Vamble logo

Vamble

Legal Hub

All Policies

Effective: January 8, 2026

Last Updated: January 19, 2026

III. PRIVACY POLICY

1. INTRODUCTION

Vamble, Inc. (“Vamble,” “we,” “us,” or “our”) is committed to protecting your privacy and the security of your personal data. This Privacy Policy explains how we collect, use, share, and protect information about you (“User”, “Player”, “you”, or “your”) when you use our websites, mobile apps, or any services provided by Vamble (the “Platform”).

For clarity, the categories of information described in this Privacy Policy are collectively referred to as “Platform Data” in the Terms, and include Gameplay Data and User Content (as those terms are defined in the Terms).

By accessing or using the Platform, you acknowledge that you have read and understand this Policy. Where this Policy describes processing that is based on consent, you may grant or withdraw consent as described herein.

2. INFORMATION WE COLLECT

We collect Platform Data (as described in the Terms), which may include information you provide, information we collect automatically when you use the Platform, and information we receive from third parties.

2.1 Information You Provide

  1. Account Registration

    Name, date of birth, gender, address, username, password, email, phone, country of residence.

  2. Identity Verification (including biometric verification at launch)

    Government-issued ID, proof of address, Social Security number or tax identification number (where required), and Biometric Data, as defined in Section III. 3 (Biometric Notice, Consent, Retention, and Destruction), where permitted or required by law, for identity/age verification, fraud prevention, account security, and AML/KYC compliance.

  3. Payment and Financial Information

    Credit/debit card details, bank account, ACH, wallet addresses, transaction records.

  4. Game Participation & Communication

    Gameplay Data and User Content (including chat logs, Contest outcomes, uploaded media, support requests, and any other content you submit or make available through the Platform), including where such User Content is shared with other Users or made public through Platform features you enable.

  5. Communications Data

    Phone number and communication preferences, and records of communications (including support calls, SMS/MMS logs, chat messages, and emails), which may be monitored and/or recorded where permitted by law for security, compliance, quality assurance, dispute resolution, and enforcement.

  6. Third-Party Connections

    If you sign up using Twitch, Discord, Google, Facebook, or similar, we receive profile info as allowed by those platforms.

2.2 Information We Collect Automatically

  1. Device & Usage Data

    IP address, device ID, browser, OS, language, access times, referral URLs, page interactions.

  2. Location Data

    GPS location or city/region derived from IP, with your consent. Where enabled, you may grant or withdraw GPS location permission through your device settings.

  3. Gameplay Recordings, Telemetry, and Match Data

    Gameplay recordings, telemetry, and match data may be collected and analyzed for verification, enforcement, dispute resolution, and fraud prevention, including through automated or AI-assisted systems, as described in the Terms of Service.

  4. Cookies and Tracking

    See Section III. 17 of this Privacy Policy and Section IX. (Cookie Policy & Notice).

  5. Trust & Safety / Moderation Data

    Reports, flags, enforcement history, content removals, appeals, and related metadata used to operate public features, moderate User Content, enforce our Terms, and protect Users and the Platform.

2.3 Information from Third Parties

  1. Verification and AML/KYC Vendors

    Verification results, risk signals, liveness checks, identity/authentication outputs, sanctions-screening results, and where applicable Biometric Data processed by our service providers on our behalf, as described in Section III. 3 (Biometric Notice, Consent, Retention, And Destruction).

  2. Payment Processors

    Payment confirmations, payout information, cryptocurrency wallet verification.

3. BIOMETRIC NOTICE, CONSENT, RETENTION, AND DESTRUCTION

3.1 Scope

Vamble may collect, receive, store, use, and disclose biometric identifiers and/or biometric information (“Biometric Data”) for identity verification, age verification, fraud prevention, account security, regulatory compliance (including AML/KYC), and to protect the integrity of the Platform. Biometric processing may be performed by Vamble and/or by our identity verification service providers acting on our behalf.

3.2 Definitions

“Biometric Data” means biometric identifiers and biometric information as defined by applicable law, which may include face geometry templates or similar biometric templates derived from images or video, and liveness detection results, when used for identity verification. Biometric Data does not include photographs or video recordings themselves unless and until they are processed into a biometric template.

