Starlight Frontiers Privacy Policy

Version: 4.5

Published: 22.11.2025

At Starlight Frontiers, we are dedicated to protecting your privacy and maintaining the trust and confidence of our Users. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and the steps we take to keep it secure.

This Privacy Policy describes how Starlight Frontiers collects, uses, stores, and shares information from users (each a “User”) through **www.starlightfrontiers.com, including any subdomains, subpages, successor sites, or applications connected to our website (the “Website”**). It applies to the Website and to all products and services we provide via the Website.

This Policy applies to information we collect:

  • Through the Website;
  • In email, text, or other electronic communications between you and the Website;
  • Through mobile and desktop applications you download from this Website or otherwise, which provide dedicated, non-browser-based interaction between you and the Website; and
  • When you interact with our advertising and applications on third-party websites and services, where those applications or advertising include links to this Policy.

This Privacy Policy does not apply to information:

  • That we may collect offline or through other channels; or
  • That any third party may collect, including through any application or content (including advertising) that may link to or be accessible from or through the Website.

Please read this Privacy Policy carefully to understand our practices regarding your personal information and how we handle it. If you do not agree with any aspect of this Policy, you should not use our Website. By accessing or using the Website, you accept and agree to this Privacy Policy.

We may update this Privacy Policy from time to time (see “Changes to This Privacy Policy” below). Your continued use of the Website after changes have been posted will be treated as acceptance of those changes, so we encourage you to review this page periodically.

Data Controller

This Privacy Policy is issued on behalf of Starlight Frontiers. When we mention “Starlight Frontiers”, “we”, “us” or “our”, we are referring to the company within the Starlight Frontiers group that is responsible for processing your personal data.

Type of Information We Collect and Retention Periods

We collect personal information, anonymous information, and may combine these to create aggregate information (see “Definitions” below).

Examples of information we may collect include:

  • Contact details, such as your first name, surname, email address, residential address, and mobile or other phone numbers;
  • Personal details, such as gender, age or age range, or your image;
  • Account login data, including username, password, and any profile images;
  • In-app and virtual transaction details, such as your name, email, and history of virtual items or Star Coins purchased or received;
  • User-generated communications, including messages sent via text, live chat, in-game posts, or similar features;
  • Information obtained from third parties, such as site or platform providers (including social platforms) regarding your use of, or interest in, our services;
  • Location information, including data provided by your mobile or other device interacting with our Website, or associated with your IP address, where permitted by law;
  • Activity, technical, and device information, such as content viewed, time and duration of sessions, how often you access our services, how you first discovered our Website, your preferences, interaction with available content, hardware model, device type, device identifiers, operating system, browser type, and IP address;
  • Government-issued identification, which may be requested only where necessary to verify your identity for security, anti-fraud, or age-compliance purposes.

How Long We Retain Data

We retain your information for as long as needed to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or allowed by law. For UK residents, the table below summarises the categories of personal information collected or processed within the last 12 months and our intended retention periods.

Personal Information Categories & Retention

| Category | Examples | Collected | Retention Period / Rationale |

| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------ |

| A. Identifiers | Name, alias, postal address, email address, phone number, account name, IP address, government-issued identifiers (e.g., passport number, driver’s licence number) | YES | 3 years – retained for account management, legal, security, and operational purposes |

| B. Personal information | Employment history, education, insurance details, health or medical information | YES | 3 years – retained for contractual and legal compliance reasons |

| C. Special category data | Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sexual orientation | YES | 3 years – processed only where lawful (e.g., explicit consent, legal obligation, or legitimate interest) |

| D. Commercial information | Records of products or services received, considered, or used; browsing and consumption preferences | YES | 3 years – used for marketing analysis, customer relationship management, and improving services |

| E. Biometric or genetic information | Fingerprints, facial templates, iris scans, DNA data | NO | Not collected |

| F. Online activity and interaction | Website browsing history, search history, interaction with advertisements, app usage | YES | 3 years – used to improve services and the Website user experience |

| G. Location data | GPS, device location, movement patterns | YES | 3 years – used to provide or improve location-based functionalities |

| H. Sensory data | Audio, video, thermal, olfactory or similar data | NO | Not collected |

| I. Employment/professional data | Job history, performance evaluations, qualifications | NO | Not collected |

| J. Educational data | Student records, grades, transcripts, schedules | NO | Not collected |

| K. Inferences/profiles | Preferences, characteristics, psychological trends, behaviour patterns | NO | 3 years – used only to personalise experiences and improve services where applicable |

How We Collect Your Information / Sources of Information

We collect information that Users provide to us in various ways, including when they:

  • Visit or browse our Website;
  • Register or create an account on the Website;
  • Receive or use products and services through our Website;
  • Respond to surveys;
  • Complete forms;
  • Participate in promotions, contests, or other features; or
  • Interact with any services, resources, or tools available on our Website.

