Privacy Policy

Invo Technologies Inc. ("Invo," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you access or use our website at ourinvo.com, our Developer Dashboard at console.invo.network, our Software Development Kits ("SDK"), Application Programming Interfaces ("APIs"), and any related services, tools, and features (collectively, the "Services").

This Privacy Policy applies to game developers, studio representatives, and other users who interact with our Services. It does not apply to end-user players of games that integrate our SDK, as player data is collected and controlled by game developers. We serve as a data processor for aggregated, pseudonymized transaction data related to value transfers between games.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, you must not access or use the Services.

1. Information We Collect

We collect several categories of information from and about users of our Services. The information we collect depends on how you interact with our Services and the choices you make.

1.1 Developer Account Information

When you register for a developer account to access our SDK, APIs, and Developer Dashboard, we collect:

• Identity Information: Full legal name, company or organization name, business registration details, tax identification numbers, and authorized representative information
• Contact Information: Email address, phone number, business address, and mailing address
• Account Credentials: Username, password (stored in encrypted form), security questions and answers, and authentication tokens
• Payment Information: Bank account details, payment processor account information, billing address, and tax withholding documentation for processing transfer tax distributions
• Professional Information: Game titles, studio information, development team size, game genres, target platforms, and integration timeline

1.2 Game Integration Information

When you integrate our SDK into your games, we collect:

• Game Configuration Data: Game identifiers, economy settings, currency configurations, exchange rate parameters, API keys, secret keys, and webhook endpoints
• Technical Implementation Data: SDK version, game engine type and version (Unity or Unreal Engine), programming language, integration method (Blueprints, C++, Bolt, Playmaker), build environment, and technical specifications
• Game Metadata: Game title, description, genre, release date, platforms, age ratings, and promotional images

1.3 Transaction and Analytics Data

To facilitate value transfers and provide analytics through the Developer Dashboard, we collect:

• Transaction Information: Transaction identifiers, timestamps, amount transferred, source game, destination game, transaction status, fees applied, and blockchain transaction hashes
• Aggregated Player Data: Pseudonymized player identifiers (generated by your game), transaction patterns, currency conversion events, transfer frequency, and geographical region (country-level only)
• Analytics and Performance Data: Transaction volumes, success rates, failure rates, average transaction values, player retention metrics related to value transfers, revenue generated from transfer taxes, and network performance metrics
• Blockchain Data: Public blockchain addresses, transaction records on distributed ledgers, cryptographic proofs, and validation timestamps

1.4 Usage and Technical Information

We automatically collect certain information when you access or use our Services:

• Device Information: Computer or device type, operating system and version, browser type and version, screen resolution, device identifiers, and hardware specifications
• Connection Information: Internet Protocol (IP) address, internet service provider, connection type, and approximate geographic location derived from IP address
• Usage Information: Pages visited, features accessed, time spent on pages, links clicked, search queries within the Developer Dashboard, navigation paths, and interaction with our Services
• Log Data: Access times, error logs, crash reports, API call logs, authentication attempts, and system performance data
• Cookies and Tracking Technologies: Data collected through cookies, web beacons, pixels, local storage, and similar technologies (see Section 8 for details)

1.5 Communications and Support Information

When you communicate with us, we collect:

• Support Tickets: Technical issues reported, bug descriptions, feature requests, error messages, screenshots, and correspondence history
• Email Communications: Content of emails, attachments, email metadata, and communication preferences
• Survey Responses: Feedback, satisfaction ratings, feature preferences, and demographic information voluntarily provided
• Marketing Communications: Newsletter subscriptions, event registrations, webinar attendance, and content downloads

1.6 Information from Third Parties

We may receive information about you from third-party sources, including:

• Payment Processors: Payment verification, transaction confirmation, fraud detection signals, and payout processing status
• Business Partners: Game engine providers, platform holders, and technology partners who may share information about your games or integrations
• Public Sources: Publicly available information about your games, press releases, app store listings, and professional profiles
• Fraud Prevention Services: Risk scores, verification results, and security signals

1.7 Information We Do Not Collect

It is important to note what we do NOT collect:

• Player Personal Information: We do not directly collect names, email addresses, birthdates, or other personally identifiable information from end-user players. This data remains under the control of game developers
• Game Content: We do not collect or store player-generated content, chat messages, gameplay recordings, or other in-game content
• Payment Card Information: We do not directly collect or store credit card numbers, CVV codes, or other payment card details. All payment processing is handled by certified third-party payment processors
• Precise Geolocation: We do not collect GPS coordinates or precise location data. Geographic information is limited to country-level identification based on IP addresses

2. How We Use Your Information

We use the information we collect for various business and operational purposes. The legal bases for our processing under applicable data protection laws (including GDPR) include: performance of our contract with you, our legitimate interests, your consent, and compliance with legal obligations.

