Privacy Policy

This Privacy Policy describes how NLPi Ajans ("Company," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal data when you use the application HapiPlay (the "App"), our related websites, customer-support channels, and any other services that link to this Privacy Policy (collectively, the "Services").

Please read this Privacy Policy carefully. By using the Services, you acknowledge that your personal data may be processed as described herein.

🏢 1. Who We Are

Company / Developer Name: NLPi Ajans

Registered Address
NLPi Ajans
MIMAR SINAN MAH. MUSTAFA KOKMEN BLV. NO: 7 İÇ KAPI NO: 2
27500 NIZIP / Gaziantep
Türkiye

Data Controller
NLPi Ajans
MIMAR SINAN MAH. MUSTAFA KOKMEN BLV. NO: 7 İÇ KAPI NO: 2
27500 NIZIP / Gaziantep, Türkiye
Email: Policy@ihapilive.online

Data Protection Officer (DPO)
NLPi Ajans
Email: Policy@ihapilive.online
Country: Türkiye

Privacy & Support Contact
📧 Policy@ihapilive.online

🔍 2. Scope of This Privacy Policy

This Privacy Policy applies when you:

• download, install, or use the HapiPlay app;
• create or access an account;
• play games, complete offers, tasks, surveys, or other reward activities;
• earn, redeem, or transfer points, coins, or rewards;
• interact with advertising, analytics, attribution, or monetization features;
• participate in referral programs, promotions, tournaments, or loyalty features;
• communicate with us via email or support channels;
• request access, correction, deletion, or other privacy-related actions.

📦 3. Categories of Personal Data We Collect

The table below lists all categories of personal data we collect or receive. We update this table whenever new endpoints, SDKs, permissions, or data types are introduced.

Category	Examples	Purpose
Account & Profile Information	Name, username, email address, phone number, account ID, user ID, referral code, login credentials, authentication data	Account creation, authentication, service delivery
Device & Technical Information	Device ID, advertising ID (GAID), Android ID, app instance ID, push token; IP address; device model, OS version, language, time zone, network type, carrier, app version, SDK version	App functionality, security, fraud prevention, analytics
Precise & Approximate Location	GPS-based or network-based geolocation, where enabled by you or required for a feature	Feature delivery, offer eligibility, fraud prevention
Installed Applications	List or metadata of apps installed on your device	Offer eligibility verification, fraud prevention, rewards attribution
Gameplay & Activity Data	Game sessions, levels completed, milestones reached, in-game events, time spent, reward events, offer completions, survey participations	Reward calculation, offer validation, service improvement
Usage & Transaction Data	App interactions, session times, feature usage, clicks, screen events; reward balances, transaction history, redemption history, virtual currency activity	Service delivery, rewards processing, personalization, analytics
Crash, Diagnostic & Log Data	Crash reports, ANRs, error logs, performance data, diagnostics	App stability, debugging, quality improvement
Contacts	Contact names and phone numbers / emails, only when you grant permission for a specific feature (e.g., referral program)	Referral programs, user-initiated sharing
Text Messages (SMS)	Phone number, SMS content or metadata, only when you grant permission for a specific feature (e.g., OTP / phone verification)	Phone-number verification, OTP delivery
File & Storage Access	File names, types, and metadata of files you explicitly select. No broad storage scanning occurs.	Core app file functionality
Communications & User-Submitted Content	Emails and messages you send us; support attachments; survey or feedback responses	Customer support, product improvement
Health Information	Health-related data only if you voluntarily submit it or a feature explicitly requires it, disclosed at the point of collection	Feature-specific, with explicit consent
Sensitive Personal Information	Precise geolocation; health data; any other sensitive categories where required for a disclosed purpose and permitted by law	Feature-specific, with consent where required
Advertising & Attribution Data	Advertising identifiers, attribution event data, campaign IDs, conversion signals, ad engagement data	Ad measurement, offer attribution, campaign optimization
Third-Party Partner Data	Data received from advertising, analytics, attribution, offerwall, and survey partners (conversion status, device signals, anti-fraud indicators)	Rewards processing, fraud prevention, attribution

🔗 4. Sources of Personal Data

• Directly from you — when you register, play games, complete offers, contact support, or submit forms;
• Automatically from your device — through the App, integrated SDKs, and APIs;
• From integrated SDKs and service providers — analytics, attribution, advertising, and monetization partners;
• From advertisers and offer partners — conversion events, campaign results, and offer completion signals;
• From anti-fraud and security vendors — fraud signals, risk scores, device reputation data;
• From app stores and device platforms — install events and platform-provided metrics;
• From referral and marketing channels — referral attribution data and co-marketing leads.

