Privacy Policy for Pop The 21

Last updated: May 27, 2026

This Privacy Policy explains how personal data is processed in connection with the Pop The 21 application and, where applicable, its web version.

1. Data Controller

The data controller is:

For any privacy-related questions or to exercise your rights, you may contact the data controller at the email address above.

2. Summary

Pop The 21 is a card game. The app does not require users to create an account and does not ask for name, email address, phone number, contacts, photos, precise location, microphone access, or camera access.

The data controller does not operate a proprietary player database and does not directly receive scores or gameplay sessions.

However, the app uses third-party advertising services, specifically Google AdMob / Google Mobile Ads SDK, to display interstitial ads and rewarded ads. These services may collect and process certain technical and identifier-related data according to their own privacy policies.

3. Data Processed Directly by the App

The app processes game information locally on the user’s device, such as:

• drawn and placed cards;
• current level during gameplay;
• score, tokens, discards, and power-ups;
• audio settings and gameplay interactions.

This information is used only to provide the gameplay experience. Unless the app changes in the future, this data is not sent to servers controlled by the data controller.

4. Advertising and Third-Party Services

Pop The 21 uses Google AdMob / Google Mobile Ads SDK to monetize the app through advertising.

Ads may be shown, for example:

• after specific challenge or boss levels;
• when the user chooses to watch a rewarded ad to retry a level.

Google Mobile Ads SDK may automatically collect and share data such as:

• IP address, which may be used to estimate approximate location;
• user interactions with the app and ads, such as app launches, taps, and video views;
• diagnostic and performance information related to the app and SDK;
• device or advertising identifiers, such as the Android Advertising ID, App Set ID, and, where applicable and allowed by the operating system, other advertising identifiers.

This data may be used by Google and its partners for purposes such as:

• ad serving and ad measurement;
• fraud prevention, abuse prevention, and security;
• analysis of ad and SDK performance;
• personalized advertising, where permitted by law, device settings, and required user consent.

For more information, please refer to:

• Google Privacy Policy
• Google advertising technologies
• How Google uses data from partner sites and apps
• Google Mobile Ads SDK information for Google Play Data Safety
• Google Mobile Ads SDK privacy information for iOS

5. Ad Consent and Privacy Settings

Where required by applicable law, in particular for users in the European Economic Area, the United Kingdom, and Switzerland, personalized advertising and the use of advertising identifiers or similar technologies must rely on the user’s prior consent through a consent management platform that meets the applicable requirements.

Users may also manage or limit advertising identifiers in their device settings:

• on Android, through privacy and advertising ID settings;
• on iOS, through privacy, tracking, and personalized advertising settings.

Disabling or limiting such identifiers may reduce ad personalization, but it does not necessarily prevent non-personalized or contextual ads from being displayed.

6. Web Version and Website

The web version of Pop The 21, where available, may use browser cache or similar technical technologies to load the app correctly and improve performance.

At this time, the data controller does not use proprietary analytics or profiling tools in the web version of the game. If analytics, profiling cookies, or other third-party services are added in the future, this Privacy Policy should be updated before those services are activated.

The website hosting this Privacy Policy or the web version of the app may generate technical access logs managed by the hosting provider, such as IP address, date and time of the request, user agent, and requested page. These logs are normally used for security, maintenance, and technical operation of the website.

7. Legal Basis for Processing

Processing of technical data necessary for the app to function is based on the need to provide the service requested by the user.

Processing related to security, abuse prevention, and technical maintenance may be based on the legitimate interest of the data controller or the service providers involved.

Processing related to personalized advertising, advertising identifiers, or equivalent technologies is based on user consent where required by applicable law.

8. Data Retention

Game data processed locally by the app remains on the user’s device for as long as needed for the game session to work or until the app is deleted, unless future features change this behavior.

Data processed by Google AdMob and other possible providers is retained according to their respective privacy policies, settings, and retention rules.

Technical website logs, where present, are retained by the hosting provider for the time needed to ensure security, maintenance, and proper operation of the service.

9. Data Sharing and International Transfers

The data controller does not directly sell users’ personal data.

Some data may be processed by third-party providers, in particular Google, for the purposes described in the “Advertising and Third-Party Services” section.

Google and other providers may process data outside the European Union, subject to the safeguards required by applicable law. For further details, users should consult the privacy policies and terms of the relevant providers.

10. Children

Pop The 21 is not designed to knowingly collect personal data from children. The app does not require an account, name, email address, or other direct identifying information.

If the app is used by children, such use should take place under the supervision of a parent or legal guardian, in accordance with store rules and applicable laws.

If you believe that personal data of a child has been processed without the required authorization, please contact the data controller at the email address provided in this Privacy Policy.

11. User Rights

Subject to applicable law, users may request:

• access to their personal data;
• correction of inaccurate data;
• deletion of data;
• restriction of processing;
• objection to processing;
• data portability, where applicable;
• withdrawal of consent, where processing is based on consent.

To exercise these rights, please contact privacy@takeappway.com.

Users also have the right to lodge a complaint with the competent supervisory authority. In Italy, the competent authority is the Italian Data Protection Authority, the Garante per la protezione dei dati personali: https://www.garanteprivacy.it/

12. Changes to This Privacy Policy

This Privacy Policy may be updated if the app, the services used, the applicable laws, or the data processing practices change.

The updated version will be published on this page with the latest update date.