3.3 Notice and Consent / Written Release

Where required by applicable law, we will provide you with a biometric notice and obtain your affirmative, informed consent (or “written release”) before collecting or processing Biometric Data. You may decline biometric processing; however, if biometric processing is required for verification or eligibility, we may be unable to provide you access to certain features or the Platform.

3.4 Withdrawal of Consent

Where applicable law provides the right to withdraw consent to biometric processing, you may do so through account settings (if available) or by contacting privacy@vamble.com. If Biometric Data is required to verify identity, age, or eligibility, withdrawing consent may result in restricted access, inability to complete verification, suspension of Wallet withdrawals, or loss of access to the Platform, to the extent permitted by law.

3.5 No Secondary Use

Vamble does not use Biometric Data to market to you, to infer sensitive characteristics, or to train artificial intelligence systems for purposes unrelated to identity verification, fraud prevention, account security, or legal compliance.

3.6 No Sale; Limited Disclosure

Vamble does not sell, lease, trade, or otherwise profit from Biometric Data. We disclose Biometric Data only to (i) our verification providers and service providers acting on our behalf; (ii) as required or permitted by law, regulation, court order, or governmental request; and (iii) as necessary to enforce our Terms, prevent fraud, and protect the security and integrity of the Platform.

3.7 Security Controls

We maintain reasonable safeguards designed to protect Biometric Data, including encryption in transit and at rest, access controls, and audit logging, and we require our service providers to implement comparable safeguards by contract.

3.8 Retention Schedule

We retain Biometric Data only for as long as reasonably necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law, for legal holds, disputes, chargebacks, investigations, fraud prevention, or compliance obligations.

3.9 Destruction

When Biometric Data is no longer reasonably necessary for the purposes described above and is not subject to a legal hold or required retention, we will permanently delete or irreversibly de-identify it in accordance with our retention practices and applicable law.

3.10 Minors

Biometric processing is not intended for individuals under 18 (or under the legal age of majority in their jurisdiction, if higher). If we learn Biometric Data is associated with a minor account, we will take reasonable steps to restrict access and handle deletion or retention consistent with legal and compliance obligations.

4. LEGAL BASIS FOR PROCESSING DATA

4.1 Account Creation

  1. GDPR/UK lawful basis: Contractual necessity
  2. CCPA/CPRA business purpose / notice basis: Business purpose
  3. PIPEDA basis: Consent; contract

4.2 KYC/AML Compliance

  1. GDPR/UK lawful basis: Legal obligation
  2. CCPA/CPRA business purpose / notice basis: Business purpose; legal requirement
  3. PIPEDA basis: Legal obligation

4.3 Payments / Stake

  1. GDPR/UK lawful basis: Contractual necessity
  2. CCPA/CPRA business purpose / notice basis: Business purpose
  3. PIPEDA basis: Contract

4.4 Fraud Prevention

  1. GDPR/UK lawful basis: Legitimate interest; legal obligation
  2. CCPA/CPRA business purpose / notice basis: Business purpose
  3. PIPEDA basis: Legitimate interest

4.5 Marketing (Opt-In)

  1. GDPR/UK lawful basis: Consent
  2. CCPA/CPRA business purpose / notice basis: With consent
  3. PIPEDA basis: Consent

4.6 Analytics

  1. GDPR/UK lawful basis: Legitimate interest; consent
  2. CCPA/CPRA business purpose / notice basis: Business purpose
  3. PIPEDA basis: Legitimate interest; consent

4.7 Customer Support

  1. GDPR/UK lawful basis: Contractual necessity
  2. CCPA/CPRA business purpose / notice basis: Business purpose
  3. PIPEDA basis: Contract

5. HOW WE USE YOUR INFORMATION

  1. Communicate with you by email, push notifications, and SMS/MMS for security (including 2FA), Account and Platform alerts, transactional notices, and, where you opt in and where permitted by law, marketing communications.
  2. Operate and manage accounts and Contests
  3. Verify age, identity, jurisdictional eligibility
  4. Verify Contest outcomes
  5. Process payments, Contest-related fund Settlement, withdrawals, and refunds
  6. Personalize your experience
  7. Ensure legal and regulatory compliance
  8. Prevent fraud, money laundering, abuse, and security threats
  9. Improve services and analytics
  10. Use Gameplay Data for internal analytics, security, compliance, and artificial intelligence model development.
  11. With User consent, use certain Gameplay Data, including recordings or clips, for Vamble’s marketing, promotional, educational, or brand-related purposes, as further described in Section III. 8.2 (Gameplay Media and Consent-Based Commercial Use).

