Legal

Privacy Policy

01Introduction

This Privacy Policy sets out the basis on which WOLFBIN INTERACTIVE FZCO (referred to in this Policy as “we”, “us” or “our”) collects, uses, discloses, transfers and otherwise processes personal data in connection with the access to and use of the WOLFBIN platform, including any associated applications, services, features and functionalities (together, the “Platform”).

We recognise that the nature of the Platform—being a technology-driven, interactive and, where applicable, location-enabled gaming environment—necessitates the processing of certain categories of personal data in order to ensure its functionality, security and user experience. We therefore adopt a structured and risk-based approach to data governance, ensuring that personal data is handled in a manner that is lawful, fair, transparent and proportionate to the purposes for which it is processed.

We are committed to processing personal data in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”), together with its implementing regulations and any applicable regulatory guidance, as well as, where relevant, internationally recognised data protection standards. In particular, we seek to ensure that appropriate technical and organisational measures are in place to safeguard personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, and to uphold the rights of individuals in respect of their personal data.

This Privacy Policy should be read in conjunction with our Terms of Service and any other policies or notices that may be provided at the point of data collection or otherwise made available through the Platform.

02Data Controller

For the purposes of the applicable data protection legislation, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”), the entity responsible for determining the purposes and means of processing personal data in connection with the Platform is:

WOLFBIN INTERACTIVE FZCO, a company duly incorporated and registered in Dubai, United Arab Emirates (the “Company”, “we”, “us” or “our”).

In its capacity as data controller, the Company is responsible for ensuring that personal data is processed in accordance with applicable legal and regulatory requirements, including the implementation of appropriate governance frameworks, internal controls and technical safeguards designed to protect personal data and uphold the rights of data subjects.

Where the Company engages third-party service providers (including cloud infrastructure providers, analytics partners and payment processors), such parties will typically act as data processors on our behalf and will be contractually bound to process personal data only in accordance with our documented instructions and applicable data protection laws.

We may, where necessary having regard to the scale and nature of processing activities, designate an internal data protection lead or officer responsible for overseeing compliance with this Privacy Policy and applicable data protection requirements.

If you have any questions regarding this Privacy Policy, the manner in which your personal data is processed, or if you wish to exercise any of your rights, you may contact us at:

We will use reasonable endeavours to respond to all legitimate requests within a reasonable timeframe and in accordance with applicable legal requirements.

03Categories of Personal Data Collected

In connection with the operation of the Platform, we may collect and process a range of personal data, the nature and extent of which will depend on how you access and interact with the Platform. Such data is collected either directly from you, automatically through your use of the Platform, or via authorised third-party service providers.

The principal categories of personal data processed by us are set out below.

3.1 Account Data

We may collect information provided by you at the point of registration or account creation, including your name, username, email address and authentication credentials. This data is necessary to establish and administer your account, enable secure access to the Platform and facilitate communication with you in relation to your use of the Platform.

3.2 Technical and Device Data

We may automatically collect certain technical information relating to the device you use to access the Platform. This may include your Internet Protocol (IP) address, device identifiers, hardware model, operating system and version, as well as system configuration data. We may also collect diagnostic information, including crash logs and performance data, in order to monitor the stability, security and performance of the Platform and to identify and remediate technical issues.

3.3 Gameplay and Usage Data

In order to deliver and enhance the user experience, we may collect data relating to your interaction with the Platform. This may include information regarding in-game actions, progression, achievements, scores, user interactions, session frequency and duration, and other gameplay metrics. Such data is used to operate core game functionality, support multiplayer features, and improve gameplay design, balancing and performance.

3.4 Location Data (Augmented Reality Functionality)

Where the Platform incorporates augmented reality or location-based features, we may process real-time or approximate geolocation data, as well as movement-related data, to enable such functionality. The collection and use of location data is limited to what is strictly necessary for the operation of relevant features and is subject to your prior consent, which may be withdrawn at any time through your device settings or within the Platform, subject to certain features becoming unavailable.

3.5 Payment Data

Where you make purchases through the Platform, we may process limited financial and transactional information, including transaction records, purchase history and payment confirmations. Payment processing is carried out by authorised third-party payment service providers, and we do not collect or store full payment card details.

We take steps to ensure that the personal data collected is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed, in accordance with applicable data protection principles.

04Legal Basis for Processing

We process personal data only where we have a lawful basis to do so, having regard to the requirements of the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”) and, where applicable, comparable international data protection frameworks. The lawful bases upon which we rely will depend on the nature of the processing activity and the context in which the personal data is collected.

