Privacy Policy

This Privacy Policy explains how Raven Games — a sole proprietorship operating from Lahore, Pakistan — handles personal information across our website at ravengames.io and our published mobile, PC, and web games. It applies to anyone who visits the site, contacts us, applies to a role, or plays one of our games.

1. Who we are and how to contact us

"Raven Games", "we", "us", and "our" refer to the Raven Games studio operating from 333-R Main Boulevard, Johar Town, Lahore, Pakistan. For privacy or data subject requests, email info@rvn.com.pk. For all other matters, email business@rvn.com.pk.

2. Information we collect

2.1 Website

Information you submit voluntarily through our contact form or job application form: name, email, message text, and (for applications) the contents of any CV / resume you attach.
Server-side request metadata used for security and rate limiting: IP address, user agent, and the timestamp of the request. This is held in memory only for the duration of the rate-limiting window.
The marketing site does not set first-party tracking, advertising, or analytics cookies. See our Cookie Policy for details.

2.2 Mobile, PC, and web games

Device identifiers used by the platforms and our SDKs — Google Advertising ID (GAID) on Android, Identifier for Advertisers (IDFA) on iOS, where the user has not opted out at the OS level.
Crash logs and diagnostic information (stack traces, device model, OS version, build number) provided by Google Play Services and Firebase Crashlytics.
Advertising-event signals required by our ad mediation SDKs (impressions, clicks, ad-fill events).
In-app purchase records: order ID, product SKU, purchase timestamp, and the platform store's signed receipt. Payment card data is never seen by us — it is handled by Apple App Store or Google Play.
Aggregated gameplay telemetry such as level reached, session length, and feature interactions, used to balance and improve the game.

3. Why we collect it (legal bases under GDPR)

Consent — for personalised advertising and any optional analytics that go beyond what is strictly necessary. You can withdraw consent at any time through your device's ad settings.
Legitimate interest — for security, fraud prevention, abuse mitigation (rate limiting on form endpoints), crash diagnostics, and aggregated gameplay improvement.
Contract performance — to fulfil in-app purchases you make and to provide the functionality you have asked for.
Legal obligation — where applicable, to comply with tax, accounting, and regulatory record-keeping requirements.

4. Third parties we share data with

We share specific categories of data with the following processors. Each link goes to that vendor's own privacy policy.

Google AdMob — ad serving and mediation in our games.
IronSource (Unity) — ad mediation in our games.
AppLovin — ad mediation in our games.
Google Analytics for Firebase — gameplay analytics and Crashlytics diagnostics.
Google Play Services — install attribution, crash reporting, and platform integration.
Apple App Store and Google Play — purchase processing for in-app purchases. We never see your payment card or banking details.

We do not sell or rent personal information. We do not share data with third parties for their own independent marketing purposes.

5. Children's privacy

Our games target an audience of age 13 and over. We do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete it. Parents and guardians can contact us at info@rvn.com.pk to request deletion.

6. International data transfers

We are based in Pakistan, but the third parties we rely on — Google, Apple, IronSource, AppLovin — operate global infrastructure. Your data may therefore be processed on servers located in the European Union, the United States, or other regions. Each of these vendors implements its own safeguards for international transfers (Standard Contractual Clauses or equivalent), described in their privacy policies linked in section 4.

7. Data retention

Crash logs and diagnostic data: approximately 90 days, governed by Firebase Crashlytics defaults.
Advertising and analytics IDs: retention is set by the SDK; the Firebase default for analytics is 14 months.
Contact form messages: kept while needed to handle the inquiry, then archived for up to 24 months.
Job applications and CVs: kept for 12 months from receipt unless you ask us to delete them sooner, or unless you are hired (in which case they become part of your HR record).
Aggregated, non-identifiable analytics: retained indefinitely.

8. Your rights

Depending on where you live, you may have the following rights:

EU / UK (GDPR): access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with your local data protection authority.
California (CCPA / CPRA): the right to know, the right to delete, the right to correct, the right to opt out of the "sale" or "sharing" of personal information, and the right to non-discrimination. Although we do not sell personal information in the conventional sense, you can email us to confirm your preferences.
Personalised advertising: you can opt out by resetting your advertising identifier (GAID on Android, IDFA on iOS) and enabling "Limit Ad Tracking" / "Allow Apps to Request to Track" in your device settings. The Digital Advertising Alliance also offers an opt-out tool.

To exercise any of these rights, email info@rvn.com.pk. We will respond within the timeframe required by the applicable law (one month under GDPR; 45 days under CCPA).

9. How we secure data

HTTPS / TLS for all traffic to and from this website.
SMTP credentials for our outbound mail are stored as server-side environment variables; they are never committed to source control and never exposed to the browser.
Form endpoints implement in-memory IP rate limiting (5 requests per 15 minutes per IP) to throttle automated abuse.
Vendor-side encryption at rest for data we hand off to Google, Apple, IronSource, and AppLovin, per each vendor's stated security posture.

No security control is absolute. We work to a reasonable, layered standard appropriate to the data we hold, and we do not store payment card data ourselves.

10. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. For material changes that affect your rights, we will, where reasonably practicable, also notify users of the affected service before the changes take effect.

11. Contact

Privacy and data subject requests: info@rvn.com.pk
Everything else: business@rvn.com.pk