Privacy Policy
Last updated: July 3, 2026
Trophy Arena (the “Application” or “App”) is operated by Cashwiz Media LLC, a Wyoming limited liability company (“Cashwiz Media”, “we”, “us”, or “our”). This Privacy Policy explains what information we collect through the Application, how we use it, who we share it with, and the choices and rights you have. By downloading, accessing, or using the Application you agree to this Privacy Policy. If you do not agree, please do not use the Application.
This Privacy Policy works together with our Terms of Service, our Cookie Policy, and our Advertising Policy.
The Application is a casual game. We do not pay cash, and the in-game “Stars” and “Trophies” are virtual items with no monetary value that cannot be redeemed, withdrawn, or exchanged for real money or goods.
We may update this Privacy Policy from time to time. Changes are effective when we update the “Last updated” date above. If we make material changes, we will provide a more prominent notice (for example, an in-app notice). Your continued use of the Application after a change means you accept the revised policy.
INFORMATION WE COLLECT
We only collect the information needed to run the game, secure your account, process purchases, show ads, and provide support:Account Information
When you register, we collect your name, email address, and password. Passwords are stored only in hashed (encrypted) form — we never store or see your plain-text password. If you sign in with Google, we receive your name, email address, and Google profile photo from your Google account through Firebase Authentication; your Google profile photo is stored as your avatar (see “Profile Photo” below).Age (Year of Birth)
At sign-up we ask for your year of birth once — to confirm you are old enough to use the Application and to apply age-appropriate protections (for example, non-personalized ads for users under 18). We store your year of birth and derived age indicators (such as whether you are a minor) to apply age-appropriate protections; we do not collect your full date of birth.Profile Photo
Your avatar is either a photo imported from your Google account when you sign in with Google, or an image you choose to upload yourself; it is stored on our servers and shown on your profile and on leaderboards. Having an avatar is optional, and you can change or remove it at any time.Approximate Location (Country)
We determine your country from your SIM card’s country code or, if unavailable, from your IP address. We do not request or collect precise (GPS) location, and the Application has no location permission.Device and Usage Identifiers
To deliver ads, send notifications, and protect against fraud, we collect:* Your device’s Advertising ID (used by Google AdMob to show ads, and — for adults who have not opted out — passed to our own promotional pages opened from a notification; not used when you have limited ad tracking at the device level, when you have opted out, or for users under 18);
* A push notification token (Firebase Cloud Messaging) so we can send you notifications;
* A device identifier, your IP address, app version, and the install-referrer source that told us where your install came from. We also use your device identifier and IP address for security and fraud prevention (see “Anti-Fraud, Security, and Fair Play” below).
We do not collect your phone number, contacts, SMS, your photo library or device photos (other than the single avatar image you choose to upload, or the photo imported from your Google account — see “Profile Photo” above), or permanent hardware identifiers (such as IMEI or serial number), and we do not collect a list of the other apps on your device.
Gameplay and Activity Data
We store your in-game activity — scores, Trophies, virtual “Stars” balance, game history, boosters, daily-reward streaks, leaderboard standing, and your referral/invite activity (the friends you have invited, your invite-milestone progress, and the rewards you earn) — so your progress is saved across sessions and so we can operate the invite program and prevent referral fraud.We also collect first-party, in-app usage analytics — the screens you view and how long you spend on them, which features and boosters you use, how long your sessions last, and similar in-app interaction events — on our own servers. This usage data is never shared with any third party and never used for cross-app tracking; we use it only to understand how the Application is used and to improve it.
Purchase Information
When you buy Stars through an in-app purchase, the transaction is processed by Google Play Billing. Google handles your payment; we never receive your full payment-card or bank details. We receive a purchase token, product ID, order ID, and the transaction’s price and currency (as reported by Google), together with Google’s purchase-verification record, so we can verify the purchase and credit your Stars. See “In-App Purchases” below.Support Messages
If you contact support through the Application, we receive the messages you send (and the email or account they are tied to) so we can respond.Reports and Blocking
If you report another player or block them, we collect the report (the reason you choose and any text you add) and a record of who blocked whom, so we can review reports and keep the game and leaderboards safe. We use this only for safety and moderation, and it is deleted when you delete your account.Crash, Error, and Performance Data
To keep the app reliable, we use Sentry (a third-party monitoring service) in both the Application and on our servers to collect crash reports, error and exception details (including stack traces), and limited performance and diagnostic data — such as your device model, operating-system and app version, similar device characteristics (for example, whether the device is rooted and the store the app was installed from), and the in-app actions leading up to a problem. We have configured Sentry not to capture screenshots, on-screen content, or session recordings, not to store your IP address, and not to attach your name, email, or account ID; each report carries only a random identifier that Sentry generates for your app installation, which is not linked to your account. We use this data only to detect, diagnose, and fix crashes and errors. Sentry processes it under its own privacy policy (https://sentry.io/privacy/).Anti-Fraud, Security, and Fair Play
To keep the game fair and to protect against fraud and abuse, we collect and use certain information for security and integrity purposes:* Abuse and account-farming prevention: using more than one account is allowed, but we use a device identifier and your IP address to detect and prevent account farming (mass-creating or automating accounts to harvest Trophies or Stars), reward and ad spamming, and leaderboard manipulation — and to apply or enforce account suspensions and bans for such abuse.