6. ARTIFICIAL INTELLIGENCE TRAINING AND IMPROVEMENT

Vamble may use Gameplay Data in aggregated, anonymized, or pseudonymized form to train, evaluate, and improve internal artificial intelligence and machine learning systems.

Such use is primarily for internal purposes, including Platform functionality, fraud prevention, security, compliance, and performance optimization. Where required by applicable law, any use of identifiable Gameplay Data for secondary purposes will be subject to user consent and applicable legal requirements.

Biometric Data is not used for AI training or improvement except to the extent strictly necessary to operate identity verification, fraud prevention, and account security systems, and only where permitted by law.

Users may exercise opt-out rights for internal AI training through account settings or by contacting privacy@vamble.com, where such rights are provided by law.

7. HOW WE SHARE YOUR INFORMATION

The categories of your personal information disclosed depend on the features used and may include identifiers, commercial or transactional data, internet or network activity, device and approximate location data, and gameplay or usage data, as further limited by Section III. 8 (Sale and Sharing of Personal Information). Your personal information may be disclosed, where applicable, in the following circumstances:

7.1 Service Providers / Processors

With vendors that perform services for us, including vendors that support email delivery, SMS/MMS delivery, push notifications, payment processing, KYC/AML, hosting, analytics, customer support and communications. These parties are authorized to use personal information only as necessary to provide services to Vamble and as permitted by applicable law and contract.

7.2 Other Users

With other users as required to operate Platform features (e.g., usernames, match outcomes, limited statistics, or dispute-related evidence, as applicable).

7.3 Legal and Compliance

With regulators, law enforcement, courts, or other parties where we believe disclosure is required or permitted by law (including AML, sanctions, tax, subpoenas, and fraud investigations).

7.4 Business Transfers

In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, where personal information may be transferred as part of the transaction, subject to applicable law.

7.5 With Your Direction or Consent

Where you direct us to share information or where you provide consent (e.g., linking third-party accounts, referrals, or public profile features).

7.6 Third Parties as Controllers (Including Data Partners)

As described in Section III. 8 (Sale and Sharing of Personal Information), we may disclose, share, license, or sell certain personal information to third parties that may act as independent data controllers and use such information for their own purposes, subject to applicable law and user rights.

8. SALE AND SHARING OF PERSONAL INFORMATION

Subject to applicable law, Vamble may sell, share, or license certain categories of personal information to third parties, including analytics providers, advertising/marketing partners, and data partners (“Third Parties”). In some cases, these Third Parties may act as independent data controllers, meaning they determine how and why they process personal information.

8.1 Categories of Personal Information That May Be Sold/Shared

Depending on how you use the Platform, we may sell/share:

  1. Identifiers (e.g., name, email, username, device identifiers)
  2. Internet/network activity (e.g., IP address, browsing/app interactions, log data)
  3. Device and approximate location data (e.g., city/region derived from IP)
  4. Gameplay/usage data and inferred interests or preferences

8.2 Gameplay Media and Consent-Based Commercial Use

Gameplay recordings, gameplay audio, screenshots, clips, telemetry, or similar media (“Gameplay Media”) may include personal information.

Vamble may, with a User’s explicit, affirmative consent, license, share, sell, or otherwise disclose certain Gameplay Media that is collected or created for optional secondary purposes, including marketing, promotional, educational, brand-related, or other commercial uses, and may disclose such Gameplay Media to third parties for those purposes, subject to applicable law.

Such consent:

  1. is optional and not required to access or use the Platform or participate in Contests;
  2. may be granted or withdrawn at any time through account settings or by contacting privacy@vamble.com; and
  3. does not affect mandatory operational recording required for Contest participation.