In particular, we may process personal data on the following grounds:

4.1 Contractual Necessity

We process personal data where such processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such a contract. This includes, for example, processing required to create and manage your account, enable access to the Platform, deliver gameplay functionality (including multiplayer features), and facilitate in-platform transactions.

4.2 Consent

We may process personal data on the basis of your consent where required under applicable law. In particular, explicit consent may be sought in relation to the collection and use of location data for augmented reality functionality, the use of certain cookies or tracking technologies, and the delivery of marketing or promotional communications. Where processing is based on consent, you have the right to withdraw such consent at any time, although this will not affect the lawfulness of processing carried out prior to withdrawal.

4.3 Legitimate Interests

We may process personal data where such processing is necessary for the purposes of our legitimate interests, provided that such interests are not overridden by your rights and interests. This includes, for example, processing undertaken to ensure the security and integrity of the Platform, to prevent fraud and misuse, to analyse user behaviour and engagement, and to improve and develop the functionality, performance and user experience of the Platform.

4.4 Compliance with Legal Obligations

We may process personal data where necessary to comply with applicable legal or regulatory obligations to which we are subject. This may include obligations relating to financial reporting, anti-money laundering requirements, law enforcement requests, or other regulatory compliance matters within the United Arab Emirates or other relevant jurisdictions.

We ensure that each processing activity is assessed against an appropriate lawful basis and that such basis is documented and applied in a manner consistent with applicable data protection principles, including transparency, proportionality and accountability.

05Purpose of Processing

We process personal data for specified, explicit and legitimate purposes, and do not process such data in a manner that is incompatible with those purposes. The scope of processing undertaken by us is proportionate to the nature of the Platform and is designed to support its functionality, security and ongoing development.

In particular, personal data may be processed for the following purposes:

5.1 Operation and Delivery of the Platform

We process personal data as necessary to operate, maintain and deliver the core features and functionality of the Platform. This includes enabling user registration, account management, authentication, access to gameplay features and the provision of associated services.

5.2 Enabling Multiplayer Functionality

Where the Platform incorporates multiplayer or interactive features, personal data is processed to facilitate user interactions, matchmaking, in-game communication and the synchronisation of gameplay across users. This may include the processing of usernames, gameplay data and technical identifiers to ensure a consistent and responsive user experience.

5.3 Personalisation of User Experience

We may process personal data to tailor and enhance the user experience, including by customising gameplay elements, recommending features or content, and adapting the Platform based on user preferences, behaviour and engagement patterns.

5.4 Processing of Payments and Transactions

Where applicable, personal data is processed to facilitate and administer payments, purchases and other transactions conducted through the Platform. This includes maintaining transaction records, processing purchase confirmations and coordinating with authorised third-party payment service providers.

5.5 Security, Integrity and Fraud Prevention

We process personal data to protect the security and integrity of the Platform, its users and our systems. This includes monitoring for suspicious or unauthorised activity, preventing fraud, enforcing our Terms of Service and ensuring compliance with applicable policies and community standards.

5.6 Compliance with Legal and Regulatory Obligations

Personal data may be processed where necessary to comply with applicable legal, regulatory or governmental requirements, including obligations relating to financial compliance, law enforcement requests, dispute resolution and the exercise or defence of legal rights.

We take reasonable steps to ensure that personal data is processed only to the extent necessary for the purposes set out above, and in a manner consistent with applicable data protection principles, including purpose limitation, data minimisation and accountability.

06Location Data Specific Provisions

Where the Platform incorporates augmented reality or other location-enabled functionality, we may collect and process location data in order to enable, operate and optimise such features. Given the inherently sensitive nature of location data, we apply enhanced safeguards and limitations to its collection and use.

6.1 Consent-Based Collection

The collection and processing of location data is undertaken solely on the basis of your prior, explicit and informed consent, in accordance with applicable data protection requirements. You will be prompted to grant permission through your device or within the Platform before any location data is accessed or processed.

6.2 User Control and Withdrawal

You retain full control over the use of your location data. You may withdraw your consent or disable location access at any time through your device settings or within the Platform. Please note that disabling location services may result in certain features—particularly those reliant on real-time positioning or augmented reality functionality—being unavailable or operating with reduced capability.

6.3 Data Minimisation and Purpose Limitation

We limit the collection and processing of location data to what is strictly necessary for the relevant gameplay functionality. Location data is not collected on a continuous or background basis beyond what is required to support active use of location-enabled features. We do not use location data for unrelated purposes such as profiling or marketing unless separately disclosed and consented to.