In addition, we collect information:

  • Via telephone, video calls, or written correspondence (including email, live chat, mail, text messages, or social media);
  • From telephone or video calls between Users and Starlight Frontiers representatives, which may be recorded for training, quality control, and compliance purposes. By continuing with such a call, you consent to that call being recorded.

We also gather data about how you use our services via technologies active when you visit our Website or interact with our applications on third-party platforms, including cookies, flash cookies, pixels, tags, and application programming interfaces (APIs). See “Personal Data Collected via Technology” for more detail.

We use analytics tools to understand how Users engage with our Website and services.

Lastly, we may rely on trusted external sources to verify, update, or supplement information you have provided (for example, to confirm your postal address or identity documents).

How We Use Collected Information

The Data Controller is responsible for the use of your information in line with this Privacy Policy. Other Starlight Frontiers entities may access your data where they act as data processors on behalf of the Data Controller.

In summary, we use information to:

  • Operate and maintain our Website;
  • Provide and improve our products and services;
  • Respond to your enquiries; and
  • Meet applicable legal, regulatory, and security requirements.

In accordance with applicable laws and your available choices, Starlight Frontiers may use Users’ information for the following purposes:

  • To provide and manage requested services – including processing your registration, creating and maintaining your account, and conducting checks to prevent fraud and misuse.
  • To improve customer support and services – using the information you provide and your feedback to respond more efficiently and enhance our products and services.
  • To process in-app purchases and Star Coins transactions securely – ensuring that your account and virtual transactions (including Star Coins) are processed safely and reliably.
  • To personalise your experience – by using aggregated or anonymised data to understand how Users as a group use features and resources, allowing us to tailor content and functionality.
  • To contact you about our services – via email, live chat, mail, or social media, including information about your account, promotions, contests, surveys, new features, or service updates. Providing your telephone number may be treated as consent to receive texts or automated messages where permitted by law.
  • To send important notices – including transactional communications (e.g., in-game purchase confirmations), service updates, and legal or policy changes. These notices are essential to your use of our services and you may not be able to opt out of them.
  • To comply with legal, regulatory, and security obligations – including monitoring gameplay and transactions to maintain a safe, fair, and responsible environment and to protect your account from misuse.
  • To support alternative dispute resolution – by sharing relevant information with third party partners engaged to help resolve disputes that could not be resolved via our internal processes.

We do not use automated decision-making in the sense contemplated by European data protection law.

Personal Data Collected via Technology

When you use our Website, we aim to make the experience smooth and personalised. We and our partners use standard technologies to recognise your device and gather information.

Examples include:

  • Cookies – Small text files stored in your browser to remember your preferences and settings. Most browsers allow you to block or delete cookies; however, some Website features may not function properly without them. Unless you have adjusted your browser settings to refuse cookies, our system will issue cookies when you visit our Website.
  • Pixel tags / web beacons – Small snippets of code embedded on webpages or in emails, allowing us to measure engagement (for example, when you visit a specific page or click on an advertisement, or whether an email has been opened or forwarded).
  • Mobile device identifiers – Such as Apple’s IDFA or Google’s Advertising ID, which may be shared with advertising partners to deliver interest-based ads on your device.
  • Event tagging – Including tools such as Facebook App Events, enabling us to monitor actions like app installs or purchase events to measure performance and build audiences for ad targeting.
  • Behavioural advertising – We may partner with third parties to display advertising on our Website or to manage our ads on other websites. These partners may use cookies and similar technologies to collect information about your activities across websites to deliver interest-based advertising. We do not control third-party tracking technologies; for questions regarding specific adverts or targeting, contact the relevant third party directly.

Your Rights Over Your Information

General Rights

Subject to applicable law and certain conditions, you may have several rights concerning your personal information. To exercise these rights, please contact our Data Protection Officer.

These rights may include:

  • The right of access to personal information we hold about you;
  • The right to object to certain types of processing;
  • The right to rectification of inaccurate or incomplete information;
  • The right to obtain a portable copy of personal data you have provided to us;
  • The right to withdraw consent where processing is based on consent; and
  • In certain circumstances, the right to request deletion of your personal information.

We may rectify, update, or remove inaccurate or incomplete information in line with our internal policies.

You are also entitled to lodge a complaint with a relevant data protection supervisory authority regarding our handling of your personal data.

