Privacy Policy of Hero Wars: Alliance

(Revised as of December 25, 2025)

WHY DO WE HAVE THIS POLICY?

This Privacy Policy is a set of commitments that NEXTERS GLOBAL LTD promises to follow when collecting, processing, and protecting your personal data. Your privacy is our highest priority, and we are committed to safeguarding your personal information in accordance with applicable laws and security best practices. This Policy explains:

  • What data we process;
  • With whom we may share your data;
  • The purposes of data processing;
  • How long we retain your data;
  • How we protect your data; and
  • How you can control your data.

We strive to comply with applicable data protection laws, including but not limited to the GDPR (European Union), LGPD (Brazil), and PIPA (Korea). Where local laws grant you specific rights, these are outlined in the section “How Can You Control Your Data?” and in any additional regional notices, as applicable.

WHO ARE WE?

NEXTERS GLOBAL LTD is an international game development company dedicated to providing engaging and secure gaming experiences. This Privacy Policy explains how we collect, use, and protect your personal data as you play Hero Wars: Alliance.

If you are not an adult, please obtain permission from your legal guardian before using the Project. For any questions or concerns, please contact us via the “Help and Support” section in the Project or by email at:
Email: privacy@nextersglobal.com

If, under applicable law (e.g., GDPR), we are required to appoint a Data Protection Officer (DPO) or a similar representative (e.g., “Encarregado” under LGPD), we will provide the relevant contact information upon request.

Data Controller

For the purposes of the GDPR and other applicable data protection laws, the Data Controller is:

NEXTERS GLOBAL LTD
3101, Cyprus, Limassol, 55 Griva Digeni
Email: privacy@nextersglobal.com

WHAT DATA DO WE COLLECT AND WHY?

We consider any information that can identify you as personal data. We collect various types of data to provide you with a full gaming experience and to continually improve our services. In order to clearly explain the data we process, please refer to the table below.

Where we rely on your consent as the legal basis for processing, we do not rely on that consent indefinitely. As a general rule, we consider your consent to remain valid for no longer than five (5) years from your last relevant interaction with the Project or our communications, unless you withdraw it earlier or a shorter period is required by applicable law.

Data Processing Overview

Data Processing Purpose Legal Basis Data Categories Retention Period Additional Information
Gaming process & application features availability Contract Account information, your interaction with the Project and its features (e.g., session and gameplay logs, use of in-game functions, events and items), game progress and related in-Project history. For the duration of the account; typically removed or anonymized within 30 days after deletion request Essential for accessing, playing and using the core features of the Project.
Account Creation & Management Contract Account information (username, display name, email address, account ID, account creation date) For the duration of the account; typically removed or anonymized within 30 days after deletion request Essential for accessing and using the Project.
User Verification & Security Legitimate Interest IP address, unique device IDs (device ID, advertising ID, Android ID, etc.), broad location data (e.g., country code) For the duration of account activity or until you successfully object Used for anti-cheat measures, fraud prevention, and protecting user accounts.
In-Project Transactions Contract Transaction details (amount, currency, date/time, voucher codes, order IDs) Retained for up to 7 years (or as required by tax and legal obligations) Payment data (e.g., credit card numbers) is processed directly by the app store or payment provider and is not stored by us.
Marketing & Communications Consent Email address and other contact details (if provided) For up to five (5) years from your last interaction with our marketing communications Used for sending newsletters, updates, security alerts, and promotional communications.
Chat messaging & on‑demand translation Contract/ Legitimate Interest Message text; translated text; source & target languages; minimal logs Retained for up to 3 years Safety/moderation measures may apply (reports, abuse prevention); do not share personal/sensitive data in chats
Chat safety and moderation Legitimate Interest Chat message content, reports and flags submitted by users, technical logs, enforcement data For up to 3 years from the relevant event or longer where required by applicable law or necessary for the establishment, exercise or defence of legal claims. We use automated tools and limited human review to detect, investigate and address spam, threats, hate speech and other violations of our rules, and to comply with applicable laws.
Advertising & Analytics Consent / Legitimate Interest Advertising identifiers (e.g., IDFA/GAID), usage logs, device information, crash logs, and performance metrics For up to five (5) years from your last in-Project activity or until you opt out of such processing, whichever occurs first. Aggregated or anonymized data may be stored indefinitely. Data may be shared with third-party advertising networks or analytics providers (with your consent, where applicable).
Facebook Integration (Optional) Consent Facebook public profile information (name, profile picture, friend list, email address) For as long as your Facebook account remains linked to the Project and, in any case, no longer than five (5) years from your last login. Enables account verification and social features; integration is entirely optional and can be disconnected at any time via account settings.
Customer Support Contract / Legitimate Interest Data you provide when contacting support (e.g., email, screenshots, device details) For the duration of the support case or as required by applicable law Used solely for resolving support queries and ensuring optimal customer service.
Improvement and development of the Project (including product experiments and test servers) Contract / Legitimate Interest Account and gameplay data (e.g., account ID, region/server, platform, test/control group); gameplay metrics (FTUE completion, use of key mechanics, conversions, early retention); technical data (device/OS info, performance and crash data); short in-game gameplay video fragments (engine-rendered only). For the duration of the experiment, typically retained up to 12 months for validation and aggregated reporting. Aggregated or anonymized data may be kept longer. Used to test and improve early-game experience, mechanics and Project performance.
Technical & Diagnostic Data Legitimate Interest Crash logs, error reports, device specifications, in-Project usage statistics, and diagnostic data For the duration of account activity; aggregated or anonymized data may be retained indefinitely Helps us monitor, diagnose, and resolve technical issues and improve Project performance.

