Privacy Policy
1. Who We Are
Echo Crawler is a mobile game published by wmkc, based in Israel. This privacy policy applies to the Echo Crawler mobile application on Android (Google Play) and iOS (Apple App Store), and to the website at echo-crawler.wmkc.net.
Data controller: wmkc
Contact: privacy@wmkc.net
Website: wmkc.net
2. Data We Collect
Echo Crawler does not operate its own servers or databases. All user data is stored either locally on your device or managed by third-party platform services.
A. Data Stored Locally on Your Device
All game data is stored on your device using encrypted local storage (FlutterSecureStorage). This data never leaves your device unless you explicitly opt into cloud save.
| Category | Examples | Purpose |
|---|---|---|
| Game progress | Dungeon level, endless mode best score, completed regions | Track player progression |
| Currencies & balances | Gold, Gems, Souls, Essence, Ash, Skip Ads tokens | In-game economy |
| Equipment & inventory | Owned gear, equipped items, skins | Gameplay |
| Settings & preferences | Audio volume, haptics, language, targeting mode | User preferences |
| Purchase history | Product ID, price, timestamp, refund status | Purchase verification |
| Daily reward timestamps | Last claim date per reward type | Prevent duplicate claims |
| Lucky Draw state | Board layout, cards drawn, draw counts | Daily Lucky Draw feature |
| Chest guarantee counters | Opens since last guaranteed rarity drop | Guarantee system (pity timer) |
| Consent preference | Personalized ads consent choice | GDPR compliance |
wmkc cannot access, view, or retrieve any locally stored data. It exists only on your device. Uninstalling the app or clearing app data permanently deletes it.
B. Data Managed by Third-Party Services
| Service | Data | When | User Control |
|---|---|---|---|
| Google Play Games Services | Cloud save blob (progress, currencies, equipment, settings) | When you sign in and trigger cloud save | Delete via Google Play Games settings or play.google.com |
| Apple Game Center | Cloud save blob (progress, currencies, equipment, settings) | When you sign in and trigger cloud save | Delete via device Settings → Game Center or privacy.apple.com |
| Google AdMob | Ad interaction data, device advertising ID, IP address | When rewarded ads are shown | Reset or delete advertising ID in device settings; in-app consent controls personalization |
| Google Play / Apple App Store | Purchase transaction records | When you make an in-app purchase | Managed by Google/Apple |
C. Data We Do Not Collect
Echo Crawler does not collect: names, email addresses, contact information, location data, photos, camera or microphone data, contacts, health or fitness data, browsing history, device identifiers (beyond what AdMob collects for ad serving), analytics or behavioral tracking data, user-generated content, or financial information (all payments are processed by Google Play / Apple).
3. How We Use Data
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Local game data | Core gameplay functionality | Contractual necessity (Art. 6(1)(b)) |
| Cloud save data | Back up and restore progress across devices | Consent (user opts in) |
| Ad interaction data | Serve rewarded video ads; personalize if consented | Legitimate interest / Consent |
| Purchase records | Fulfill purchases, handle refunds, prevent fraud | Contractual necessity / Legal obligation |
| Consent preference | Remember ad personalization choice | Legal obligation (GDPR) |
4. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google AdMob | Opt-in rewarded video ads | policies.google.com/privacy |
| Google Play Games Services | Cloud save (Android) | policies.google.com/privacy |
| Apple Game Center | Cloud save (iOS) | apple.com/legal/privacy |
| Google Play Billing | In-app purchases (Android) | policies.google.com/privacy |
| Apple StoreKit | In-app purchases (iOS) | apple.com/legal/privacy |
AdMob may use the following data for ad serving: device advertising identifier, IP address, device type, operating system version, and app interaction data. When you have not consented to personalized ads (or are in the EEA/UK and have denied consent), only non-personalized ads are served.
5. Advertising & Consent
All ads in Echo Crawler are opt-in rewarded video ads. The game never shows interstitial, banner, or forced ads. You choose to watch an ad in exchange for an in-game reward.
Users in the EEA/UK are shown a consent prompt (via Google's User Messaging Platform) before any ads are served. You can change your consent preference at any time via Settings → Privacy → Privacy Settings in the game.
The "Remove Ads" in-app purchase permanently removes all ad prompts and automatically grants all ad-gated rewards without showing ads.
Ad Touchpoints
- Revive after death
- Double Gold on run end
- Special-tier mid-run stats upgrades
- Lucky Draw bonus draws
- Daily free gold bonus claim
- Daily free gems bonus claim
- Daily free Bronze Chest bonus claim
- Ability upgrade screen — reroll options
- Ability upgrade screen — select all options
6. Children's Privacy
Echo Crawler is not directed at children under 16. As of June 2026, PEGI mandates a minimum rating of PEGI 16 for all games containing paid random items (loot boxes). wmkc does not knowingly collect personal information from children under 16.
If a parent or guardian believes their child has provided personal information through a third-party service used by the game, they should contact the relevant platform (Google or Apple) directly.
7. Data Retention
- Local device data: Retained until you uninstall the app or clear app data. wmkc has no access to this data.
- Cloud save data: Retained by Google Play Games Services or Apple Game Center until you delete it through your platform account settings.
- Ad interaction data: Retained by Google AdMob per Google's data retention policies.
- Purchase records: Retained by Google Play / Apple App Store per their respective policies. The local copy is deleted when the app is uninstalled.
8. Your Rights
EEA, UK, and Israel
Under the GDPR and Israeli Privacy Protection Law (as amended by Amendment 13, effective August 14, 2025), you have the right to:
- Access — Request information about what data is processed about you
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data (see the Data Deletion page)
- Restriction — Request that processing be restricted
- Portability — Request a copy of your data in a portable format
- Object — Object to processing based on legitimate interest
- Withdraw consent — Withdraw consent for personalized ads at any time via Settings → Privacy → Privacy Settings
Since wmkc does not store user data on its own servers, most of these rights are exercised through the platform services (Google, Apple). See the Data & Account Deletion page for instructions.
California (CCPA/CPRA)
Under the California Consumer Privacy Act, you have the right to know what personal information is collected, delete your personal information, and opt out of the sale or sharing of your personal information.
wmkc does not sell or share personal information as defined by the CCPA. Ad personalization is consent-based and can be controlled via the in-game consent prompt or device advertising settings.
9. Data Security
- All locally stored game data is encrypted using FlutterSecureStorage (Android Keystore / iOS Keychain).
- Cloud save data is transmitted over encrypted connections (HTTPS/TLS) and stored by Google/Apple using their security infrastructure.
- In-app purchase transactions are processed entirely by Google Play / Apple App Store. wmkc never receives or stores payment card details.
In the event of a data breach affecting your personal data, wmkc will notify affected users and relevant authorities within the timeframes required by applicable law, including 72 hours under Israel's Privacy Protection Law (Amendment 13).
10. International Data Transfers
Ad serving via Google AdMob may involve data transfers to Google servers located outside your country of residence, including the United States. Google maintains appropriate safeguards for such transfers (Standard Contractual Clauses, adequacy decisions). Cloud save data is stored by Google/Apple in accordance with their respective data processing agreements.
11. Changes to This Policy
wmkc may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, a notice may be provided within the game. Continued use of the game after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related inquiries or to exercise your data rights:
- Email: privacy@wmkc.net
- Website: wmkc.net
- Data Deletion: echo-crawler.wmkc.net/data-deletion
If you are in the EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. In Israel, complaints can be filed with the Privacy Protection Authority (PPA).