Rights in Direct Advertising

If we process your personal information for direct marketing, you have the right to object at any time, including where such processing involves profiling related to direct marketing.

You may opt out of marketing communications by:

  • Following the unsubscribe instructions in those messages; or
  • Contacting our Customer Support team.

If you object, we will stop using your personal information for direct marketing.

Data Deletion Requests

To help safeguard your privacy and security, we require Users to verify their identity before we act on requests to delete account data. You may be asked to confirm your identity via email, phone, or other secure methods.

Opt-Out Preference Signals

Under UK GDPR, you have the right to limit or prevent the collection of non-essential data from your device. You can:

  • Adjust your browser or device settings to block cookies or similar technologies;
  • Enable Global Privacy Control (GPC) or similar signals to broadcast your privacy preferences.

Please note that blocking cookies or similar tools may affect some features of the Website.

You may also opt out of interest-based advertising through the appropriate regional mechanisms (for example, via industry opt-out tools or local regulatory frameworks). We will honour applicable opt-out signals per browser where supported.

UK Data Subject Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, UK residents have specific rights regarding their personal data, including:

  1. Right of Access (Subject Access Request) – To request details of personal data we hold, including purposes of processing, categories of personal data, recipients, and retention periods.
  2. Right to Rectification – To correct inaccurate or incomplete personal data.
  3. Right to Erasure (Right to be Forgotten) – To request deletion of personal data, subject to legal or contractual retention obligations.
  4. Right to Restrict Processing – To ask us to limit processing in certain situations, such as where accuracy is contested.
  5. Right to Object – To object to processing for direct marketing, profiling, or other legitimate interests unless we have compelling lawful grounds.
  6. Right to Data Portability – Where applicable, to receive your personal data in a structured, machine-readable format and have it transferred to another data controller.

How to Submit a Request

To exercise your rights, you (or an authorised representative):

  1. Must provide enough information for us to verify your identity (such as full name, email address, and any other details we may reasonably require); and
  2. Must clearly describe your request (e.g., access, rectification, deletion, restriction, objection, portability).

We aim to respond within one month of receiving your request. For complex or numerous requests, we may extend this by up to two additional months, informing you of the reason for any delay.

How to Exercise Your Rights

To exercise any of these rights, please email us at:

**[email protected]**

We may need to confirm your identity and place of residence. A request that includes sufficient identifying information and enough detail for us to understand and respond will be treated as a “Valid Request.”

We will only use personal information provided in a Valid Request to verify and fulfil that request. You do not need to hold an account to submit a Valid Request.

We generally do not charge a fee for Valid Requests unless they are excessive, repetitive, or manifestly unfounded. If a fee is applicable, we will explain why before proceeding.

Authorised Representatives

You may appoint an Authorised Representative to exercise your data subject rights on your behalf. We may request written proof of the representative’s authority. Once verified, we will process the request according to UK GDPR requirements.

If you are a registered User, you can also update certain personal details directly by logging into your account.

We will not discriminate against you for exercising your rights. However, where permitted by law, we may offer different service tiers or features that depend on the personal information you choose to share.

If local law provides an appeal process, you may appeal our response by emailing **[email protected]. We will respond to appeals within the time frame required by law (typically within 45 days**).

How We Protect Your Information

We use physical, electronic, and procedural safeguards to protect the information we collect. We adopt appropriate data collection, storage, and processing practices and security measures to help prevent unauthorised access, use, alteration, disclosure, or destruction of personal information, usernames, passwords, and other data stored on our Website. Our security measures are reviewed and updated periodically to reflect technological developments.

The security of your information also depends on you. If we provide you with (or you choose) a password to access certain parts of the Website, you are responsible for keeping it confidential. Please do not share your password with anyone.

Although we take reasonable steps to protect your data, transmission of information over the internet is not completely secure. Any transmission of personal information is done at your own risk, and we cannot guarantee absolute security.

Sharing Your Information

We do not sell, trade, or rent Users’ personal identification information. However, we may share personal data in the following circumstances:

Within Starlight Frontiers

  • With other entities in the Starlight Frontiers group for purposes defined in this Privacy Policy (see “Transfers” below).

With Third Parties

We share information with third parties only where necessary and in limited situations, such as:

  • When you have given us permission to share information;
  • When we provide products and services and need to inform you of important changes or developments;
  • With service providers that help us deliver our services (for example, payment processors, identity verification providers like Sumsub, data storage providers, and marketing or analytics vendors). These partners may only use your information to perform services for us or as required by law;
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements;
  • In connection with a merger, divestiture, restructuring, reorganisation, dissolution, sale, or transfer of some or all of Starlight Frontiers’ assets;
  • If we believe disclosure is necessary to protect the rights, property, or safety of Starlight Frontiers, our Users, or others;
  • When a financial institution requires information about your account to respond to regulatory requests;
  • To enforce our terms and conditions, detect and prevent fraud, and comply with applicable laws.