2.1 Providing and Operating the Services

We use your information to:

• Create, maintain, and authenticate your developer account
• Process and facilitate value transfer transactions between games
• Generate and distribute API keys and authentication credentials
• Provide access to the Developer Dashboard and its features
• Calculate and process transfer tax distributions and payments
• Monitor transaction integrity using blockchain validation and Zero-Knowledge Proofs
• Generate real-time analytics, reports, and insights about your game's economy and player transactions
• Enable game discovery and network effects within the Invo ecosystem

2.2 Improving and Developing the Services

We use your information to:

• Analyze usage patterns and trends to improve user experience
• Develop new features, products, and services
• Test and troubleshoot new and existing features
• Conduct research and development for cryptographic and blockchain technologies
• Optimize SDK performance and reduce integration friction
• Enhance security measures and fraud detection capabilities
• Perform data analytics and create aggregated, anonymized statistics about platform usage

2.3 Customer Support and Communications

We use your information to:

• Respond to your inquiries, support requests, and feedback
• Provide technical assistance and troubleshooting
• Send service-related communications, including account notifications, security alerts, and system updates
• Notify you of changes to our Services, policies, or terms
• Request feedback through surveys and questionnaires
• Provide documentation, tutorials, and educational resources

2.4 Marketing and Business Development

With your consent where required by law, we use your information to:

• Send newsletters, promotional materials, and marketing communications about our Services
• Promote your game as part of the Invo network on our website, blog, and marketing materials
• Invite you to events, webinars, and conferences
• Conduct market research and competitive analysis
• Create case studies and success stories (with your explicit permission)
• Personalize marketing messages based on your game genre and interests

You can opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

2.5 Security and Fraud Prevention

We use your information to:

• Detect, prevent, and investigate fraudulent transactions and activities
• Identify and prevent security threats, abuse, and violations of our Terms of Use
• Verify identity and authenticate users
• Monitor for suspicious patterns or anomalies in transaction data
• Protect against unauthorized access to accounts and systems
• Investigate security incidents and data breaches
• Enforce our policies and protect our rights and property

2.6 Legal Compliance and Protection

We use your information to:

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from public authorities, including law enforcement
• Enforce our Terms of Use and other agreements
• Establish, exercise, or defend legal claims
• Protect the rights, property, and safety of Invo, our users, and the public
• Comply with tax obligations and financial reporting requirements
• Maintain records for audit and compliance purposes

2.7 Business Transactions

We may use your information in connection with:

• Mergers, acquisitions, or sales of all or a portion of our business
• Corporate restructuring or reorganization
• Due diligence in connection with potential business transactions
• Bankruptcy or similar proceedings

3. How We Share Your Information

We may share your information with third parties in the following circumstances. We require third parties to respect the security of your data and treat it in accordance with applicable laws.

3.1 Service Providers and Business Partners

We share information with trusted third-party service providers who perform services on our behalf, including:

• Cloud Infrastructure Providers: For hosting our Services, storing data, and providing computing resources (e.g., Amazon Web Services, Google Cloud Platform, Microsoft Azure)
• Payment Processors: For processing payments, distributing transfer tax revenues, and managing financial transactions
• Analytics Services: For analyzing usage patterns, generating reports, and improving our Services
• Customer Support Tools: For managing support tickets, live chat, and customer relationship management
• Email Service Providers: For sending transactional emails, newsletters, and notifications
• Security Services: For fraud detection, identity verification, DDoS protection, and security monitoring
• Blockchain Infrastructure: For facilitating blockchain transactions, maintaining distributed ledgers, and cryptographic operations

These service providers have access only to the information necessary to perform their specific functions and are contractually obligated to maintain confidentiality and security.