🎯 5. Why We Process Your Data

• to provide, maintain, and improve the Services;
• to create and manage user accounts;
• to authenticate users and secure accounts;
• to operate all core app features, games, rewards, offers, surveys, referrals, and redemption flows;
• to calculate balances, payouts, rewards, and eligibility;
• to prevent fraud, abuse, duplicate accounts, false conversions, chargebacks, and policy violations;
• to provide customer support and respond to requests;
• to personalize content, game recommendations, offers, and user experience;
• to measure performance, analyze usage, troubleshoot bugs, and improve functionality;
• to serve or facilitate advertising and targeted advertising, where permitted;
• to send service communications, transactional notifications, and (where permitted) marketing messages;
• to comply with legal obligations, enforce our terms, protect rights and safety, and resolve disputes;
• to perform internal reporting, audits, and business operations.

⚖️ 6. Legal Bases for Processing

We rely on the following legal bases for processing your personal data:

• Performance of a contract — to provide the Services, manage your account, process rewards, and handle support;
• Legitimate interests — to secure the Services, prevent fraud, improve products, enforce policies, and analyze performance, where our interests are not overridden by your rights;
• Consent — for sensitive data, certain device permissions, marketing communications, and consent-based processing; you may withdraw consent at any time without affecting prior processing;
• Legal obligation — to comply with applicable laws, regulatory requirements, and tax/accounting duties;
• Vital interests or public interest — where exceptionally required by applicable law.

🤝 7. How We Share Your Data

We may share personal data with the following categories of recipients:

• hosting, cloud storage, infrastructure, and database providers;
• analytics and app performance monitoring providers;
• crash reporting and diagnostics providers;
• attribution and mobile measurement partners (MMPs);
• advertising networks, offerwall operators, survey platforms, and monetization partners;
• fraud prevention, identity verification, and security providers;
• customer support and communication tool providers;
• payment, redemption, and rewards fulfillment providers;
• legal, compliance, accounting, and professional advisers;
• public authorities, courts, regulators, or law enforcement where required by law;
• parties involved in a merger, acquisition, financing, or corporate restructuring.

We contractually require all service providers and data processors to handle personal data only on our instructions and in compliance with applicable law.

🔔 8. Sale, Sharing, Targeted Advertising & Opt-Out Rights

8.1 Do We Sell Personal Data?

We do not sell personal data for monetary payment in the traditional sense. However, certain disclosures of device identifiers, advertising identifiers, usage data, geolocation signals, and similar data to advertising networks, attribution platforms, and monetization providers may constitute a "sale" under the broad definitions in California law (CCPA/CPRA) and certain other US state laws. We treat those disclosures as "sales" for purposes of your opt-out rights.

8.2 Do We Share Personal Data for Targeted Advertising?

Yes. We share advertising identifiers, device identifiers, usage data, and geolocation signals with advertising and attribution partners for the purpose of serving interest-based or targeted advertisements. Under California law, this constitutes "sharing" personal data. We disclose this transparently.

8.3 Categories of Data Sold or Shared

Category	Sold? (Broad Definition)	Shared for Targeted Ads?	Shared with Third Parties?
Advertising identifiers (GAID, etc.)	Possibly	Yes	Yes
Device identifiers	Possibly	Yes	Yes
IP address	Possibly	Yes	Yes
Usage and activity data	Possibly	Yes	Yes
Gameplay data	Possibly	No	Yes (reward partners / fraud prevention)
Approximate / precise location	Possibly	Yes	Yes
Installed apps data	No	No	Yes (fraud prevention / attribution only)
Account / profile information	No	No	Service providers only
Contacts / SMS data	No	No	No
Health / sensitive data	No	No	No (unless explicit consent)

8.4 Your Right to Know

• whether we sell your personal data — see Section 8.1;
• whether we share your personal data for targeted advertising — see Section 8.2;
• the categories of data sold or shared — see Section 8.3;
• the categories of third parties receiving your data — see Section 7.

8.5 Your Right to Opt Out of Sale or Sharing

You have the right to opt out of the sale of your personal data and the sharing of your personal data for targeted advertising. This right applies to California, Colorado, Connecticut, Virginia, Utah residents, and residents of other jurisdictions with equivalent opt-out rights.

🗂️ 9. Data Retention

Data Type	Retention Period
Account information	While active + up to 3 years after account closure
Transaction and reward records	Up to 7 years (accounting and audit obligations)
Gameplay and activity records	Up to 2 years for reward validation and fraud prevention
Support communications	Up to 3 years after resolution
Security logs and device identifiers	Up to 2 years for fraud detection and operational security
Advertising and analytics data	Up to 13 months or as required by partner agreements
Marketing data	Until you opt out or withdraw consent
Deletion request records	Minimum records needed to document compliance

When data is no longer needed, we delete, anonymize, or securely dispose of it in accordance with applicable law.