Chats — Data Processing

Our Project include in-game chats that enable players to communicate in real time. To support a safe and reliable experience, we process chat messages to deliver core functionality (send/receive), optional on-demand translation, and safety/moderation measures. This approach aligns with practices used by leading games and communications platforms, which disclose processing of message content for service delivery, abuse prevention, and—where applicable—translation. The details below explain what we process, why, and with whom it may be shared.

What we process in chats

Categories of data. We process message content — the text you send via in app chats. Please do not share personal or sensitive information in chats. If you choose to do so, such information will be processed as part of your message.

Purposes and legal bases

We process chat messages for several purposes:

  • to provide core chat functionality (sending and receiving messages) and optional on-demand translation — based on performance of contract; and
  • to maintain chat safety and enforce our rules (including automated and manual review of messages and logs where necessary) — based on our legitimate interests and, where applicable, legal obligations.

We may use automated tools and limited human review to detect and address spam, threats, hate speech, and other policy violations. This may involve analyzing message content and related technical logs. If a message or account is reported, we may review and temporarily retain relevant chat content and logs to investigate and to comply with legal obligations. You can report problematic messages in app or via the support contacts listed in this Policy. We offer appeals consistent with our rules and applicable law.

We share chat data only as described below:

Processors (service providers).

  • Amazon Web Services, Inc. (Amazon Translate);
  • Google LLC (Google Cloud Translation). These providers act under our instructions, process data solely to deliver translation, and apply appropriate security and confidentiality measures.

PRODUCT EXPERIMENTS AND TESTING

From time to time, we run product experiments and A/B tests to understand how players use the Project and to make the gameplay experience better, clearer and more enjoyable. These activities may include testing different versions of our first-time user experience and early-game mechanics, measuring early-game engagement, or comparing content and features between test and control groups.

To carry out these tests, we may assign players to different versions of the Project, direct new registrations from certain countries or platforms to dedicated test servers or limit specific experiments to newly created accounts. Some tests may also include temporary or experimental content available only within the test environment. Prices of existing offers generally remain unchanged; we may test new offers, but we do not increase the prices of existing ones because of participation in a test.

As part of certain tests, we may also collect short sequences of in-game visuals (for example, what the game engine displays at specific moments), along with gameplay and technical information that helps us understand how players move through tutorials, interact with early-game features, and encounter usability or performance issues.

These visuals reflect only what happens inside the Project. We do not capture your device’s operating system screen, notifications, calls, SMS, microphone or camera.