3.2 Other Game Developers in the Network

To facilitate value transfers and enable the Invo ecosystem, we share limited information with other developers:

• Game titles and descriptions for display in player-facing transfer interfaces
• Transaction metadata necessary to complete value transfers (timestamps, amounts, transaction IDs)
• Aggregated, anonymized statistics about network activity and trends
• Publicly available information about your participation in the Invo network

We do NOT share your account credentials, payment information, proprietary game economy settings, or detailed revenue information with other developers.

3.3 Public Blockchain Networks

Transaction records are recorded on public blockchain networks to ensure transparency, immutability, and security. Information stored on blockchains may include:

• Transaction hashes and identifiers
• Pseudonymized wallet addresses
• Transaction amounts and timestamps
• Cryptographic proofs and validation data

Blockchain data is publicly accessible and cannot be deleted or modified once recorded. We use Zero-Knowledge Proofs and other privacy-enhancing technologies to minimize the exposure of sensitive information on public blockchains.

3.4 Legal and Regulatory Authorities

We may disclose your information to law enforcement, government agencies, regulators, courts, or other third parties when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
• Enforce our Terms of Use or other agreements, including investigation of potential violations
• Detect, prevent, or address fraud, security, or technical issues
• Protect against harm to the rights, property, or safety of Invo, our users, or the public as required or permitted by law
• Respond to court orders, subpoenas, or other legal processes
• Cooperate with tax authorities and financial regulators

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, sale of assets, or other business transaction involving Invo, your information may be transferred to the acquiring or successor entity. We will notify you of any such transaction and any choices you may have regarding your information.

3.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as:

• Featuring your game in case studies, testimonials, or promotional materials
• Sharing your contact information with potential business partners
• Integrating with third-party services you explicitly authorize
• Publishing success metrics or revenue information about your game

3.7 Aggregated and Anonymized Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you or your users. This includes:

• Industry trends and statistics
• Platform-wide transaction volumes and metrics
• Research and development insights
• Benchmarking data for the gaming industry

This information is not considered personal information and may be used and shared for any lawful purpose.

4. Data Security and Protection

We take the security of your information seriously and implement comprehensive technical, administrative, and physical safeguards designed to protect your data from unauthorized access, disclosure, alteration, and destruction.

4.1 Technical Security Measures

Our security measures include:

• Encryption: All data transmitted between your systems and our Services is encrypted using industry-standard TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 or equivalent encryption standards
• Blockchain Technology: Transaction integrity is maintained through distributed ledger technology, making unauthorized alterations detectable and preventing tampering
• Zero-Knowledge Proofs (ZKP): We employ cryptographic techniques that allow transaction validation without exposing underlying sensitive data
• Access Controls: Multi-factor authentication (MFA), role-based access controls (RBAC), and the principle of least privilege limit access to your data
• API Security: API keys, secret keys, OAuth tokens, rate limiting, and request validation protect against unauthorized API access
• Network Security: Firewalls, intrusion detection and prevention systems, DDoS protection, and network segmentation protect our infrastructure
• Secure Development: Code reviews, security testing, vulnerability scanning, and penetration testing are integrated into our development lifecycle

4.2 Administrative Security Measures

We maintain organizational security through:

• Security Policies: Comprehensive information security policies and procedures governing data handling
• Employee Training: Regular security awareness training for all employees with access to data
• Background Checks: Background screening for employees with access to sensitive systems and data
• Confidentiality Agreements: Contractual obligations requiring employees and contractors to maintain confidentiality
• Incident Response: Documented procedures for detecting, responding to, and recovering from security incidents
• Vendor Management: Security assessments and contractual requirements for third-party service providers

4.3 Physical Security Measures

Our data centers and facilities employ:

• 24/7 security monitoring and surveillance
• Restricted access controls and badge-based entry systems
• Environmental controls for temperature, humidity, and fire suppression
• Redundant power supplies and network connections
• Regular security audits and compliance assessments

4.4 Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify affected users without undue delay, and where feasible, within 72 hours of becoming aware of the breach
• Describe the nature of the breach, categories of data affected, and approximate number of affected records
• Provide information about the likely consequences of the breach
• Describe measures taken or proposed to address the breach and mitigate harm
• Provide contact information for inquiries
• Notify relevant data protection authorities as required by applicable law