Account Verification and Biometric Data

We may request your image to help verify your identity. This may involve third-party facial recognition services (such as Sumsub) to determine whether your selfie matches your identification document. These providers may process biometric data and share verification results with us.

Biometric data is stored by third-party providers according to their own privacy policies. Where we receive or store such information, we will retain it only for as long as necessary to fulfil the intended verification purpose or for up to 3 years from your last interaction with us, unless a longer period is required by law.

Categories of Information We May Share (Last 12 Months)

| Personal Information Category | Third-Party Recipients | Purpose of Disclosure |

| --------------------------------------------- | ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------- |

| A: Identifiers | Third-party service providers (e.g., identity verification providers such as Sumsub) | To verify identity, complete in-app and Star Coins transactions, and determine eligibility for services |

| B: Contact and Account Information | Third-party service providers | To facilitate transactions, account support, and identity verification |

| C: Protected characteristics | Third-party verification providers (where legally required) | To verify identity and comply with regulations |

| D: Commercial information | Third-party service providers | To process purchases and support transaction-related services |

| E: Biometric information | N/A | Not disclosed by us directly; where collected by third parties, handled under their privacy terms |

| F: Internet or similar network activity | N/A | Not disclosed beyond what is strictly needed for analytics under our control |

| G: Geolocation data | Third-party service providers | To enable location-based features or eligibility checks |

| H: Sensory data | N/A | Not collected or disclosed |

| I: Professional or employment information | N/A | Not collected or disclosed |

| J: Non-public education information | N/A | Not collected or disclosed |

| K: Inferences drawn from other data | N/A | Used internally only where applicable to improve services |

Aggregated Information

We may share aggregated, non-identifiable information (for example, general usage statistics) with business partners, affiliates, or advertisers. This information does not identify individual Users.

Transfers

Starlight Frontiers may operate across several jurisdictions. Personal information we collect may therefore be transferred to, stored, or processed in the European Union or other countries where we or our providers maintain facilities.

Where required, international transfers are protected using appropriate safeguards, such as standard contractual clauses approved by the European Commission or other lawful mechanisms ensuring an adequate level of data protection.

Other Important Information

Children’s Privacy

Protecting the privacy of minors is extremely important to us. We do not knowingly collect or maintain information from individuals under 18 years of age, and our Website is not directed at children under 18.

No one under 18 may provide personal information to or on the Website. If we discover that we have collected personal information from a person under 18, we will delete it. If you believe we may have information about a child under 18, please contact us at:

**[email protected]**

Do-Not-Track Signals

Some browsers send “Do Not Track” (DNT) signals. Because there is currently no consistent industry standard on how to respond to such signals, our Website does not presently respond to DNT signals. If a standard is established and adopted, we will review our approach.

Changes to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in our operations, legal requirements, or industry best practices. Where required by law, we will notify you of material changes and, if necessary, obtain your consent.

Updates may be communicated by posting the revised Policy on our Website or by other appropriate means. Changes become effective when the updated Policy is posted.

We encourage you to check this page regularly to stay informed about how we protect and use your personal information.

Definitions

  • Personal information – Information that identifies (directly or indirectly) a specific individual, such as name, postal address, email address, or phone number. When anonymous data is linked with personal information, the combined data is treated as personal information.
  • Anonymous information – Information that does not identify, and cannot reasonably be used to identify, an individual.
  • Aggregate information – Information about groups or categories of Users that does not identify and cannot reasonably be used to identify any single individual.

Contacting You via Email or Text

You confirm that the contact details you provide (including email address and mobile number) are accurate and that you are the owner or authorised user of those contact points. By voluntarily providing your phone number(s) to Starlight Frontiers, you agree that we may contact you at those numbers, including via:

  • Pre-recorded voice messages;
  • SMS or text messages;
  • Calls or messages related to:
  • This Privacy Policy and any related terms;
  • Activity associated with your account;
  • Promotional offers or updates from Starlight Frontiers.

These communications may occur even if your number is listed on a state or federal Do Not Call registry. Standard messaging or data rates may apply, and Starlight Frontiers is not responsible for such charges.

Contacting Us

If you have questions about this Privacy Policy, your personal information, or how we process it, please contact our Data Protection Officer by email at:

**[email protected]**

Please specify your country of residence and describe the nature of your request or concern so we can respond appropriately.