Who we are
BotsBusters (“we”, “us”, “our”) is published by Mohamed Ali, an individual (sole developer) responsible for the BotsBusters mobile application (the “App”).
For the purposes of the EU GDPR and UK GDPR, Mohamed Ali is the data controller.
Contact: support@edmoro.com
Postal address: Unit 158815, PO Box 6945, London, W1A 6US
Quick summary
- No ads and no personalization.
- No accounts or sign-in.
- We collect only what’s needed for core gameplay, purchases, and diagnostics.
- Gameplay progress is stored only on your device.
- We don’t sell your personal data and we don’t track you across other apps or websites.
- We only use trusted providers: Apple (purchases) and Amazon Web Services (AWS) (hosting & authentication).
- We do not request App Tracking Transparency (ATT) because we don’t track you across apps or sites.
- Identifiers for purchases: We generate an App Account Token (AAT) (a random UUID) and we process Apple’s originalTransactionId (OTID) to verify and restore your entitlements. These are not used for advertising.
Scope
This Policy explains what we collect, how we use it, how it’s shared, your choices and rights, and how to contact us. If this Policy changes, we’ll update the date above and, for material changes, notify you in-app or by other reasonable means.
Definition of “Personal Data”
“Personal Data” means information that identifies or can reasonably be linked to an identifiable person, including the categories described in this Policy. This can include pseudonymous identifiers such as AAT and OTID when used to associate purchases with you.
What we collect and why
We collect the minimum necessary data to operate the App, fulfill purchases, and keep our service secure and reliable.
1) Gameplay API requests (AWS)
Data: To run the quiz, when you answer a question we send minimal gameplay data (a question identifier, question level, AI model name) to our secure API. We do not attach a persistent device or advertising identifier to these requests.
Why: To obtain an AI response, determine correctness, and declare a winner for the current round—this is essential to core functionality.
Source: Generated and sent by the App during gameplay.
2) Purchases & entitlements (Apple StoreKit)
Data:
- App Account Token (AAT): a random UUID we generate on your device and submit with purchase or restore flows. Apple includes the AAT in related transaction data.
- originalTransactionId (OTID): a transaction identifier Apple generates for the initial purchase in a subscription (or the purchase for non-subs).
- Product identifiers, subscription status, and App Store country/storefront.
Why: To process purchases, link transactions to your device/account via AAT, verify/restore entitlements using OTID, prevent fraud/abuse, and provide support.
Source: AAT is generated by the App; OTID and other purchase details are provided by Apple during purchases and restorations.
Payment information: All payment card details are processed by Apple. We do not receive or store your full card numbers or sensitive billing details.
Not for tracking: We do not use AAT or OTID for advertising, cross-app tracking, or profiling.
3) Diagnostics & app telemetry (AWS CloudWatch)
Data:Error logs, performance metrics, timestamps, and standard server logs.
Why: To fix bugs, monitor and improve stability, secure the service from abuse, and analyze reliability.
Source: Generated automatically by your device and our servers when you use the App.
4) Gameplay data (on-device)
Data: Your level progress, scores, and local settings (e.g., sound, notifications).
Why: To save your progress and operate the game.
Storage: Stored exclusively on your device. We do not sync this to the cloud.
5) Support form & emails
- Data: Your name (if provided), email address, subject, and message content.
For security/anti-abuse, our servers may log IP address, user-agent, timestamps, and basic request metadata. - Why: To respond to your request, provide support, and protect our service from spam or abuse (e.g., rate-limiting).
- Source: Submitted by you via our support page at https://edmoro.com/support/support.html or by emailing support@edmoro.com.
- Providers: We use Amazon Web Services (AWS) to host the contact form endpoint and Amazon Simple Email Service (SES) to deliver support emails. AWS acts as our processor.
For our app users:
We do not collect: your name, phone number, contacts, photos, precise GPS location, health data, advertising identifiers (IDFA), or other sensitive categories.
except where you voluntarily provide a name or other details in a support request.
We do not use: third-party analytics SDKs, advertising SDKs, or social logins.
How we use your data
- Deliver core features, including the AI competition and in-app purchases.
- Validate receipts and link/restore entitlements using AAT and OTID; prevent abuse/fraud.
- Diagnose crashes, fix bugs, and maintain security.
- Provide customer support.
Notifications: If you opt in, we may send non-personalized gameplay notifications. You can turn these off anytime in device settings.
No automated decisions with legal effects: We do not engage in automated decision-making that produces legal or similarly significant effects about you.
Sharing & service providers
We do not sell your personal data. We share data only with essential service providers under contracts that limit their use:
- Apple (App Store / StoreKit): purchase processing, entitlements, and receipt validation. AAT is submitted during purchases/restores; OTID is part of Apple’s transaction data. , Apple acts as an independent controller.
- Amazon Web Services (AWS): hosting our backend API (which provides AI responses) and diagnostics/logging via Amazon CloudWatch. AWS acts as our processor.