4.5 Limitations of Security

While we implement robust security measures, no system is completely secure. You acknowledge that:

• Internet transmission and electronic storage are never 100% secure
• You are responsible for maintaining the security of your account credentials
• You should use strong, unique passwords and enable multi-factor authentication
• You should promptly report any suspected security incidents or unauthorized access
• We cannot guarantee the absolute security of your information

5. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

Our retention periods vary based on the type of information:

• Account Information: Retained for the duration of your account plus seven (7) years after account closure for legal, tax, and audit purposes
• Transaction Data: Retained indefinitely for blockchain integrity, audit trails, and financial record-keeping requirements. Note that blockchain records are immutable and cannot be deleted
• Analytics Data: Aggregated analytics data is retained for up to five (5) years; granular usage data is retained for up to two (2) years
• Communications: Support tickets and correspondence are retained for three (3) years; marketing communications data is retained until you opt out
• Log Data: System logs are retained for ninety (90) days to one (1) year depending on the log type and regulatory requirements
• Backup Data: Backups containing your information are retained for up to one (1) year and are securely deleted thereafter

5.2 Factors Affecting Retention

We determine retention periods based on:

• The nature and sensitivity of the information
• The purposes for which we process the information
• Legal, regulatory, accounting, and reporting requirements
• Our legitimate business interests
• The need to establish, exercise, or defend legal claims
• Tax and financial audit requirements

5.3 Deletion and Anonymization

After the retention period expires, we will:

• Securely delete or destroy personal information
• Anonymize information so it can no longer identify you
• Aggregate information into statistical data that cannot be linked to you

Note that blockchain records are immutable by design and cannot be deleted. However, these records use pseudonymous identifiers and cryptographic techniques to minimize exposure of personal information.

6. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. This section describes these rights and how to exercise them.

6.1 General Rights

You have the right to:

• Access: Request access to the personal information we hold about you and receive a copy of that information
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal retention requirements and blockchain immutability
• Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format
• Objection: Object to our processing of your personal information for certain purposes, including marketing
• Restriction: Request that we restrict processing of your personal information in certain circumstances
• Withdrawal of Consent: Withdraw consent for processing based on consent, without affecting the lawfulness of processing before withdrawal

6.2 GDPR Rights (European Economic Area, UK, and Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws:

• Right to Information: Receive clear information about how we process your personal data
• Right of Access: Obtain confirmation of whether we process your personal data and access to such data
• Right to Rectification: Have inaccurate personal data corrected
• Right to Erasure ("Right to be Forgotten"): Have your personal data deleted in certain circumstances
• Right to Restriction of Processing: Restrict processing in certain circumstances
• Right to Data Portability: Receive your personal data in a portable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing with legal or similarly significant effects (we do not engage in such automated decision-making)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.3 CCPA/CPRA Rights (California)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share information
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (we do not sell personal information in the traditional sense)
• Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information (we do not use sensitive personal information beyond what is necessary to provide the Services)
• Right to Non-Discrimination: Not be discriminated against for exercising your CCPA/CPRA rights
• Right to Designate an Authorized Agent: Designate an authorized agent to make requests on your behalf

Note: We do not "sell" personal information as defined by CCPA/CPRA. We do not share personal information for cross-context behavioral advertising.

6.4 Marketing Communications

You can opt out of marketing communications by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your communication preferences in the Developer Dashboard
• Contacting us at info@ourinvo.com with "Unsubscribe" in the subject line

Please note that even if you opt out of marketing communications, we will still send you transactional and service-related communications necessary for account administration.

6.5 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@ourinvo.com
• Subject Line: "Privacy Rights Request - [Type of Request]"
• Include: Your name, email address associated with your account, description of your request, and any relevant details

We will respond to your request within the timeframes required by applicable law (generally 30 days, extendable by an additional 60 days if necessary). We may need to verify your identity before processing your request to protect your privacy and security.