All collected data is processed within the game, transferred securely to our systems, and removed from your device afterwards. We keep it only for as long as needed to analyse the test (typically up to 12 months) and then delete or anonymize it. Access is strictly limited to teams and service providers who help us analyse gameplay and improve the Project. We do not use this data for targeted advertising.

Participation in product experiments is generally automatic for eligible accounts. You may contact us through in-Project support to request removal from a specific test where technically feasible, or to object to this processing based on our legitimate interests (see “How can you control your data?”).

FACEBOOK VERIFICATION AND INTEGRATION

To streamline account management and enhance your social experience, we offer an optional Facebook integration.

How It Works

  • Consent and Connection:
    If you choose to verify your account via Facebook or enable social features (such as sharing achievements or inviting friends), you will be redirected to Facebook. There, you will be asked to grant permission for our Project to access specific data from your Facebook account.
  • Data Received from Facebook:
    With your consent, we may receive the following information from Facebook:
    • Your public profile (name, profile picture, friend list)
    • Your email address
    • Any additional information you permit Facebook to share
  • Purpose of Facebook Data Processing:
    The data obtained is used solely to:
    • Verify your identity and facilitate login via Facebook
    • Enable social features within the Project
    • Enhance your overall gaming experience
  • Voluntary Integration & Revocation:
    Facebook integration is entirely optional. Should you choose not to link your Facebook account, core features of the Project remain available, though certain social functionalities will not be enabled. You may revoke your consent at any time via your account settings or the Facebook interface. Once revoked, we will cease processing data obtained from Facebook for these purposes.
  • Compliance:
    All processing of Facebook data is conducted in accordance with this Privacy Policy and Facebook’s own policies.

LEGAL BASES FOR DATA PROCESSING

We process your personal data only when necessary for providing access to and improving the Project. Our legal bases for processing include:

  • Contract: For account creation, management, and processing in-game transactions.
  • Legitimate Interests: For security measures, fraud prevention, and the analysis of user behavior to enhance the gaming experience.
  • Consent: For processing data based on your explicit permissions (e.g., marketing communications, Facebook integration, targeted ads).
  • Legal Obligations: To comply with applicable laws such as tax reporting and consumer protection regulations.

HOW DO WE SHARE YOUR DATA?

We do not sell your personal data. However, to provide you with our services, we may share your data under the following circumstances:

  1. Service Providers & Partners:

    • Technical/Customer Support Providers: Companies that help us operate and maintain the Project.
    • Cloud/Hosting Services: Providers that securely store and process data on our behalf.
    • Analytics & Advertising Partners: Third parties that assist us in understanding usage patterns and delivering relevant ads (subject to your consent).
    • Software Providers: Partners offering services in accordance with our instructions and contractual obligations regarding data protection.
    • Email Service Provider (e.g., PushWoosh, or another equivalent platform) – delivery of transactional and marketing emails; storage of subscriber status. Each provider is engaged under data-processing terms that ensure GDPR/LGPD compliance.

    We maintain an up-to-date list of these third-party partners here. This list includes the partner names, the nature of the services they provide, and, where applicable, links to their own privacy policies. We update this list whenever we add or remove a vendor to ensure transparency and compliance with applicable laws.

  2. Affiliates & Business Transfers:

    • Data may be shared within our corporate group or transferred in connection with mergers, acquisitions, or asset sales, subject to confidentiality agreements.

  3. Legal & Regulatory Requirements:

    • We may disclose data to comply with legal obligations, respond to lawful requests, or protect the rights, property, or safety of our users or the public.

  4. International Transfers:

    • When data is transferred outside the EEA, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

If you reside in other regions (e.g., Brazil, Korea), we will also use appropriate or equivalent safeguards to ensure lawful data transfers, in line with LGPD or PIPA requirements.

DATA RETENTION

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For example:

  • Account Data: Retained for as long as your account is active; if deletion is requested, data is generally removed or anonymized within 30 days (except where longer retention is required, e.g., 7 years for financial records).
  • Usage & Analytics Data: Retained in aggregated or anonymized form indefinitely unless you opt out.
  • Support Data: Retained for the duration of the support case or as required by law.

Once the purpose for which data is processed has been fulfilled, personal data is securely deleted.

HOW CAN YOU CONTROL YOUR DATA?

