Arrow Club Privacy Policy
Effective date: May 14th, 2026
Your privacy matters to us. This document explains clearly and honestly what data Arrow Club collects, why we need it, who we share it with, and the full set of choices and rights available to you — wherever you are in the world.
1 What Do These Terms Mean?
Throughout this policy, the following terms carry specific meanings:
- Application
- Arrow Club — the mobile software product provided by the Company.
- Company
- The entity that develops and operates Arrow Club (also referred to as "we", "us", or "our").
- Personal Data
- Any information that relates to an identified or identifiable individual.
- Usage Data
- Technical and behavioral data collected automatically as you interact with the Service.
- Device
- Any smartphone, tablet, or computing device used to access Arrow Club.
- Service Provider
- A third-party company or individual that processes data on our behalf to support the Service.
- Advertising ID
- A resettable device identifier used for ad personalization — GAID on Android, IDFA on iOS.
2 What Information Do We Collect?
We collect two categories of data: information generated automatically when you use the app, and information you provide directly.
Automatically Collected
When you open Arrow Club, our systems record the following in the background:
- IP address and approximate geographic location (country / region level)
- Device specifications: manufacturer, model, operating system version, screen resolution
- Advertising identifiers: GAID (Google Advertising ID) and ANDROID_ID
- Session metrics: session duration, frequency of use, and in-app navigation paths
- Crash reports, performance logs, and diagnostic data
- Network connection type (Wi-Fi, cellular) and carrier information
Collected with Your Participation
Advertising IDs (GAID / IDFA): Used for ad personalization and campaign measurement. You can reset or opt out at any time through device settings.
In-App Engagement: Your interactions with ads, rewards, achievements, and other interactive content.
PayPal Account Details: Your PayPal email address and display name are collected only when you initiate a withdrawal — never otherwise.
3 Why Do We Need Your Data?
Your data powers core functions, communications, and improvements. Specifically, we use it to:
Core Operations
- Run Arrow Club's features and gameplay
- Manage your account and preferences
- Process PayPal withdrawals accurately
Communication
- Send service updates and security notices
- Respond to your support requests
- Notify you about important changes
Analytics & Improvement
- Analyze aggregated usage patterns
- Diagnose errors and performance issues
- Develop new features and content
Advertising
- Deliver relevant, personalized ads
- Measure ad performance and attribution
- Support our free-to-play business model
4 When Is Your Information Shared?
We're selective about sharing. Your data goes only where it needs to — and never to random third parties.
- Service Providers — Companies we hire to host, operate, analyze, and improve Arrow Club. They process data only on our instructions and under binding agreements.
- Business Transfers — In the event of a merger, acquisition, or asset sale, your information may transfer to the successor entity, subject to equivalent privacy commitments.
- Affiliates — Members of our corporate group, each bound by privacy standards at least as protective as this policy.
- Business Partners — Partners who jointly offer features, promotions, or rewards within the app.
- Legal Obligations — When required by applicable law, court order, or valid legal process from government authorities.
- Safety & Rights — To prevent fraud, protect users, or defend the legal rights and property of the Company.
- With Your Consent — For any purpose you've explicitly authorized beyond the above.
PayPal Data Protection: Your PayPal email address and display name are used exclusively to execute withdrawal requests. This information is never sold, rented, or disclosed to advertising partners or unrelated third parties under any circumstances.
5 Why Does the App Need Permissions?
Arrow Club requests the following permissions on Android devices. Each serves a specific, necessary purpose:
| Permission | Purpose |
|---|---|
INTERNET | Core network access required for all app functionality |
ACCESS_NETWORK_STATE | Detects whether a network connection is available before making requests |
ACCESS_WIFI_STATE | Reads Wi-Fi connection details to optimize data transmission |
AD_ID | Accesses the advertising identifier for personalized ad delivery |
VIBRATE | Provides haptic feedback during in-app interactions |
ACCESS_ADSERVICES_TOPICS | Topics API — privacy-preserving interest-based ad targeting |
ACCESS_ADSERVICES_ATTRIBUTION | Attribution Reporting API — measures ad campaign effectiveness |
BIND_GET_INSTALL_REFERRER_SERVICE | Determines how the app was discovered and installed (attribution) |
BIND_APPHUB_SERVICE | Connects to app distribution and update services |
ACCESS_ADSERVICES_AD_ID | Accesses the ad services-specific advertising identifier |
FOREGROUND_SERVICE | Runs necessary background tasks while the app is actively in use |
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION | Securely registers internal broadcast receivers without external exposure |
6 Where Does Your Data Go? — Servers & Analytics
Arrow Club operates the following server infrastructure to deliver its service:
| Component | Endpoint | What It Handles |
|---|---|---|
| Application Server | https://usqp.arroclub.com/ | Core game logic, session management, account data, and real-time interactions |
| Analytics Platform | https://usqp.arroclub.com/ | Aggregated, anonymized usage statistics for product improvement |
Endpoint Security Standards
- TLS 1.2+ encryption is enforced on all connections — data is protected in transit
- Role-based access control (RBAC) limits server access to authorized personnel only
- Data minimization — only data strictly necessary for each operation is transmitted
- Regular vulnerability assessments and penetration testing are conducted on all endpoints
- Data Processing Agreements (DPAs) are in place with all infrastructure and hosting partners