6.6 Limitations on Rights

Your rights may be limited in certain circumstances, such as when:

• Disclosure would adversely affect the rights and freedoms of others
• The request is manifestly unfounded or excessive
• We are required to retain information by law
• Information is necessary for the establishment, exercise, or defense of legal claims
• Information is recorded on immutable blockchain ledgers
• Processing is necessary for compliance with legal obligations

7. International Data Transfers

Invo is based in the United States, and your information will be collected, processed, and stored in the United States and potentially in other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

7.1 Transfers from the EEA, UK, and Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, we implement appropriate safeguards for international data transfers:

• Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses (SCCs) with our service providers and partners
• Adequacy Decisions: We may transfer data to countries that have received adequacy decisions from the European Commission
• Supplementary Measures: We implement additional technical and organizational measures to ensure data protection, including encryption, access controls, and contractual protections
• Binding Corporate Rules: Where applicable, we rely on binding corporate rules approved by data protection authorities

7.2 Cross-Border Data Transfers

When we transfer data internationally, we ensure:

• Data is encrypted during transit and at rest
• Service providers are contractually bound to protect data according to applicable standards
• Appropriate security measures are in place in all jurisdictions
• Compliance with applicable data protection laws in both the sending and receiving countries

7.3 Your Consent to International Transfers

By using our Services, you acknowledge and agree that your information may be transferred to, stored in, and processed in the United States and other countries. If you do not consent to such transfers, you should not use the Services.

8. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect and store information about your interactions with our Services.

8.1 Types of Cookies We Use

We use the following categories of cookies:

• Essential Cookies: Necessary for the Services to function properly. These enable core functionality such as account authentication, security features, and session management. You cannot opt out of these cookies.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, language settings, and customization options.
• Analytics Cookies: Help us understand how users interact with our Services by collecting aggregated usage data, page views, session duration, and navigation patterns. We use this information to improve our Services.
• Marketing Cookies: Track your browsing activity to deliver relevant advertisements and measure the effectiveness of marketing campaigns. These cookies may be set by third-party advertising partners.

8.2 Specific Technologies

Our Services use:

• HTTP Cookies: Small text files stored on your device that contain information about your session and preferences
• Local Storage: Browser-based storage for larger amounts of data that persists across sessions
• Session Storage: Temporary storage that is cleared when you close your browser
• Web Beacons (Pixels): Tiny transparent images embedded in web pages and emails to track interactions
• JavaScript: Code that executes in your browser to enable interactive features and collect usage information

8.3 Third-Party Cookies and Analytics

We use third-party services that may set their own cookies, including:

• Google Analytics: For website analytics and user behavior tracking
• Customer Support Platforms: For live chat and support ticket management
• Payment Processors: For secure payment processing
• Content Delivery Networks: For optimized content delivery

These third parties have their own privacy policies governing their use of cookies and tracking technologies.

8.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to view, manage, and delete cookies through settings or preferences. You can typically block all cookies, accept only first-party cookies, or receive notifications before cookies are set
• Cookie Preference Center: You can adjust your cookie preferences through our cookie banner when you first visit our website
• Opt-Out Tools: You can opt out of certain advertising cookies through industry opt-out pages such as the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI)

Please note that blocking or deleting cookies may affect the functionality of our Services, and some features may not work properly without cookies enabled.

8.5 Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Currently, there is no industry standard for how to respond to DNT signals, and our Services do not respond to DNT browser signals. We will continue to monitor developments in DNT standards.

9. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction), and we do not knowingly collect personal information from children.

9.1 Age Restrictions

To use our Services, you must:

• Be at least 18 years old to register for a developer account
• Have the legal authority to enter into binding contracts
• Represent a legitimate business entity if registering on behalf of a company

9.2 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA). If you are a game developer whose game is directed to children under 13, you are responsible for:

• Obtaining verifiable parental consent before collecting personal information from children
• Implementing appropriate privacy protections in your game
• Complying with all applicable children's privacy laws
• Ensuring that any data shared with Invo through the SDK is COPPA-compliant

Our SDK is designed to facilitate value transfers using pseudonymized identifiers, which minimizes the need to collect or process personal information from child players. However, developers remain responsible for ensuring their data practices comply with COPPA and other applicable laws.

9.3 Parental Rights

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at privacy@ourinvo.com. We will take prompt steps to delete such information and terminate the associated account.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, and services that are not owned or controlled by Invo.

10.1 Third-Party Responsibility

We are not responsible for:

• The privacy practices of third-party websites and services
• The content or accuracy of third-party materials
• The security of third-party platforms
• How third parties collect, use, or share your information

10.2 Third-Party Integration

If you integrate third-party services with your Developer Dashboard account (such as analytics tools or marketing platforms), those third parties may collect information directly from you. Your use of third-party services is governed by their respective privacy policies and terms of service.

