Privacy Policy

1. Introduction

Welcome to CoreShell. This Privacy Policy explains how Dullfish Studio ("we," "us," or "our"), located in Chieri, Italy, collects, uses, discloses, and safeguards your information when you use our mobile game CoreShell (the "Game") and our website at coreshellgame.com (the "Website").

We are committed to protecting your privacy and collecting only the minimum data necessary to provide our services. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Game or Website.

2. Age Restriction

CoreShell is rated PEGI 16+ (Europe) and Teen (T) (ESRB, North America). The Game is not intended for users under 16 years of age. We do not knowingly collect personal information from anyone under 16. If you are under 16, please do not use the Game or provide any information to us.

If we learn that we have collected personal information from a user under 16, we will delete that information as quickly as possible. If you believe we might have any information from a user under 16, please contact us through our Support page.

3. Information We Collect

We collect minimal information necessary to operate the Game:

3.1 Information from App Stores

When you create an account, we receive your email address and a store identifier from Apple App Store or Google Play Store, depending on which platform you use. We do not collect this information directly from you—it is provided by the app store when you authenticate.

3.2 Account Information

• Username: A display name you choose within the Game
• Email Address: Provided by App Store/Play Store (encrypted at rest)
• Store ID: Your unique identifier from App Store/Play Store (hashed and encrypted)

3.3 Game Data

• Game progress, levels, experience points (XP), and achievements
• In-game purchases and transaction history
• Game session data (scores, match results, play time)
• Leaderboard rankings and statistics

3.4 Technical Information (Website Only)

• Browser Timezone/Locale: Used locally to detect your region for displaying relevant legal information
• Cookie Consent Preferences: Stored locally in your browser

3.5 Information We Do NOT Collect

• IP addresses
• Precise geolocation data
• Device identifiers (beyond app store requirements)
• Contacts, photos, or other device data
• Browsing history or cross-app tracking data

4. How We Use Your Information

We use the information we collect for the following purposes:

• Account Management: To create and manage your game account
• Game Services: To provide game functionality, save progress, and sync across devices
• Purchases: To process in-app purchases and maintain transaction records
• Leaderboards: To display rankings and competitive features
• Customer Support: To respond to your inquiries and support requests
• Legal Compliance: To comply with applicable laws and regulations

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption at Rest: Sensitive data (email addresses, store IDs) is encrypted using ChaCha20 or AES-GCM algorithms
• Hashing: Store identifiers are hashed for secure lookup operations
• Secure Authentication: We use PASETO v4 tokens for authentication (not JWT)
• HTTPS: All data transmission uses TLS encryption
• Self-Hosted Infrastructure: Our monitoring systems (Grafana, Prometheus, Loki) are self-hosted, not relying on third-party analytics services

6. In-App Purchases

CoreShell is a free-to-play game with optional in-app purchases:

• Cosmetics: Visual customization items
• Boosters: Temporary gameplay enhancements
• Resources: In-game materials and items
• Subscriptions: Premium features including faster leveling, XP bonuses, quality-of-life improvements, and ad-free experience

All purchases use real currency through App Store or Play Store payment systems. We do not use premium currencies or virtual tokens. What you pay is what you get.

Loot Boxes: CoreShell includes loot boxes that can be earned through gameplay (end of match rewards, in-game lottery). Loot boxes cannot be purchased with real money. Drop rate odds disclosure is coming soon.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with services. Specifically:

• Active Accounts: Data retained while you use the Game
• Inactive Accounts: Data retained for 2 years after last activity, then automatically deleted
• Deleted Accounts: Data deleted immediately upon deletion request (irreversible)
• Transaction Records: Purchase history may be retained longer for legal/tax purposes

8. Data Sharing

We do not sell or share your personal information with data brokers or advertisers.

We may share information only in these limited circumstances:

• App Store/Play Store: For authentication and purchase processing
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified beforehand)

9. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data (JSON format)
• Deletion: Request deletion of your account and all associated data (irreversible)
• Correction: Request correction of inaccurate data
• Portability: Receive your data in a machine-readable format

To exercise these rights, please contact us through our Support page.

For EU/EEA/UK residents, see our GDPR Rights page. For California residents, see our CCPA Rights page.

10. Cookies and Local Storage

Our Website uses minimal cookies and local storage:

• Cookie Consent: Stores your cookie preference (localStorage)
• Region Detection: Temporarily cached in sessionStorage to show relevant legal information
• Cloudflare Security Cookies: Strictly necessary cookies used to protect the Website against bot and abuse traffic

We do not use third-party analytics, advertising cookies, or tracking technologies on our Website. For more details, see our Cookie Policy.

11. Third-Party Services

The Game integrates with the following third-party services:

• Apple App Store: For iOS authentication and purchases (Apple Privacy Policy)
• Google Play Store: For Android authentication and purchases (Google Privacy Policy)

Please review their respective privacy policies to understand how they handle your information.

12. International Data Transfers

Our servers are located in the European Union. If you access the Game from outside the EU, your data may be transferred to and processed in the EU, which has strong data protection laws under GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may provide additional notice (such as an in-game notification).

Your continued use of the Game after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Contact Form: coreshellgame.com/support
• Company: Dullfish Studio
• Location: Chieri (TO), Italy
• P.IVA: 13429560017
• Parent Company: HENNOD

We aim to respond to all inquiries within 30 days.