7 Is Your Data Safe?
Security isn't an afterthought — we've built layered protections around your information:
- Encryption in Transit: All data exchanged between your device and our servers is protected by TLS 1.2 or higher
- Encryption at Rest: Sensitive data stored on our servers is encrypted using industry-standard algorithms
- Access Controls: Strict role-based permissions ensure only personnel who need your data can access it
- Security Audits: We conduct regular security reviews, penetration tests, and compliance checks
- Partner Standards: All service providers are contractually required to maintain equivalent security safeguards
Honest Note: While we take every reasonable precaution, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are fully committed to protecting your data to the highest practical standard.
8 How Long Do We Store Your Data?
Retention follows the principle of necessity — we keep personal data only for as long as it serves a legitimate purpose:
- Data is retained only for the purposes described in this policy
- After 90 consecutive days of account inactivity, your personal data is automatically deleted from our active systems
- Usage data may be anonymized and retained indefinitely for aggregate analytics — it can no longer identify you
- Legal, regulatory, or contractual obligations may require us to retain specific data for defined periods beyond the above
- You may request early deletion at any time by contacting agusartawan20051996@gmail.com
9 International Data Transfers
Arrow Club is a global service. Your information may be stored and processed on servers located in countries other than your own — including countries whose data protection laws may differ from those in your jurisdiction.
We protect cross-border transfers through the following safeguards:
- Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable
- TLS 1.2+ encryption for all data in transit across borders
- Partnering with providers in jurisdictions recognized as offering adequate data protection
- Contractual obligations requiring overseas processors to meet GDPR-equivalent standards
By using Arrow Club, you acknowledge that your data may be transferred to and processed in countries outside your residence.
10 Our Partners — Third-Party & Ad Networks
In-app advertising is delivered through AppLovin and its mediation network, which connects Arrow Club to multiple advertising partners.
What We Share with Ad Partners
- Advertising IDs (GAID / IDFA) — resettable on your device at any time
- Device information (model, OS version, screen size)
- Session metrics (length, frequency, time of day)
- Ad interaction data (impressions, clicks, video completions, rewards claimed)
- Country and language settings
What We Never Share with Ad Partners
The following data categories are strictly off-limits for advertising partners: your email address, phone number, PayPal details, login credentials, gameplay progression, user-generated content, and precise GPS location.
Full Partner Directory
Each partner operates under its own privacy policy. Review the links below to understand how each partner handles data:
| Partner | Privacy Policy |
|---|---|
| AppLovin | applovin.com/privacy |
| Chartboost | chartboost.com/legal/privacy-policy |
| policies.google.com/privacy | |
| InMobi | inmobi.com/privacy-policy |
| IronSource | developers.is.com/…/ironsource-mobile-privacy-policy |
| Kwai | kwai.com/legal?id=privacy_policy |
| Fyber | fyber.com/privacy-policy |
| Mintegral | mintegral.com/en/privacy |
| Moloco | moloco.com/privacy-policy |
| Bytedance (Pangle) | pangleglobal.com/privacy |
| Vungle (Liftoff) | vungle.com/privacy |
| Unity Ads | unity3d.com/legal/privacy-policy |
| Yandex | yandex.com/legal/confidential |
| BidMachine | docs.bidmachine.io/…/app-privacy-details |
| Verve | verve.com/privacy-policy |
| Bigo | activity.bigo.tv/live/about/policy.html |
11 What Rights Do You Have?
Multiple data protection frameworks protect you. Based on where you live, you may exercise the rights below. To submit a request, email agusartawan20051996@gmail.com.
🇺🇸 CCPA / CPRA — California
- Know — what personal data we hold and why
- Delete — request erasure of your personal data
- Opt-Out — of the sale or sharing of your data
- Correct — inaccurate personal information
- Non-Discrimination — no penalties for exercising these rights
🇪🇺 GDPR — EU / EEA / UK
- Access — obtain a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — "right to be forgotten"
- Restriction — limit how we process your data
- Object — to certain processing activities
- Portability — receive your data in a machine-readable format
🇺🇸 VCDPA — Virginia
- Access — confirm whether we process your data and receive a copy
- Correct — fix inaccuracies in your personal information
- Delete — request removal of personal data we hold about you
- Portability — receive your data in a portable, usable format
- Opt-Out — opt out of targeted advertising, data sales, and profiling for decisions with legal effects
We will respond to all verifiable rights requests within 30 days (extendable to 60 days with notice where permitted by law).