6.4 Retention and Handling

Location data is retained only for as long as necessary to fulfil the relevant gameplay or operational purpose, after which it is securely deleted or anonymised. Where feasible, we implement techniques designed to reduce the precision of location data or to process such data in aggregated form.

6.5 Security and Safeguards

Appropriate technical and organisational measures are implemented to protect location data against unauthorised access, disclosure or misuse. This includes secure transmission protocols, restricted access controls and internal governance measures aligned with the sensitivity of such data.

We recognise that location data, particularly in the context of interactive and real-time gaming environments, carries heightened privacy considerations. Accordingly, we seek to ensure that its use remains transparent, proportionate and subject to meaningful user control at all times.

07Data Sharing

In the course of operating the Platform, we may disclose personal data to selected third parties where such disclosure is necessary for the purposes set out in this Privacy Policy. Any such sharing is undertaken in a controlled and proportionate manner, and only to the extent required to support the functionality, security and compliance of the Platform.

In particular, we may share personal data with the following categories of recipients:

7.1 Cloud Hosting and Infrastructure Providers

We may engage reputable third-party cloud service providers to host, store and manage data on our behalf. This includes the provision of server infrastructure, data storage solutions and related technical services necessary to ensure the availability, scalability and security of the Platform.

7.2 Analytics and Technology Providers

We may share certain personal data with analytics providers and technology partners to enable us to monitor and analyse user behaviour, platform performance and engagement metrics. This assists us in improving functionality, optimising gameplay experience and developing new features. Such data is, where possible, aggregated or pseudonymised.

7.3 Payment Service Providers

Where users make purchases through the Platform, personal data may be shared with authorised third-party payment processors to facilitate secure transaction processing. These providers are responsible for handling payment information in accordance with applicable financial and data protection regulations. We do not process or store full payment card details.

7.4 Professional Advisers

We may disclose personal data to our professional advisers, including legal, regulatory, accounting and compliance advisers, where necessary for the purposes of obtaining advice, ensuring regulatory compliance, or establishing, exercising or defending legal rights.

7.5 Safeguards and Controls

All third parties with whom we share personal data are subject to appropriate contractual arrangements which impose obligations relating to:

  • confidentiality and non-disclosure
  • data protection compliance
  • implementation of appropriate technical and organisational security measures
  • processing strictly in accordance with our documented instructions (where acting as data processors)

We take reasonable steps to ensure that such third parties process personal data in a manner consistent with this Privacy Policy and applicable data protection laws, and we do not permit the use of personal data for their own independent purposes unless explicitly disclosed and permitted by law.

We do not sell personal data to third parties. Any sharing of personal data is carried out solely for legitimate business, operational or regulatory purposes, in accordance with applicable legal requirements.

08Cross-Border Transfers

In the course of operating the Platform, it may be necessary for us to transfer personal data to jurisdictions outside the United Arab Emirates, including where our service providers, infrastructure or operational teams are located. This reflects the international and technology-driven nature of the Platform.

In particular, personal data may be transferred to, and processed in:

  • the United Kingdom
  • the European Economic Area
  • India and other jurisdictions in which our affiliates, contractors or service providers operate

Such transfers may occur, for example, where we utilise cloud infrastructure providers, analytics platforms, payment service providers, or technical support teams based in these locations.

8.1 Safeguards and Transfer Mechanisms

Where personal data is transferred outside the UAE, we implement appropriate safeguards to ensure that such data continues to be protected to a standard consistent with applicable data protection requirements. These safeguards may include:

  • entering into contractual arrangements incorporating data protection obligations equivalent to those required under applicable law;
  • conducting adequacy assessments of the recipient jurisdiction to determine whether it provides an appropriate level of data protection;
  • implementing technical and organisational measures, including encryption, access controls and data minimisation protocols; and
  • ensuring that third-party recipients are subject to ongoing oversight and compliance obligations.

8.2 Risk-Based Approach

We adopt a risk-based approach when assessing cross-border transfers, taking into account the nature of the personal data, the purpose of processing, the legal and regulatory environment of the recipient jurisdiction, and the security measures in place. Where required, additional safeguards or contractual protections will be implemented to mitigate identified risks.

8.3 User Acknowledgement

By using the Platform, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside the UAE in accordance with this Privacy Policy. Where required by law, we will obtain your consent prior to such transfers.