🛡️ 10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you;
• Correction / Rectification — request correction of inaccurate or incomplete data;
• Deletion / Erasure — request deletion of your personal data;
• Restriction — request restriction of certain processing activities;
• Objection — object to processing based on legitimate interests or direct marketing;
• Portability — receive your data in a portable, machine-readable format;
• Withdraw Consent — withdraw consent at any time without affecting prior processing;
• Know Whether Data is Sold — know whether we sell your data and to whom;
• Know Whether Data is Shared — know whether we share your data for targeted advertising;
• Opt Out of Sale — opt out of the sale of your personal data (Section 8.5);
• Opt Out of Sharing — opt out of sharing for targeted advertising (Section 8.5);
• Limit Sensitive Data Use — limit the use and disclosure of sensitive personal information;
• Non-Discrimination — not be penalized for exercising any privacy right;
• Appeal — appeal a denial of your privacy request;
• Lodge a Complaint — file a complaint with a supervisory authority.

To exercise any right:

• 📧 Email: Policy@ihapilive.online
• Subject: "Privacy Rights Request – [Right Type] – [Your Country]"

We may verify your identity before processing requests. We respond within the timeframe required by applicable law (typically 30 days, extendable to 60 days with notice).

🏛️ 11. Right to Lodge a Complaint with a Supervisory Authority

If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with the competent data protection supervisory authority in your country. Relevant authorities include:

• Türkiye: Personal Data Protection Authority — KVKK (Kişisel Verileri Koruma Kurumu) at kvkk.gov.tr;
• EEA: the supervisory authority in your country of habitual residence or place of work;
• UK: the Information Commissioner's Office (ICO).

We encourage you to contact us first at Policy@ihapilive.online so we may address your concern directly.

🌵 12. California Privacy Notice (CCPA / CPRA)

This section applies to California residents under the CCPA as amended by the CPRA.

12.1 Personal Information Collected (Preceding 12 Months)

• Identifiers (name, email, phone number, device ID, IP address, advertising ID);
• Account and commercial information (user data, transaction history, rewards, gameplay records);
• Internet or electronic network activity (app interactions, feature usage);
• Geolocation data (precise or approximate);
• Diagnostic and technical data (crash logs, performance data);
• Sensitive personal information (precise geolocation, health data where applicable);
• Contacts and SMS data (where permission granted for specific features);
• Installed application data (for fraud prevention and offer eligibility);
• Inferences derived from the above (user preferences, eligibility scores).

12.2 California Privacy Rights

• Right to Know what personal information is collected, used, disclosed, sold, or shared;
• Right to Know whether personal information is sold or shared;
• Right to Access specific personal information;
• Right to Delete personal information;
• Right to Correct inaccurate personal information;
• Right to Opt Out of Sale or Sharing (see Section 8.5);
• Right to Limit Use of sensitive personal information;
• Right to Non-Discrimination.

Submit requests to: Policy@ihapilive.online (Subject: "California Privacy Request").

🏛️ 13. Virginia Privacy Rights (VCDPA)

Virginia residents may have rights under the VCDPA: confirm processing, access, correct, delete, obtain a portable copy, opt out of targeted advertising / sale / profiling, and appeal denied requests.

Contact: Policy@ihapilive.online — Subject: "Virginia Privacy Request" or "Virginia Privacy Appeal."

🏔️ 14. Colorado Privacy Rights (CPA)

Colorado residents may have rights under the CPA, including access, correction, deletion, portability, and opt out of targeted advertising, sale, and profiling.

Contact: Policy@ihapilive.online — Subject: "Colorado Privacy Request."

🗺️ 15. Connecticut Privacy Rights (CTDPA)

Connecticut residents may have rights under the CTDPA, including access, correction, deletion, portability, opt out of targeted advertising and sale, and appeal of denied requests.

Contact: Policy@ihapilive.online — Subject: "Connecticut Privacy Request."

🇪🇺 16. GDPR / EEA / UK Notice

If you are located in the EEA or UK, you have the following rights under the GDPR or UK GDPR:

• Access (Art. 15) — obtain confirmation and a copy of your personal data;
• Rectification (Art. 16) — correct inaccurate or incomplete data;
• Erasure (Art. 17) — request deletion where applicable;
• Restriction (Art. 18) — restrict processing in certain circumstances;
• Portability (Art. 20) — receive data in a portable, machine-readable format;
• Objection (Art. 21) — object to processing based on legitimate interests or direct marketing;
• Withdraw Consent (Art. 7(3)) — at any time, without affecting prior processing;
• Automated Decision-Making (Art. 22) — not be subject to solely automated decisions producing significant effects without human review;
• Complaint (Art. 77) — lodge a complaint with the competent supervisory authority.

Contact our DPO: Policy@ihapilive.online.