Gameplay Media collected or used for mandatory operational purposes, including Contest verification, outcome determination, dispute resolution, fraud prevention, security, AML/KYC compliance, or legal obligations, is not sold, shared, or licensed for marketing or commercial purposes.

8.3 Sensitive Use Restrictions and Minors

Notwithstanding any other provision of this Policy:

  1. Gameplay Media associated with minors is never sold, shared, licensed, or used for marketing, advertising, or artificial intelligence training.
  2. Identity verification materials, dispute submissions, law enforcement records, compliance evidence, or data subject to legal hold are never sold or commercially licensed.
  3. Any permitted commercial use of Gameplay Media remains subject to third-party intellectual property rights, including game publisher policies.

8.4 Third-Party Game Publisher Content

Gameplay recordings may include copyrighted content owned by third-party game publishers. Nothing in these Terms grants Vamble ownership of, or rights beyond those permitted by law or publisher policies with respect to, third-party intellectual property. Any permitted marketing or AI training use of gameplay media is limited to lawful use and does not imply endorsement by or affiliation with any game publisher.

8.5 Minors; No Sale/Sharing of Minors’ Personal Information

Vamble does not knowingly sell or share the personal information of individuals under 18 (or under the legal age of majority in their jurisdiction, if higher). If we learn we have collected personal information from a minor, we will take reasonable steps to delete it and to stop any sale or sharing of that information. This includes any profiles, inferences, interest segments, or other derived data associated with a minor.

8.6 Data Categories Excluded from Sale or Commercial Licensing

Notwithstanding anything else in this Privacy Policy, Vamble does not sell, license, or otherwise commercially monetize the following categories of data:

  1. gameplay recordings, Contest evidence, or verification materials, including video, audio, screenshots, telemetry, match data, or system logs collected for Contest verification, dispute resolution, fraud prevention, or compliance purposes;
  2. government-issued identification, biometric identifiers, or identity verification artifacts;
  3. account login credentials (including passwords);
  4. financial account credentials, payment instrument details, or full transaction authorization data;
  5. precise geolocation data;
  6. communications with regulators, law enforcement, or payment processors;
  7. data subject to legal privilege, investigation, regulatory inquiry, or legal hold; and
  8. any data collected or processed solely to comply with legal, regulatory, AML, sanctions, or security obligations.

These exclusions apply regardless of whether such data is collected directly, generated through gameplay, inferred, derived, or processed through automated or artificial intelligence–assisted systems.

8.7 Your Choices and Rights

  1. Where required by law, you may opt out of the sale/sharing of personal information (including “sharing” for cross-context behavioral advertising).
  2. California residents may exercise “Do Not Sell or Share My Personal Information” rights.
  3. Where required (e.g., EU/UK/EEA), we will request explicit opt-in consent before selling/sharing personal information for purposes that require consent.
  4. We honor legally recognized preference signals (such as Global Privacy Control (GPC)) where required by law.

How to exercise these rights: Use our Privacy Settings (if available) or contact privacy@vamble.com.

8.8 Limitations on Opt-Out Rights

Where applicable law provides opt-out rights relating to the sale, sharing, or use of personal information (including for advertising or analytics), such rights do not apply to data processing that is strictly necessary for:

  1. Contest verification and outcome determination;
  2. dispute resolution;
  3. fraud detection and prevention;
  4. anti-money laundering, sanctions screening, and KYC compliance;
  5. security monitoring and abuse prevention;
  6. legal, regulatory, or contractual obligations; or
  7. internal auditing, risk management, and enforcement of the Terms.

Users may not opt out of processing that is required to operate the Platform safely, lawfully, and fairly, or to protect Vamble, its Users, or third parties from harm or unlawful activity.

Where permitted by law, Users may opt out of certain secondary uses of data, such as marketing or analytics not essential to Platform operation, without affecting their ability to participate in skill-based Contests, subject to applicable limitations.

9. DATA TRANSFERS AND INTERNATIONAL USERS

Your data may be transferred to and processed in the United States or other countries. We use appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or other approved mechanisms for data transfers outside the EEA, UK, or Switzerland.

10. DATA SUBJECT RIGHTS

Depending on your location, the following table outlines your right and how to exercise it.