Legal disclosures: We may disclose information to comply with law or legal process; to enforce our terms and policies; or to protect the rights, property, or safety of users or the public.
Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction in compliance with applicable law. We will continue to protect the information and will notify you of any material change where required.
International transfers
Our providers operate globally (including the United States). We rely on appropriate transfer safeguards—where applicable, participation in the EU-U.S. Data Privacy Framework (and UK Extension) and/or Standard Contractual Clauses (SCCs) provided by our vendors—and implement measures to protect your information wherever it is processed.
Data retention
Purchases & entitlements (AAT/OTID): We keep the AAT ↔ entitlement mapping and related OTID records for as long as needed to operate the App and your purchases/subscriptions, and thereafter for a limited period for fraud prevention, support, tax, and accounting (typically up to 24 months after subscription end or last activity), unless a longer period is required by law.
Token lifetimes vs. retention: Short-lived security tokens (e.g., entitlement JWTs) expire quickly for security; this does not change the retention of purchase/entitlement records described above.
Diagnostics & logs (CloudWatch): Retained on a rolling basis for up to 24 months, then deleted or aggregated (we may shorten or extend if required for security or legal reasons).
On-device gameplay: Remains on your device until you delete the data or uninstall the App.
Support emails: Retained as long as needed to address your request and maintain appropriate records, then archived or deleted.
Once retention periods expire, data is deleted or irreversibly aggregated. After deletion, rights like access or portability can no longer be exercised for that data.
Your rights
Depending on your location (e.g., EEA, UK, California), you may have rights to access, correct, delete, restrict, object, or export your data, and (where we rely on consent) to withdraw consent.
How to exercise your rights: Email support@edmoro.com. We may request information (e.g., AAT and/or OTID) to verify your identity. We respond within one month where required by law (and may extend by up to two months for complex requests, as permitted). You may also lodge a complaint with a data-protection authority where you live or work.
EEA/UK (GDPR/UK GDPR) legal bases
- Performance of a contract: to deliver the App and your purchases, including processing AAT and OTID to verify/restore entitlements.
- Legitimate interests: diagnostics, security, fraud prevention, and service improvement (balanced against your rights).
- Legal obligation: record-keeping for tax/accounting and responding to lawful requests.
Identification limits (GDPR Art. 11): We generally do not maintain logs in a manner that enables us to identify you without additional information. If we cannot identify you from the data we hold, we may be unable to honor certain requests unless you provide additional details that allow identification. Where we can identify you, we will act on your request.
EEA/UK representative: For data-protection queries from individuals in the EEA or UK (including those addressed to the Article 27 representative), please contact support@edmoro.com. We will publish the representative’s contact details here promptly once appointed.
California residents (CPRA)
No sale/share: We do not “sell” or “share” personal information for cross-context behavioral advertising.
Rights: Right to know, delete, and correct; we do not discriminate for exercising rights.
Authorized agents & verification: You may designate an authorized agent to make requests on your behalf. We will verify your or your agent’s identity and authority (e.g., by requesting matching information or written authorization) before fulfilling a request.
Do Not Track / GPC: We do not sell/share data; where Global Privacy Control signals apply, there is no sale/share to opt out of.
“Shine the Light”: We do not disclose personal information to third parties for their direct marketing. California Civil Code §1798.83 permits requests about such disclosures. Contact support@edmoro.com.
Children
The App is not directed to children under 16. We do not knowingly collect personal data from children below the applicable age. If you believe a child has provided data without parental consent, contact us and we will take steps to delete it.
Security
We use reasonable administrative, technical, and physical safeguards (e.g., encryption in transit and at rest, access controls, least-privilege access, monitoring). No method of transmission or storage is 100% secure, but we strive to protect your information. If we are legally required to notify you of a data breach, we will do so without undue delay.
Data deletion & choices
On-device data: Delete local gameplay data by uninstalling the App.
Purchases: Manage purchases/subscriptions via your Apple account. To request deletion of our purchase records (including AAT/OTID mappings), email support@edmoro.com (note: we may retain certain information as required by law for tax or anti-fraud purposes).
Reset AAT (privacy option): You may request to generate a new AAT for future purchases/restores. Resetting AAT does not erase past Apple transactions; in some cases we may need to help re-link historical purchases to your new token.
Diagnostics: Diagnostic/server logs are essential for security and reliability and are deleted according to our retention policy; opting out of essential logging is not possible.
Local notifications: You can turn these off in your device settings at any time.
Third-party links
The App may link to third-party sites or services not controlled by us. Their privacy practices govern those services.
Terms reference
Your use of the App may also be governed by our Terms of Service. If a conflict arises, the Terms may control to the extent permitted by law.
Changes to this Policy
We may update this Policy from time to time. We’ll change the “Last updated” date above and, if changes are material, we’ll notify you in-app or by other reasonable means.
Contact us
Publisher & Data Controller: Mohamed Ali (individual/sole developer)
Email: support@edmoro.com
Postal address: PO Box 2974, London, United Kingdom