12 How Can You Opt Out?
Personalized Advertising
Android
Settings → Google → Ads → Opt out of Ads Personalization
You can also reset your GAID from the same menu at any time.
iOS
Settings → Privacy & Security → Tracking → Allow Apps to Request to Track (off)
Or: Settings → Privacy → Apple Advertising → Personalized Ads (off).
Opt Out of Data Sales
To opt out of any sale or sharing of your personal information, send an email to agusartawan20051996@gmail.com with the subject line "Do Not Sell My Data". We will process your request within 15 business days.
Automated Profiling
Arrow Club does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.
13 What About Children?
Our service targets users aged 13 and above. Arrow Club is not designed for, marketed to, or directed at children under 13 years of age. We do not knowingly collect personal data from any child under 13.
If you are a parent or guardian and believe that your child has provided personal information to Arrow Club without your consent, please contact us immediately at agusartawan20051996@gmail.com. Upon verification, we will promptly delete all such information from our systems.
Users between 13 and 18 years of age should review this policy with a parent or guardian.
14 Data Breach Notification
Despite our security measures, no system is immune to incidents. In the event of a data breach that is likely to result in a risk to your rights and freedoms:
- We will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR Article 33
- Notifications will describe the nature of the breach, the categories of data affected, likely consequences, and the remedial measures taken
- We will document all breaches internally regardless of whether they require external notification
- We maintain an incident response plan and a dedicated security team to minimize impact and recovery time
If you suspect unauthorized access to your Arrow Club account or data, contact agusartawan20051996@gmail.com immediately with the subject line "Security Concern".
15 Cookies & Tracking Technologies
Arrow Club may use web views within the app that employ cookies and similar tracking technologies. These technologies help us maintain sessions, remember preferences, and analyze how users interact with in-app web content.
Types of Tracking Used
Session Cookies
Temporary cookies that expire when you close the session. Used for authentication and state management.
Analytics Trackers
Persistent trackers that collect anonymized usage data to help us improve in-app web content.
Ad Tracking
Pixels and SDKs used by ad partners to measure campaign performance and attribution.
Managing Cookies
You can clear cookies stored by Arrow Club's web views by clearing your app data via device settings (Settings → Apps → Arrow Club → Clear Data). Note that this may reset your in-app preferences.
16 Legal Disclosure Requirements
There are specific circumstances under which we may be required to disclose your personal information beyond the routine sharing described above:
- Business Transactions: Your data may be transferred as part of a corporate merger, acquisition, restructuring, or sale of all or a portion of our assets. We will provide notice and ensure continuity of privacy protections.
- Law Enforcement Requests: We will disclose personal data when required to do so by a valid court order, subpoena, or other binding legal process, or when we believe in good faith that disclosure is necessary to comply with applicable law.
- Protection of Rights & Safety: We may disclose information to prevent or address illegal activity, to protect the safety of our users or the public, or to defend the legal rights, property, and interests of the Company.
In all such cases, we will limit disclosure to the minimum data necessary and, where legally permissible, will notify affected users before complying.
17 Third-Party Links
Arrow Club may contain links to websites, services, or content operated by third parties — including ad networks, social platforms, and partner services. We have no control over, and assume no responsibility for, the content, privacy practices, or data handling of any external site.
We encourage you to review the privacy policy of every website or service you visit outside of Arrow Club. The inclusion of a link in our app does not imply endorsement of that site's privacy practices.
18 Will This Policy Change?
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we do:
- The revised policy will be posted on this page with an updated effective date
- For material changes that significantly affect your rights or how we handle your data, we will provide prominent notice within Arrow Club or via email at least 7 days before the changes take effect
- Your continued use of Arrow Club after a policy update constitutes acceptance of the revised terms
We recommend bookmarking this page and reviewing it periodically to stay informed.
19 How Can You Reach Us?
For any questions, concerns, data requests, or feedback related to this Privacy Policy or your personal data, please reach out through any of the following channels:
- Email: agusartawan20051996@gmail.com
- In-App: Navigate to Settings → Help & Support within Arrow Club
We are committed to responding to all privacy-related inquiries within 48 hours of receipt. For formal rights requests (GDPR/CCPA/VCDPA), we will acknowledge within 48 hours and complete the request within 30 days.
© 2026 Arrow Club. All rights reserved.