We take reasonable steps to ensure that all cross-border transfers are conducted in a secure, transparent and compliant manner, and that personal data remains subject to appropriate levels of protection regardless of where it is processed.

09Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected and processed, and in accordance with applicable legal, regulatory and operational requirements. Retention periods are determined having regard to the nature of the data, the purposes of processing, and any applicable statutory or contractual obligations.

In particular, personal data may be retained for the following purposes:

9.1 Fulfilment of Operational Purposes

Personal data is retained for as long as required to operate and deliver the Platform, including maintaining user accounts, enabling gameplay functionality, supporting multiplayer interactions and ensuring continuity of service. Where personal data is no longer required for these purposes, it will be securely deleted or anonymised.

9.2 Compliance with Legal and Regulatory Obligations

We may retain personal data for longer periods where necessary to comply with applicable legal or regulatory requirements. This may include obligations relating to financial record-keeping, taxation, anti-money laundering compliance, audit requirements, or responding to lawful requests from regulatory authorities or law enforcement agencies.

9.3 Dispute Resolution and Enforcement

Personal data may also be retained where necessary to establish, exercise or defend legal claims, resolve disputes, or enforce our contractual rights and obligations, including those arising under our Terms of Service or other agreements with users or third parties.

9.4 Retention Principles and Controls

We apply the following principles in determining retention periods:

  • data minimisation, ensuring that personal data is not retained for longer than necessary;
  • periodic review, whereby retained data is assessed at appropriate intervals to determine whether continued retention is justified;
  • secure deletion or anonymisation, where personal data is no longer required; and
  • restricted access, ensuring that retained data is accessible only to authorised personnel for legitimate purposes.

Where feasible, personal data may be anonymised so that it can no longer be associated with an identifiable individual, in which case it may be retained for analytical or statistical purposes.

We take reasonable steps to ensure that personal data is retained and disposed of in a secure and controlled manner, consistent with applicable data protection principles and our internal data governance framework.

10User Rights

Subject to applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”), users may have certain rights in relation to their personal data. These rights are not absolute and may be subject to limitations or conditions under applicable law; however, we are committed to facilitating their exercise in a transparent and timely manner.

In particular, you may have the following rights:

10.1 Right of Access

You may request confirmation as to whether we process your personal data and, where that is the case, request access to such data together with information regarding the nature of the processing, the categories of data involved, and the recipients to whom it may have been disclosed.

10.2 Right to Rectification and Erasure

You may request the correction of inaccurate or incomplete personal data. You may also request the deletion of your personal data where there is no lawful basis for its continued processing, subject to any legal or regulatory obligations requiring its retention.

10.3 Right to Restrict or Object to Processing

You may request that we restrict the processing of your personal data in certain circumstances, including where the accuracy of the data is contested or where processing is no longer necessary but required for legal claims. You may also object to processing carried out on the basis of legitimate interests, particularly where such processing relates to profiling or analytics, unless we can demonstrate compelling legitimate grounds for continuing such processing.

10.4 Right to Withdraw Consent

Where personal data is processed on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal, but may impact your ability to access certain features of the Platform, including those reliant on location data or personalised functionality.

10.5 Exercise of Rights

Requests to exercise any of the above rights may be submitted to us using the contact details set out below:

We may require you to provide additional information to verify your identity before processing your request. We will respond to all legitimate requests within a reasonable timeframe and in accordance with applicable legal requirements.

Where we are unable to comply with a request, in whole or in part, we will provide a reasoned explanation, subject to any legal or regulatory restrictions.

We are committed to ensuring that users are able to exercise their rights effectively and that personal data is processed in a manner that is transparent, fair and consistent with applicable data protection principles.

11Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. Such measures are calibrated having regard to the nature, scope, context and purposes of processing, as well as the risks posed to the rights and freedoms of individuals.

In particular, our security framework includes the following elements:

11.1 Encryption and Data Protection Controls

We utilise encryption and related cryptographic techniques, where appropriate, to protect personal data both in transit and at rest. This includes the use of industry-standard protocols for secure data transmission and the safeguarding of sensitive data against interception or unauthorised disclosure.

11.2 Access Management and Controls

Access to personal data is restricted to authorised personnel on a strict need-to-know basis. We implement role-based access controls, authentication mechanisms and internal policies designed to ensure that personal data is accessed only for legitimate business purposes. Access rights are reviewed periodically and revoked where no longer required.