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion (“Right to be Forgotten”): Request deletion of your personal data (note that this may result in loss of access to the Project).
  • Restriction & Objection: Request that we limit or cease processing your data.
  • Withdraw Consent: Revoke consent for data processing where it is based on your permission (e.g., marketing communications, Facebook integration).

Additional rights for specific regions:

  • Data Portability (GDPR, some other jurisdictions): Receive your data in a structured, commonly used, and machine-readable format.
  • Right to Lodge a Complaint: You may file a complaint with a supervisory authority (for example, in the EU or Brazil) if you believe we have processed your data unlawfully.
  • Request for Suspension of Processing (Korea): Under PIPA, users may request temporary suspension of processing under certain conditions.

To exercise these rights, please contact us via the in-game “Help” section or email:
Email: privacy@nextersglobal.com

We may require you to verify your identity before processing your request, which we will typically complete within 30 days.

Read more

You have all the technical capabilities to determine how the Data shall be used. We are constantly improving the data management methods available to you.

You can form a request within the Project by sending a request in the Help section or Account. You are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems. You can also limit, restrict or object to the processing of your data.

For exercising your rights, you can:

  • at any time withdraw your consent for Data Processing;
  • access to your Data received by us. You are entitled to access the Data about you received by us which means you have the right to request the provision of information about Data storage, access to Data, as well as copies of the stored Data;
  • require limitation of Data processing for the time required to verify the reliability of the information provided;
  • change the Data. You may discretionary determine the Data, which shall be associated with your Account.
  • object to the processing of your Data. If you believe that we have no legitimate reason for processing your Data, please contact us using email: privacy@nextersglobal.com. If we fail to satisfy your claim, you have the right to file a complaint with the local supervisory authority.
  • delete Data related to the Account.

The procedure for withdrawing consent to the processing and deletion of Data:

PLEASE NOTE that the Data is used by us solely for the purpose of providing you access to the Project and improving the quality of the Services. By deleting of Account Data, you will lose access to the Project and your Data will be permanently deleted.

HOW DO WE PROTECT YOUR DATA?

We implement robust technical and organizational measures to safeguard your data against unauthorized access, alteration, or loss. Our security measures include:

  • Data Encryption: During both storage and transmission.
  • Access Controls: Restricting data access to authorized personnel only.
  • Two-Factor Authentication: For sensitive account operations.
  • Regular Audits & Security Assessments: To continuously identify and mitigate vulnerabilities.
Read more

We provide you with access to international Project and strive to comply with applicable local laws. Please note that our Services are provided "as is" and you should get to know with applicable laws. By continuing your use of the Project, you warrant that your use of the Project is not contrary to the applicable law and Terms of Service.

NEXTERS GLOBAL LTD respects the confidentiality of your data and strives to ensure the highest level of protection. Despite the measures we are taking to protect your information, any measures that we apply will not have any effect if you neglect the data security.

The project implemented reliable means of protection to ensure the security of your data. We do everything possible for your safety when using the Project and are constantly improving our information protection methods. As some means of protecting information from unauthorized access, alteration, disclosure or destruction, we use the following methods:

  • data encryption during storage and transmission;
  • we carry out two-factor user authentication when requesting an action with the Data;
  • we improve the techniques and methods of collecting, storing and processing the Data;
  • access to the Data, in encrypted and impersonal form, have only authorized employees, consultants or interested groups of people who need access to this information to perform their duties;
  • all persons having access to the Data are briefed on working with data, their knowledge and skills are systematically being checked.

In spite of all measures taken by us, your careful attitude to the Account and access to it has a great importance in the safety of your Data. To prevent unauthorized access to your Data and Account, we strongly recommend you not to share access to the account to any third parties and to comply with the rules of the project and use of the Services. In case of your violation of the Terms of Service of the Services, we will not be able to guarantee the security of your Data.

