisdictions that may not offer the same level of data protection. To ensure compliance with GDPR, we implement the following measures:

1. Standard Contractual Clauses (SCCs): We rely on EU Commission-approved contractual safeguards to legitimize cross-border transfers.
2. Partner Compliance: We only transfer Personal Data to partners who commit to maintaining GDPR-equivalent protections.

3. Potential Risks of Transfers Outside the EEA

1. While we take appropriate steps to protect Your Personal Data, transfers to jurisdictions outside the EEA inherently carry certain risks, including:

1. Regulatory Differences: Data protection laws outside the EEA may differ and may not offer identical protections as GDPR. However, we endeavor to uphold equivalent safeguards wherever possible.
2. Government Access: Local government authorities may have lawful rights to access Personal Data under local legislation. We limit disclosures to the minimum legally required and challenge unlawful requests where feasible.
3. Risk of Unauthorized Access: Although risks exist, we implement robust security measures to prevent unauthorized interception, access, or misuse of Your Personal Data.

1. By accepting our Privacy Policy, You provide explicit consent to such international data transfers, acknowledging these potential risks.

4. Safeguards for International Transfers

1. To minimize risks during international transfers of Personal Data, we adopt:

1. Use of Standard Contractual Clauses (SCCs);
2. Comprehensive risk assessments before transfer;
3. Technical protections such as encryption, pseudonymization, and secure data access controls;
4. Ongoing due diligence and contractual obligations requiring GDPR-level compliance from partners.

5. Explicit Consent for Transfers

1. By using our Game and Services and agreeing to this Privacy Policy, You explicitly consent to the international transfer of Your Personal Data, including transfers to countries that may not guarantee the same level of protection as GDPR.

1. Your fundamental data protection rights remain enforceable.
2. All transfers are subject to appropriate legal and technical safeguards.

6. Storage and Transfer Practices Outside the EEA

1. If Your Personal Data is stored or processed outside the EEA, we ensure:

1. Adherence to Standard Contractual Clauses;
2. Implementation of encryption, access controls, and regular audits;
3. Contractual commitments from third parties ensuring GDPR-level data security and confidentiality.

7. Contact Information

1. If You have questions about this GDPR Compliance Notice or concerns regarding the international transfer of Your Personal Data, please contact our Data Protection Officer at: smutstone@sexgangsters.zendesk.com