11.3 Secure Infrastructure and Hosting Environment

Personal data is hosted on secure server infrastructure, which may be operated by reputable third-party cloud service providers. Such environments are configured with appropriate security measures, including network protection, intrusion detection systems, vulnerability management processes and regular security updates, to mitigate the risk of unauthorised access or system compromise.

11.4 Organisational Safeguards

In addition to technical measures, we maintain organisational controls designed to support data security, including:

  • internal policies and procedures governing data handling and security practices;
  • staff training and awareness programmes relating to data protection obligations;
  • incident management protocols to identify, assess and respond to potential data breaches; and
  • periodic review and testing of security measures to ensure their ongoing effectiveness.

While we take reasonable steps to protect personal data, it should be recognised that no system or transmission of data over the internet can be guaranteed to be completely secure. Accordingly, users are encouraged to take appropriate precautions when using the Platform, including maintaining the confidentiality of account credentials.

We remain committed to continuously enhancing our security posture in line with evolving technological standards and regulatory expectations.

12Children

The Platform is not intended for use by individuals who have not reached the applicable minimum age under relevant laws and regulations. In accordance with applicable data protection principles and prevailing regulatory expectations within the United Arab Emirates, we adopt a cautious and protective approach to the processing of children’s personal data.

12.1 Minimum Age Requirement

The Platform is intended for users who are at least 18 years of age. Where a user is below this age threshold, access to the Platform and the provision of personal data is permitted only with the verifiable consent of a parent or legal guardian, as required under applicable law.

In practice, given the nature of the Platform (including interactive, multiplayer and location-based features), we recommend adopting a minimum age of 16 or 18 for the UAE market unless robust parental consent mechanisms are implemented.

12.2 Parental Consent and Responsibility

Where parental or guardian consent is required:

  • such consent must be obtained prior to the collection or processing of personal data;
  • the parent or guardian assumes responsibility for the minor’s use of the Platform; and
  • we may request reasonable verification of such consent where appropriate.

Parents or guardians may contact us to review, update or request deletion of a minor’s personal data.

12.3 Data Protection Safeguards for Minors

Where we become aware that personal data relating to a minor has been collected, we will take steps to ensure that:

  • such data is processed only where lawful and appropriate;
  • enhanced safeguards are applied, having regard to the vulnerability of minors; and
  • unnecessary data is promptly deleted where consent is not validly obtained.

12.4 Platform Controls and Restrictions

We reserve the right to:

  • restrict or suspend accounts where age requirements are not met;
  • implement age verification or gating mechanisms; and
  • limit access to certain features (including communication or location-based functionalities) for younger users.

12.5 Notification and Removal

If you believe that a child has provided personal data without appropriate consent, please contact us at:

We will take appropriate steps to investigate and, where necessary, delete such data in accordance with applicable legal requirements.

We recognise the heightened duty of care owed to children in digital environments and seek to ensure that the Platform is operated in a manner that is responsible, compliant and aligned with applicable UAE legal and regulatory expectations.

13Updates

We may amend or update this Privacy Policy from time to time in order to reflect, among other things, changes to our business operations, the functionality of the Platform, applicable legal or regulatory requirements, or evolving data protection standards.

13.1 Right to Update

We reserve the right to modify this Privacy Policy at any time. Any updates will take effect from the date of publication, unless otherwise stated. The “last updated” date (where included) will indicate when the most recent changes were made.

13.2 Notification of Changes

Where changes are material—particularly where they affect the nature of the personal data collected, the purposes of processing, or your rights—we will take reasonable steps to bring such changes to your attention. This may include:

  • prominent notices within the Platform;
  • in-app notifications; or
  • email communications, where appropriate.

13.3 Continued Use

Your continued access to or use of the Platform following any updates to this Privacy Policy will constitute your acknowledgement of such changes, to the extent permitted by applicable law. Where required, we may seek your renewed consent in relation to specific changes affecting the processing of your personal data.

13.4 Review and Awareness

We encourage you to review this Privacy Policy periodically to ensure that you remain informed about how your personal data is collected, used and protected.

We take reasonable steps to ensure that any amendments to this Privacy Policy are implemented in a transparent manner and remain consistent with applicable data protection principles, including fairness, accountability and transparency.

14Contact

If you have any questions, concerns or requests relating to this Privacy Policy or the manner in which your personal data is collected, used or otherwise processed, you may contact us using the details set out below:

We will use reasonable endeavours to respond to all legitimate enquiries within a reasonable timeframe and in accordance with applicable legal and regulatory requirements. Where appropriate, we may request additional information to verify your identity prior to addressing your request.