Right Description How to Exercise
Access Obtain a copy of your personal data Email: privacy@vamble.com
Rectification Correct inaccurate or incomplete personal data Email or account settings
Deletion Request erasure of your data, subject to legal retention Email: privacy@vamble.com
Restriction Ask us to restrict certain processing Email: privacy@vamble.com
Portability Receive your data in a structured, machine-readable format Email: privacy@vamble.com
Objection Object to processing based on legitimate interests/marketing Email or unsubscribe links
Withdraw Consent Revoke consent at any time Email or account settings
Appeal Appeal an adverse decision regarding your privacy rights Email: privacy@vamble.com


We will verify your identity before fulfilling your request and respond within the timeframe required by law.

Requests for access to or deletion of gameplay recordings are subject to limitations where such recordings are required for compliance, dispute resolution, fraud prevention, security, legal obligations, or protection of the rights of other users. Certain recordings may be retained notwithstanding a deletion request where permitted or required by law.

11. OTHER U.S. STATE PRIVACY RIGHTS

In addition to California, certain other U.S. states provide residents with privacy rights similar to those described here. Where required by law, we will honor such rights for eligible residents, subject to verification and applicable legal exceptions. Requests may be submitted to privacy@vamble.com.

12. DATA SECURITY

We implement technical, administrative, and physical safeguards, including:

  • Encryption in transit and at rest
  • Two-factor authentication
  • Access controls and audit logs
  • Regular security reviews and penetration testing

No method of transmission or storage is 100% secure. If we experience a data breach likely to result in significant harm, we will notify you and the appropriate authorities as required by law.

13. DATA RETENTION

We retain personal data only as long as necessary for:

  • Fulfilling the purposes described in this Policy
  • Compliance with laws (e.g., AML, KYC, tax, financial regulations)
  • Resolving disputes, enforcing agreements

Data no longer needed is securely deleted or anonymized.

13.1 Artificial Intelligence Data Retention by Category

Vamble retains data used for artificial intelligence, automation, and machine learning purposes only for as long as reasonably necessary to fulfill the purposes described in this Policy, subject to legal, regulatory, and operational requirements.

Retention periods vary by data category:

  1. Gameplay Recordings & Contest Evidence

    Gameplay video, audio, screenshots, telemetry, and match data used for Contest verification, dispute resolution, fraud prevention, or compliance are retained for a limited period, typically no longer than twelve (12) months from the date of capture, unless:

    1. a dispute, investigation, chargeback, or legal hold is pending;
    2. extended retention is required by law or regulatory request; or
    3. data is anonymized or aggregated for analytics or model improvement.
  2. AI Training Data (Anonymized or Pseudonymized)

    Gameplay and usage data that has been anonymized or pseudonymized and incorporated into internal model training datasets may be retained for longer periods for system improvement, security, and performance optimization. Such data is no longer reasonably identifiable to an individual user.

    Trained models are not intended to store personal data and are not designed to be used to identify individual users.

  3. Fraud, AML, and Security Data

    Data used for fraud detection, AML/KYC compliance, sanctions screening, and security monitoring is retained in accordance with applicable financial, regulatory, and law enforcement requirements, which may require multi-year retention.

  4. Automated Decision Support Logs

    Logs relating to automated systems used to support decisions affecting Users (e.g., risk scoring, verification signals) are retained for auditability, accountability, and regulatory compliance, typically between six (6) months and five (5) years, depending on the nature of the activity and applicable law.

  5. Marketing & Analytics Data

    Marketing, analytics, and performance data is retained until no longer necessary for its intended purpose or until a User exercises applicable opt-out or deletion rights, subject to legal exceptions.

14. CHILDREN’S PRIVACY

The Platform is not directed to individuals under 18 (or the legal age of majority for wagering/Contests in their jurisdiction, if higher). Vamble does not knowingly permit minors to access the Platform, create accounts, or participate in Contests. If we learn that a minor has provided personal information or that an account belongs to a minor, we will take reasonable steps to restrict access, terminate the account where appropriate, and delete or de-identify the data in accordance with applicable law and our legal/operational obligations (e.g., fraud prevention, security, and compliance).