10.3 Recommendation to Review Third-Party Policies

We encourage you to read the privacy policies of any third-party websites or services that you visit or use. By clicking on third-party links or accessing third-party services, you acknowledge that we are not responsible for their privacy practices.

11. California Privacy Rights Disclosures

This section provides additional information for California residents as required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

11.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers: Name, email address, account username, IP address, device identifiers
• Commercial Information: Transaction history, payment information, purchase records
• Internet Activity: Browsing history, search history, interaction with our Services
• Geolocation Data: Approximate geographic location derived from IP address (country-level)
• Professional Information: Business name, game titles, studio information
• Inferences: Preferences, behavior patterns, and characteristics derived from your activity

11.2 Sources of Personal Information

We collect personal information from:

• Directly from you when you register, use our Services, or communicate with us
• Automatically through cookies and tracking technologies
• From your game's integration with our SDK
• From third-party payment processors and service providers
• From publicly available sources

11.3 Business and Commercial Purposes

We use personal information for the business and commercial purposes described in Section 2 of this Privacy Policy, including:

• Providing and maintaining the Services
• Processing transactions and payments
• Customer support and communications
• Security, fraud prevention, and legal compliance
• Improving and developing our Services
• Marketing and business development

11.4 Categories of Third Parties

We share personal information with the categories of third parties described in Section 3, including:

• Service providers and business partners
• Other developers in the Invo network (limited information)
• Public blockchain networks
• Legal and regulatory authorities
• Business transaction parties (in the event of a merger or acquisition)

11.5 No Sale of Personal Information

We do not "sell" personal information as defined by the CCPA/CPRA. We do not share personal information with third parties for cross-context behavioral advertising purposes. We have not sold personal information in the preceding 12 months.

11.6 Retention

We retain personal information as described in Section 5 of this Privacy Policy, typically for the duration of your account plus seven (7) years, with certain exceptions for blockchain data and legal compliance.

11.7 California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

12. Nevada Privacy Rights

If you are a Nevada resident, you have the right to opt out of the sale of certain personal information to third parties. We do not sell personal information as defined under Nevada law. If you have questions about our data practices or wish to exercise your Nevada privacy rights, please contact us at privacy@ourinvo.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website at https://ourinvo.com/privacy-policy
• Updating the "Last Updated" date at the top of this Privacy Policy
• Sending an email notification to the email address associated with your developer account for significant changes
• Displaying a prominent notice on the Developer Dashboard
• For material changes that affect your rights, obtaining your consent where required by law

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must stop using the Services and may request deletion of your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

14. Data Controller and Data Protection Officer

14.1 Data Controller

For the purposes of applicable data protection laws, the data controller responsible for your personal information is:

Invo Technologies Inc.
2000 PGA Boulevard, Suite 4440
Palm Beach Gardens, Florida 33408
United States of America

14.2 EU Representative

If you are located in the European Economic Area or United Kingdom and have questions about our data processing activities, you may contact our EU representative at privacy@ourinvo.com with "EU Representative" in the subject line. We will designate a formal EU representative if required by law as our operations expand.

14.3 Data Protection Officer

For questions about data protection, you may contact our data protection team at privacy@ourinvo.com with "Data Protection Officer" in the subject line.

15. Supervisory Authority

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with a data protection supervisory authority if you believe we have processed your personal information in violation of applicable law.

You can find your local data protection authority at:

• EEA: https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC) - https://www.edoeb.admin.ch

We encourage you to contact us first at privacy@ourinvo.com so we can address your concerns directly before you file a complaint with a supervisory authority.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Invo Technologies Inc.
2000 PGA Boulevard, Suite 4440
Palm Beach Gardens, Florida 33408
United States of America

Email: Contact Privacy Team
General Inquiries: Contact Support
Website: https://ourinvo.com
Developer Dashboard: https://console.invo.network

For privacy-related inquiries, please include "Privacy Request" in your email subject line. For data subject rights requests, please include "Data Rights Request" in the subject line.

We aim to respond to all privacy inquiries within thirty (30) days, or as otherwise required by applicable law.

By using the Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy.