Transparency Report
AVAJORA GAMES LTD
Version 1.0 · Last Updated: 17 February 2026
Our Commitment to Transparency
AVAJORA GAMES LTD believes in being open about how we handle personal data. This transparency report provides an overview of the privacy-related requests we receive, how we respond to them, and the state of our privacy programme. We publish this report annually (or more frequently if there are material developments).
This report covers the period from 1 January 2026 to the date shown above. As a newly established company, some metrics may show zero or low volumes — this is expected and will grow as our game portfolio expands.
Data Subject Requests (DSARs)
Under GDPR, UK GDPR, CCPA/CPRA, and other applicable privacy laws, individuals have the right to make data subject access requests. The table below summarises requests received and our response.
| Request Type | Received | Completed | Denied | Avg. Response Time |
|---|---|---|---|---|
| Access (Right to Know) | 0 | 0 | 0 | N/A |
| Deletion (Right to Erasure) | 0 | 0 | 0 | N/A |
| Correction (Right to Rectify) | 0 | 0 | 0 | N/A |
| Opt-Out of Sale/Sharing | 0 | 0 | 0 | N/A |
| Data Portability | 0 | 0 | 0 | N/A |
| Total | 0 | 0 | 0 | N/A |
Our target response time is 30 calendar days (GDPR) / 45 days (CCPA). We have not denied any verifiable request to date.
Data Breaches
Under GDPR Article 33, we are required to notify the ICO within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms. Under Article 34, we will also notify affected individuals directly if the breach is likely to result in a high risk.
No personal data breaches have occurred during the reporting period.
If a breach occurs in the future, this section will be updated with: the date of the breach, nature and categories of data affected, approximate number of individuals affected, measures taken, and supervisory authority notification status.
Law Enforcement & Government Requests
| Type | Received | Data Disclosed | Challenged |
|---|---|---|---|
| Court Orders / Legal Process | 0 | 0 | 0 |
| Law Enforcement Requests | 0 | 0 | 0 |
| National Security Letters | 0 | 0 | 0 |
We will disclose personal data to law enforcement only when legally required (e.g. a valid court order). We will challenge overly broad or vague requests and will notify affected users unless prohibited by law.
Quarterly Compliance Metrics
We publish key privacy metrics on a quarterly basis to demonstrate accountability and transparency in our data protection practices.
| Metric | Q1 2026 | Target |
|---|---|---|
| Average DSAR response time | N/A (0 requests) | < 21 days |
| Data breaches reported | 0 | 0 |
| Advertising SDK updates | 2 | Quarterly review |
| Privacy Policy version changes | 1 (v1.0) | As needed |
| Third-party security audits | Scheduled Q2 2026 | Annual |
| Sub-processor reviews conducted | 1 | Quarterly |
| Consent withdrawal requests (ads) | 0 | Track & honor < 24h |
Third-Party SDK Changelog
We maintain a public audit trail of all third-party SDK integrations, updates, and removals. Each SDK version change is reviewed for privacy impact before deployment to production.
2026-02-17: Updated Unity Ads SDK to v4.12.2 (security patch for iOS 18 compatibility). Privacy impact: None — no new data collection.
2026-02-01: Updated CAS.ai SDK to v3.8.1 (improved consent signal propagation). Privacy impact: Positive — better consent enforcement for EEA/UK users.
2026-01-15: Initial SDK integration: Unity Analytics v5.2.0, Google Firebase Analytics (Unity SDK 13.8.0), CAS.ai v3.7.5, Liftoff SDK v7.1.0, InMobi SDK v10.7.0. All SDKs configured with COPPA-compliant defaults. Firebase Analytics collection is disabled for child-identified sessions.
SDK version information for each published game is available on the respective Google Play Data Safety Section and Apple App Privacy Details.
Privacy Programme Updates
- Privacy Policy updates: Our Privacy Policy has been comprehensively reviewed and updated to version 1.0 as of 17 February 2026. Key changes include an expanded sub-processor register, Art. 34 breach notification commitments, and future-proofing for Android Privacy Sandbox.
- Consent management: We use Klaro (self-hosted, open-source) for website cookie consent and CAS.ai’s built-in CMP for in-app consent (TCF 2.2 compliant for EEA/UK users).
- Data Protection Impact Assessments: We conduct DPIAs for any new processing activity that is likely to result in a high risk to individuals. A DPIA was completed for our advertising mediation stack (CAS.ai + downstream networks) and for Google Firebase Analytics integration (covering app-instance identifiers, GAID collection, and international data transfers to Google LLC in the USA).
- Sub-processor monitoring: We review our sub-processor list quarterly and update our Privacy Policy whenever a sub-processor is added or removed.
- Cookie audits: We perform periodic automated cookie scans of our website to identify undisclosed cookies. Results are reflected in our Cookie Policy.
- Third-party security audits: We conduct annual independent security assessments covering infrastructure penetration testing, mobile app binary analysis, and data processing agreement compliance. Audit summaries are available upon request to privacy@avajora.com.
Questions About This Report
If you have questions about this transparency report or our privacy practices, contact us at privacy@avajora.com.
Supervisory authority: Our lead supervisory authority is the Information Commissioner’s Office (ICO) in the United Kingdom.
Related Links
© 2026 AVAJORA GAMES LTD. All rights reserved.