15. THIRD-PARTY SITES AND INTEGRATIONS

Vamble may link to third-party sites (e.g., Twitch, Discord, payment processors). This Policy does not apply to third-party practices. Review their privacy policies before using those services.

16. MARKETING, COMMUNICATIONS, AND OPT-OUT

16.1 Service and Transactional Communications

We may send you service-related, transactional, or legally required messages, including account notices, security alerts, identity verification requests, Contest and Wallet confirmations, withdrawals and payouts, policy updates, and support communications. You cannot opt out of essential service and transactional communications.

16.2 SMS/Text Messages (Transactional; 2FA; Account and Activity Alerts; Platform Updates)

Vamble uses SMS/text messaging for one-time passcodes (2FA), account security alerts, Platform updates, and account or activity alerts (for example, logins, withdrawals, Contest activity, or other account events). Message frequency may vary. Message and data rates may apply. You may manage certain notification preferences through account settings (where available) and/or your device settings; however, disabling SMS may limit or prevent access to certain features (including 2FA) or reduce account security.

16.3 Marketing Communications (Email and SMS/Text)

Where permitted by law, and where required with your consent, we may send marketing communications by email and/or SMS/text. You may opt out of marketing emails at any time by using the unsubscribe link in the email or by adjusting your communication preferences in account settings.

You may opt out of marketing SMS/text messages at any time by following the instructions in the message (for example, replying STOP where supported) or by contacting privacy@vamble.com. For help, reply HELP. Opting out of marketing communications does not affect essential service and transactional communications (including 2FA and account security alerts).

16.4 Push Notifications

Where enabled, you may control push notifications through your device settings and, where available, in account settings. Disabling push notifications does not prevent us from sending essential service or transactional communications through other channels.

16.5 Preference Signals; Do Not Sell/Share

Where required by law, we honor applicable opt-out mechanisms and preference signals (such as Global Privacy Control (GPC)) for the sale or sharing of personal information and for cross-context behavioral advertising, as described in Section III. 8 (Sale and Sharing of Personal Information).

17. COOKIE AND TRACKING POLICY

17.1 What are Cookies?

Cookies are small files placed on your device to collect information and enhance your experience.

17.2 Types of Cookies Used

Strictly Necessary Cookies: Enable core functionality (security, authentication).

Performance/Analytics Cookies: Help us understand usage and improve services.

Functionality Cookies: Remember your settings and preferences.

Targeting/Advertising Cookies: (only with consent, where required) provide relevant ads or offers.

17.3 Cookie Preferences and Consent

Where required by applicable law, we request your consent before placing non-essential cookies. You may manage your cookie preferences at any time through our cookie settings tool (if available) or by adjusting your browser settings. Disabling non-essential cookies may reduce certain features or personalization.

Certain cookies and similar technologies may enable the sale or sharing of personal information for advertising, analytics, or measurement purposes. Where required by law, such cookies will be deployed only after consent, and users may opt out at any time through cookie settings or legally recognized preference signals.

17.4 Third-Party Cookies and Similar Technologies

We may use trusted third-party providers (e.g., analytics, measurement, and advertising providers). Certain third-party cookies, SDKs, or similar technologies may independently collect or process personal information in accordance with their own privacy policies.

While Vamble does not control the independent data practices of third parties, Vamble may, where required by law and to the extent available, provide mechanisms to limit or disable non-essential third-party cookies deployed through the Platform, honor legally recognized opt-out preference signals (such as Global Privacy Control), and provide users with information on how to exercise their rights with respect to Vamble’s own disclosures.

17.5 Relationship to Our Cookie Policy

For additional details about cookies and similar technologies, see Section IX. (Cookie Policy& Notice) and Section XXVI. (Vamble Standalone Cookie Consent Banner Text), which are incorporated by reference.

18. DATA PROCESSING AGREEMENT FOR VENDORS & PARTNERS

Vendors, partners, and service providers that process personal data on behalf of Vamble are subject to Section XXV. (Vamble Data Processing Agreement (DPW) for Vendors & Partners) and applicable contractual requirements. For DPA requests or onboarding, contact privacy@vamble.com.