🇧🇷 17. Brazil LGPD Notice

If you are in Brazil, you may have rights under the LGPD, including confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about third-party sharing, revocation of consent, review of automated decisions, and the right to file a complaint with the ANPD.

Contact: Policy@ihapilive.online.

🇰🇷 18. South Korea PIPA Notice

If you are in South Korea, you may have rights under the PIPA, including the right to know whether your data is provided to third parties, and the right to access, correct, delete, suspend processing, and know whether your data is sold or shared.

Contact: Policy@ihapilive.online.

📱 19. App Permissions and Device Access

The App may request the following device permissions. We request only what is necessary.

Permission	Why It Is Requested	Mandatory?
INTERNET	Core connectivity, syncing, analytics, ad serving	Yes
Location (Approximate / Precise)	Feature delivery, offer eligibility, fraud prevention	No — you may decline
Camera (system pre-installed)	Capturing images for app features. Uses system camera only; no background access.	No — only when you initiate
READ_CONTACTS	Referral program only, when you explicitly use the referral feature	No
READ_SMS / RECEIVE_SMS	OTP or phone-number verification flows only	No
POST_NOTIFICATIONS	Push notifications for rewards, game events, offers, and updates	No — you may decline
READ_EXTERNAL_STORAGE (android:maxSdkVersion="28")	Retained only for backward compatibility with Android 8 (API ≤ 28) and below. On Android 9 and above, the App uses the Storage Access Framework (SAF) and the Android Photo Picker, which do not require this permission. We have set android:maxSdkVersion="28" so this permission is never granted on modern devices. No broad storage scanning occurs.	Legacy only (Android ≤ 8)
Photos & Videos	Uses Android system Photo Picker — no broad media library access required	No

You can manage or revoke permissions at any time via: Android Settings → Apps → HapiPlay → Permissions.

🧩 20. Third-Party SDKs and Libraries

The App integrates third-party SDKs. We only use SDKs that are up-to-date and free from known critical security issues. We update this section whenever new SDKs are added.

SDK Category	Purpose	Data That May Be Collected
Analytics SDKs	App usage analytics, performance monitoring	Device ID, usage events, session data
Crash Reporting SDKs	Detecting and diagnosing crashes and errors	Device info, crash logs, stack traces
Advertising SDKs	Serving ads, ad targeting, frequency capping	Advertising ID, IP address, usage signals
Attribution / MMP SDKs	Install attribution and campaign measurement	Device ID, advertising ID, install and conversion events
Offerwall / Monetization SDKs	Delivering reward campaigns and offer tasks	Device ID, installed apps, offer completion events
Anti-Fraud / Security SDKs	Detecting fraud, abuse, and bot activity	Device fingerprint, network info, behavioral signals
Customer Support SDKs	In-app support and ticketing	Account info, support messages

Each SDK is governed by its own privacy policy. We encourage you to review them for the specific SDKs active in your version of the App.

🌐 21. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions where our service providers operate. Where required by law, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms. You may request information about specific safeguards by contacting us.

🔒 22. Data Security

We implement appropriate technical, administrative, and organizational security measures — including encryption of data in transit and at rest — to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. We do not transmit personal data in unencrypted form. No security system is completely impenetrable. If you suspect your data has been compromised, please contact us immediately at Policy@ihapilive.online.

👦 23. Children's Privacy

The Services are not directed to children under 13 (or under 16 in the EEA/UK, or such higher age as required by applicable law) unless expressly stated otherwise. We do not knowingly collect personal data from children below the applicable age threshold, and we do not knowingly sell or share the personal data of children. If you believe a child has provided personal data to us without authorization, please contact us at Policy@ihapilive.online and we will take prompt steps to delete it.

🔗 24. Third-Party Services and Links

The Services may contain links to or integrations with third-party websites, game publishers, offer providers, survey platforms, and partner services. Their privacy practices are governed by their own privacy policies. We are not responsible for third-party privacy practices and encourage you to review them before interacting with any third party.

🗑️ 25. Account & Data Deletion

You may request deletion of your account and associated personal data by:

• using the in-app deletion feature: Settings → Account → Delete Account (if available);
• emailing us at Policy@ihapilive.online with subject: "Account Deletion Request".

We will process your deletion request within the timeframe required by applicable law. We may retain limited data after deletion where necessary for fraud prevention, legal compliance, accounting obligations, dispute resolution, or enforcement of our agreements, as permitted by law.

📝 26. Changes to This Privacy Policy

We review and update this Privacy Policy at least annually and whenever material changes occur — including the introduction of new endpoints, SDKs, permissions, or data types. When we make material changes, we will post the updated version here and revise the "Last updated" date. For significant changes affecting your rights, we will provide additional notice (e.g., in-app notification or email) and, where required by law, obtain your consent.

📬 27. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our privacy practices:

We aim to respond to all privacy-related inquiries within 30 days of receipt.