* Tamper, emulator, root, and VPN checks: the Application may check whether it is running on an emulator, a rooted or tampered device, or through a VPN. These checks run on your device, and we transmit only the resulting event or flag (for example, “a VPN was detected”) tied to your account — we do not collect or transmit the underlying device details (such as your device model or system fingerprint) for this purpose. In addition, to prevent abuse of ad-based rewards, when you choose to watch a rewarded ad we check whether your IP address is associated with a VPN, proxy, or other anonymizer by sending it to a third-party IP-reputation service (see “Service Providers We Use”); if it is, we may decline to credit that reward.
* App-integrity attestation: on supported devices we use Google Play Integrity (through Firebase App Check) to help verify that the app and device are genuine and untampered. The attestation is processed and assessed by Google; we do not receive the underlying device details.
* Reward and ad-abuse prevention: when you earn Stars from ads or offers, we record and verify the reward transaction — including a server-side verification signature from Google AdMob and a transaction identifier — de-duplicate transactions, cap how many rewards you can earn in a period, and store the associated IP address.
* Rate limiting and security logging: we use your IP address to rate-limit sign-in and other sensitive requests and to keep security logs that help us detect and investigate abuse.
Based on these signals, we may take action such as limiting features, withholding or reversing rewards, or suspending or banning an account, as described in our Terms of Service.
HOW WE USE YOUR INFORMATION
We use the information above to:* Create and manage your account and sign you in;
* Provide game functionality and save your progress and leaderboards;
* Process and verify in-app purchases and credit virtual items;
* Send push notifications you have allowed (you can turn these off in your device settings);
* Display advertising, including opt-in rewarded video ads, through Google AdMob;
* Detect, prevent, and investigate fraud and abuse — such as account farming, reward and ad spamming, and leaderboard manipulation — and enforce our Terms, including by verifying device and app integrity and applying account suspensions and bans;
* Provide customer support and respond to your requests;
* Maintain, secure, and improve the Application, including monitoring stability and diagnosing crashes and errors; and
* Comply with applicable law and enforce our agreements.
ADVERTISING
We use Google AdMob as our advertising provider, including opt-in rewarded video ads that grant Stars when you choose to watch them and occasional full-screen interstitial ads shown only at natural breaks (such as when you leave a game) — never during gameplay, and never to users we know to be under 18. AdMob may use your Advertising ID and ad-interaction data to serve, cap, and measure ads, and to confirm that a reward was earned.You can reset your Advertising ID or opt out of personalized ads at any time in your device settings (Settings → Google → Ads). If you opt out, you will see non-personalized (contextual) ads instead. In the EEA, the UK, and Switzerland, the first time you open the Application we show a consent prompt through Google’s User Messaging Platform (UMP) before any personalized advertising, and you can change or withdraw your choice at any time in Settings → “Manage privacy choices.”
For full details, see our Advertising Policy. To learn how Google uses data from apps that use its services, see https://policies.google.com/technologies/partner-sites.
COOKIES AND SIMILAR TECHNOLOGIES
The Application is a native app and does not use browser cookies for its own screens; instead it stores small amounts of data on your device (such as your login session and settings). However, the HTML mini-games described below load inside an in-app browser window (WebView) and may store small amounts of first-party data (such as your best score) on your device, and our website uses essential cookies. For a full explanation, see our Cookie Policy.OUR HTML MINI-GAMES
In addition to our five main games, the Application offers one or more free-to-play HTML mini-games that we build and host ourselves (currently 2048). They run inside an in-app browser window (WebView) but contain no third-party advertising, ad SDKs, analytics, or trackers, and set no third-party cookies. A game may store small amounts of first-party data (such as your best score) on your device across sessions. Because they are ad-free and tracker-free, they are available to everyone. These mini-games are just for fun and do not award Trophies or Stars or affect your leaderboard rank; Trophies and ranking come only from our five main Trophy Arena games.IN-APP PURCHASES
In-app purchases of Stars are sold and processed through Google Play Billing, subject to Google Play’s terms and Google’s privacy policy. Google acts as the merchant and payment processor and shares purchase confirmation data with us so we can deliver your Stars. Refund handling is described in our Terms of Service.SERVICE PROVIDERS WE USE
We rely on the following service providers / processors, who process data only on our behalf and on our instructions, not for their own purposes:* Google Firebase — Authentication (sign-in), Cloud Messaging (push notifications), and App Check with Google Play Integrity (app- and device-integrity attestation);
* Google Play services and Google Play Billing — core services and in-app purchases;
* Sentry (Functional Software, Inc.) — crash reporting and error/performance monitoring;
* proxycheck.io — an IP-reputation service that, when you watch a rewarded ad, checks whether your IP address is associated with a VPN, proxy, or other anonymizer, to help prevent ad-reward fraud; and
* our cloud hosting provider — to operate our servers and database.
Google AdMob is different. AdMob is our advertising provider and an independent recipient of the data we share for advertising (your Advertising ID, approximate location, user identifiers, and ad-interaction data), which it uses for its own purposes under its own privacy policy. See “How We Share Information” below and our Advertising Policy.
Approximate-location lookup. To determine your approximate country, the app contacts an IP-geolocation provider directly; that provider receives your IP address and handles it under its own privacy policy. The provider is configurable and is not a fixed vendor.
HOW WE SHARE INFORMATION
We do not exchange your personal information for money. However, when we show personalized ads through Google AdMob we share your device’s Advertising ID, approximate (country-level) location, user identifiers, and ad-interaction data with Google for advertising. Under California and other U.S. state privacy laws this counts as a “sale,” “sharing,” or “targeted advertising,” and you have the right to opt out (see “U.S. State Privacy Rights” below), after which you receive only non-personalized ads. We never sell or share the personal information of users we know to be under 18. We otherwise share information only:* With the service providers listed above, to operate the Application;
* When required by law, or to protect the rights, safety, and property of our users, the public, or us, including for fraud prevention; and
* In connection with a merger, acquisition, financing, or sale of assets, in which case we will continue to protect your information consistent with this policy.
DATA RETENTION
We keep your personal information only for as long as needed for the purposes described in this policy, and then delete or anonymize it. Our standard retention periods are:* Account data (profile, game history, balances, messages, notification tokens): kept while your account is active and deleted within 30 days of account deletion, except for records we must keep longer for the reasons below.
* In-app usage and analytics data (which screens you open, session activity, feature and booster usage, and ad / purchase interactions — linked to your account ID, not to your name or IP address): retained for up to 12 months, and removed within 30 days if you delete your account sooner.
* Purchase and transaction records (order IDs, purchase tokens, and the fact and amount of a purchase): retained for up to 7 years to meet tax, accounting, and audit obligations. If you delete your account, these records are de-identified — your account ID is replaced with a non-reversible token — and kept only for these legal obligations.
* Your device identifier and IP address, and anti-fraud / security logs (sign-in, reward-verification, and abuse-detection logs): retained for up to 12 months, or longer where needed to investigate or resolve a specific incident, dispute, or legal claim, or to enforce a ban.
* Crash, error, and performance data processed by Sentry: retained under Sentry’s default retention (generally up to 90 days) and then automatically deleted.
After deletion, some limited records may be retained where required to comply with law, prevent fraud, or establish, exercise, or defend legal claims.
ACCOUNT DELETION
You can permanently delete your account and its associated data at any time:* In the app: open Profile → “Delete Account”. For your security, we then send a confirmation link to your account’s email address; your account is deleted when you open that link and confirm on the page it takes you to. Nothing is deleted until you confirm. Deletion permanently removes your account and your associated data (profile, game history, balances, messages, notification tokens, and in-app usage / analytics data). Purchase and transaction records are de-identified and kept only as long as the law requires (see “Data Retention” above). If you signed in with Google, we also delete your sign-in record and disconnect the Application from your Google Account the next time the app runs.
* On the web: visit https://refer.trophyarena.games/datadelete for instructions on deleting your account from within the app or by email.
* By email: contact us at the address below and we will delete your account.
INTERNATIONAL DATA TRANSFERS
We are based in the United States, and the information we collect is processed and stored on servers we operate in the United States. If you use the Application from outside the United States — including from the EEA, the United Kingdom, or Switzerland — your information will be transferred to and processed in the United States and other countries, which may have data-protection laws different from those in your country.Where we transfer personal data out of the EEA, the United Kingdom, or Switzerland, we rely on appropriate safeguards recognized under applicable law:
* For our self-hosted U.S. backend and our service providers, we transfer EEA, UK, and Swiss personal data to the United States under the European Commission’s Standard Contractual Clauses (SCCs) and, for UK transfers, the UK International Data Transfer Addendum / IDTA, together with supplementary technical and organizational measures.
You may request a copy of the relevant safeguard by contacting us at the email below.
YOUR PRIVACY RIGHTS
Depending on where you live, you may have some or all of the following rights regarding your personal information: to access it, correct it, delete it, obtain a copy (portability), object to or restrict certain processing, opt out of profiling or targeted advertising, and withdraw consent. You can exercise most of these directly in the app (review and update your profile, manage notifications, manage your privacy choices, and delete your account) or by contacting us at the email below. We will not discriminate or retaliate against you for exercising your rights.SENSITIVE AND PRECISE DATA WE DO NOT COLLECT
We do not collect precise (GPS) geolocation, and we do not collect special-category or “sensitive” personal data — such as racial or ethnic origin, religious or philosophical beliefs, political opinions, trade-union membership, health, sex life or sexual orientation, genetic or biometric data, government identifiers, or precise location. We do not use your information to infer any of these characteristics, and we do not sell or share sensitive personal information.AUTOMATED DECISIONS AND PROFILING
We use limited automated checks for fraud prevention, security, and fair play (for example, anti–account-farming, reward-abuse, and emulator/VPN checks described above). These do not produce legal or similarly significant effects on you without human involvement; account suspensions and bans are subject to human review on request. Where we process your personal data for direct-marketing or advertising-related profiling, you have the right to object at any time under Article 21(2) GDPR, and we will stop such processing. You can opt out of personalized advertising as described in our Advertising Policy.U.S. STATE PRIVACY RIGHTS
Residents of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Utah (UCPA), and Montana (MCDPA), and of other U.S. states with comprehensive privacy laws, have rights regarding their personal information. Depending on your state, these include the right to know/access, correct, and delete your personal information; to obtain a portable copy; to opt out of “sales,” “sharing,” and “targeted advertising”; to opt out of certain profiling; and to limit the use of sensitive personal information. We do not discriminate against you for exercising these rights.In the preceding 12 months we collected the following categories of personal information: identifiers (such as name, email, device and advertising identifiers, and IP address); internet or other electronic activity (gameplay and ad-interaction data); approximate (country-level) geolocation; commercial information (purchase history of virtual items); and customer-support communications. We collect this for the business purposes described above, and we disclose it to the service providers listed in this policy.
Sale / sharing / targeted advertising. Trophy Arena uses Google AdMob to show ads. For adults who have not opted out, ads may be personalized, and we share your device’s Advertising ID, approximate location, user identifiers, and ad-interaction data with Google for advertising. Under California and other U.S. state laws this counts as a “sale,” “sharing,” or “targeted advertising.” You can opt out in the app at any time via Settings → “Manage privacy choices,” after which you receive only non-personalized (contextual) ads; you can also reset or opt out at the device level (Settings → Google → Ads). On our websites (including this Privacy page and our account-deletion page) we treat a Global Privacy Control (GPC) signal as a valid opt-out of sale, sharing, and targeted advertising; apps do not send a browser GPC signal, so in the app the “Manage privacy choices” control is the equivalent. For users we know to be under 18, advertising is always non-personalized and we do not sell or share their personal information or use it for targeted advertising. When you exercise GPC on our websites, we keep only a minimal record of your opt-out (a hashed representation of the request, not your raw IP address or browser details) so we can honor it.
California residents may also use an authorized agent to submit requests, and may appeal a denied request by contacting us at the email below. Virginia, Colorado, Connecticut, Texas, Oregon, and Montana residents likewise have the right to appeal our decision on a request; if we deny your appeal, your state’s Attorney General may provide a further complaint mechanism.
EEA / UK (GDPR & UK GDPR)
If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing are: performance of a contract (to provide the game and your account); consent — collected separately and granularly — for push notifications and for personalized advertising (gathered before any personalized ad through Google’s certified consent prompt (UMP) using the IAB Transparency and Consent Framework; if you decline, you receive only non-personalized ads), withdrawable at any time in Settings → “Manage privacy choices”; legitimate interests (to secure the Application, prevent fraud, and improve our services); and legal obligation (for example, tax and accounting record-keeping). You have the right to access, rectify, erase, restrict, and port your data, to object to processing (including direct-marketing profiling under Article 21(2)), and to withdraw consent without affecting prior processing.Cashwiz Media LLC is the data controller for the information described in this policy. Complaints: if you have a concern about how we handle your personal data, contact our Privacy Officer at legal@wizmedia.app with “Privacy complaint” in the subject. We will acknowledge your complaint within 30 days, investigate it in a way that is reasonable and proportionate, keep you informed of progress, and tell you the outcome without undue delay. You also have the right to lodge a complaint with your supervisory authority — in the United Kingdom, the Information Commissioner’s Office (ICO), https://ico.org.uk; in the EEA, the data-protection authority in your country of residence.
EU Representative (Article 27 GDPR): [EU REPRESENTATIVE — name, EEA postal address, email — TO BE APPOINTED].
UK Representative (Article 27 UK GDPR): [UK REPRESENTATIVE — name, UK postal address, email — TO BE APPOINTED].
Response time (Article 12). We will respond to your request without undue delay and in any event within one month of receipt. We may extend this by up to two further months for complex or numerous requests, in which case we will tell you within the first month and explain why.
BRAZIL (LGPD)
If you are in Brazil, you have the rights provided by the Lei Geral de Proteção de Dados (LGPD), including to confirm processing; access, correct, anonymize, block, or delete your data; obtain portability; and withdraw consent. You may also contact Brazil’s data-protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), https://www.gov.br/anpd. To exercise these rights, contact our Privacy Officer below.Data Protection Officer (Encarregado). Our designated encarregado de proteção de dados is our Privacy Officer, reachable at legal@wizmedia.app (please include “LGPD” or “Encarregado” in the subject line). You may contact the encarregado with any question about how we process your personal data or to exercise your LGPD rights.
OTHER REGIONS
Residents of other regions have rights under their local laws and may contact the relevant authority:* Canada — Office of the Privacy Commissioner of Canada (OPC), https://www.priv.gc.ca; in Québec, the Commission d’accès à l’information (CAI), https://www.cai.gouv.qc.ca.
* Australia — Office of the Australian Information Commissioner (OAIC), https://www.oaic.gov.au.
* India — the Data Protection Board of India under the Digital Personal Data Protection Act.
* South Korea — Personal Information Protection Commission (PIPC), https://www.pipc.go.kr.
To exercise any of these rights, contact our Privacy Officer below.
SECURITY
We use administrative, technical, and physical safeguards to protect your information, including encrypted (HTTPS) transmission and hashed password storage. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.DATA BREACH NOTIFICATION
If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, in line with Article 33 GDPR (and the equivalent UK GDPR provision). Where the breach is likely to result in a high risk to you, we will also notify affected individuals without undue delay, as required by Article 34 GDPR. We maintain internal records of breaches as required by law.CHILDREN’S PRIVACY
The Application is intended for a general audience and is not directed to children under 13, and we do not knowingly collect personal information from children under 13. We block registration by anyone under 13: at sign-up we ask for your year of birth once, compute age on the device, and refuse to create an account for anyone under 13. If you believe a child under 13 has provided us information, please contact us and we will delete it. If an existing account is later determined to be under 13 (for example, through a one-time age prompt), we place it in the strictest non-personalized, age-appropriate posture pending review.Users under 18. For any user we determine to be under 18, advertising is always non-personalized, and we do not sell or share their personal information or use it for targeted advertising. We also apply Google’s age-appropriate ad-content settings for these users.
Regional age thresholds. Some regions set a higher minimum age for consent to data processing, and we apply local requirements where they are stricter:
* EEA — the digital-consent age ranges from 13 to 16 depending on the member state; where required, processing of a child’s data relies on parental consent.
* United Kingdom — the digital-consent age is 13, and we have regard to the ICO’s Age Appropriate Design Code (Children’s Code).
* India — processing of the data of anyone under 18 requires verifiable parental consent under the Digital Personal Data Protection Act.
* South Korea — processing of the data of a child under 14 requires the consent of a legal guardian.
YOUR CHOICES
You can review or update your account information in the app’s settings, turn off push notifications in your device settings, reset or limit your Advertising ID in your device settings, manage your ad-consent choices where offered, and delete your account as described above.CONTACT US AND PRIVACY OFFICER
If you have questions about this Privacy Policy or your data, or to exercise your privacy rights, contact our Privacy Officer at:Cashwiz Media LLC
Operator of Trophy Arena
Attn: Privacy Officer
Email: legal@wizmedia.app
Telephone: +1 332-269-7595
Mailing address: 30 N Gould St #39671, Sheridan, WY 82801, USA
For EEA/UK matters you may also contact our appointed representatives named in the “EEA / UK (GDPR & UK GDPR)” section above.