19. GDPR / UK GDPR DATA PROTECTION DISCLOSURES (EEA/UK/SWITZERLAND) — SUMMARY; SEE SECTION XXII.

This Section provides a short summary of Vamble’s GDPR/UK GDPR disclosures and should be read together with Sections III. 2 (Information We Collect), III. 4 (Legal Basis for Processing Data), III. 9 (Data Transfers and International Users), and III. 10 (Data Subject Rights). The full GDPR/UK/EEA (and Switzerland, where applicable) Data Protection Addendum is Section XXII. , which is incorporated by reference into this Policy. For requests, contact privacy@vamble.com.

If you are located in the EEA, UK, or Switzerland, you may also have the right to lodge a complaint with your local Data Protection Authority (and, for UK users, the UK Information Commissioner’s Office).

20. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA, SHINE THE LIGHT)

20.1 If you are a California resident, you may have the right to:

  • request details on the categories of personal information we collect, use, disclose, and share;
  • request access to, correction of, or deletion of your personal information (subject to legal retention and permitted exceptions);
  • opt out of the sale of personal information and the sharing of personal information for cross-context behavioral advertising, where applicable;
  • opt out of the sharing of personal information for cross-context behavioral advertising (if applicable); and
  • not be discriminated against for exercising your privacy rights.

20.2 Opt-Out / Preference Signals

Where required by law, we honor applicable opt-out mechanisms, including browser-based preference signals (e.g., Global Privacy Control) for eligible residents, and provide a method to manage advertising or cookie preferences through our cookie settings tool (if available).

To exercise these rights, email: privacy@vamble.com. We will verify your identity before fulfilling requests.

20.3 Shine the Light

California residents may request information about disclosures of certain information to third parties for their direct marketing purposes, where applicable. Submit requests to: privacy@vamble.com.

21. AUTOMATED DECISION-MAKING AND ARTIFICIAL INTELLIGENCE

Vamble may use automated systems, machine learning models, and artificial intelligence–assisted tools to support Platform operations, including identity verification, fraud detection, Contest verification, security monitoring, analytics, and Platform improvement.

These systems are used as decision-support tools and do not make solely automated decisions that produce legal effects or similarly significant effects on Users without meaningful human involvement, except where permitted by applicable law.

Where automated systems contribute to decisions that may affect a User’s account, Wallet access, eligibility, Contest outcomes, or Prizes, such decisions may be subject to human review, validation, or oversight as required by law or Vamble policy.

Vamble may use aggregated, anonymized, or pseudonymized data, including gameplay recordings, telemetry, and related technical data, to train, test, and improve internal models and systems. Such training does not constitute automated decision-making within the meaning of Article 22 of the GDPR.

Users have the right, where applicable, to request human review of decisions that significantly affect them, and to Contest or appeal such decisions through the Dispute Resolution Policy.

21.1 Artificial Intelligence Governance, Oversight, and Auditing

Vamble maintains internal governance measures designed to ensure that automated systems and artificial intelligence–assisted tools are developed and used responsibly, transparently, and in accordance with applicable law.

These measures include:

  • documented system purposes and limitations;
  • human oversight and review of decisions with material impact on Users;
  • testing and monitoring for accuracy, bias, and unintended outcomes;
  • access controls and audit logging for AI-supported processes; and
  • periodic internal reviews of system performance and risk.

Where required by law, regulation, or regulatory guidance (including the EU Artificial Intelligence Act), Vamble may conduct or facilitate internal or third-party audits, impact assessments, or risk evaluations of relevant systems.

Nothing in these Terms or Policies represents that any automated system operates without human oversight where such oversight is legally required.

22. CHANGES TO THIS POLICY

We may update this Policy at any time. Material changes will be notified via email or Platform notice. Your continued use after any update constitutes acceptance.

23. CONTACT INFORMATION

For any questions, concerns, or privacy requests, contact:

Data Protection Officer

Vamble, Inc.

privacy@vamble.com

Mailing Address provided in Section XX. 1.6 (Mail)

BY USING THE VAMBLE PLATFORM, YOU ACKNOWLEDGE AND ACCEPT THIS PRIVACY POLICY AND CONSENT TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.