WARNING! The following actions are prohibited by this Policy and the Terms of Service, and may also violate the confidentiality of your data:

  • transfer of information about the Account and (or) access rights to third parties. Please note that our official representative will never request access to your Account;
  • the use of unauthorized third-party programs, the use of robot programs and (or) programs that change the Project process, including assistance in the Project process. In addition to the fact that the use of such programs is expressly prohibited by the Terms of Service, they may contain malicious software that could harm the security of your data;
  • the acquisition of in-game values from third parties. By acquiring in-game values bypassing the Terms of Service, you can become a victim of fraudsters.

NEXTERS GLOBAL LTD appreciates the help of our users in identifying and addressing potential vulnerabilities, as we take the security of our systems and data extremely seriously. Please report any security vulnerabilities found in our systems or applications to us as soon as possible.

In your email, please include a detailed description of the vulnerability, including any relevant technical details that may help us understand the nature and severity of the issue. If possible, please also include steps to reproduce the vulnerability, so that we can more easily investigate and remediate the issue. We take all reports of security vulnerabilities seriously, and we will investigate each report promptly and thoroughly.

We may also contact you for additional information or clarification, so please be sure to include your contact information in your email. Thank you for helping us maintain the security of our systems and data. We greatly appreciate your contribution to our security efforts.

Please keep your account credentials secure and do not share them with others. If you suspect any security breach, contact us immediately at:
Email:privacy@nextersglobal.com

CHILDREN’S PRIVACY

Hero Wars: Alliance is not directed to children under the age of 18 (or under the minimum digital age in your jurisdiction, if higher). We are committed to ensuring that if children do engage with our Project, their personal data is handled responsibly and in compliance with relevant regulations.

We do not knowingly collect personal information from children under the age of 18 (or below the minimum age of consent in your country) without verifiable parental consent.

If we discover that we have inadvertently collected personal data from a child without proper consent, we will promptly delete or anonymize that data.

Age Restriction & Verification

Age Gate: Where feasible, we implement checks (e.g., age prompts) to discourage children under the required age from providing personal data.

Parental/Guardian Consent: If a user is under the required age, they must obtain permission from a parent or legal guardian before accessing or using the Project’s services. We may request a parent’s email address or other verification information to ensure consent is valid and verifiable.

Limited Data Collection

Any data collected in connection with children’s activity (e.g., for support requests or gameplay functionality) is minimized to what is strictly necessary for providing our services. We do not use such data for behavioral advertising or other purposes not permitted by law.

Parental Controls & Guidance

We encourage parents and guardians to familiarize themselves with online safety practices and monitor their children’s in-game activities. Please visit our Parental Guide for tips on protecting children’s privacy, managing in-app purchases, and setting controls to ensure a child-friendly experience.

Parental Rights

Parents or legal guardians may request to review, delete, or prevent further collection of their child’s personal data. If you believe we have collected information from a child contrary to applicable law, contact us immediately, and we will take appropriate measures.

Contact for Children’s Data Concerns

If you have concerns about the data we may hold from or about a child, or wish to withdraw consent previously given, please contact our support team:

Email: privacy@nextersglobal.com

CONTEST & PROMOTION PARTICIPANTS

Data category Includes Legal basis Retention
Contestant data Name, nickname, age/DOB, country, contact e mail/phone, shipping address, player ID, UGC (screenshots, photos, videos), tax info (if needed) Contract (contest rules), Legitimate interest (prevent fraud), Legal obligation (tax) Up to 12 months after contest end or longer if required by law

We use this data to:

  • Verify eligibility (age, region);
  • Administer the contest (collect entries, pick winners, notify and ship prizes);
  • Publicly announce winners if required;
  • Meet tax/reporting duties.

Sharing: logistics/postal operators, sponsor partners (if stated in rules), tax authorities.

NEWSLETTERS & MARKETING COMMUNICATIONS

Data category Includes Legal basis Retention
Subscriber data Email address and associated Account ID, game preferences, engagement metrics (opens, clicks) Consent (opt-in) or Legit. interest (soft opt-in) Stored in our internal database and with our email-service provider (e.g., PushWoosh or an equivalent vendor) until you withdraw your consent or for up to five (5) years from your last interaction with our marketing communications (whichever occurs first) + 30 days for system sync

How it works:

  • Subscription — ingame, website, or email form; double opt-in verifies ownership.
  • Unsubscribe — every message has an "Unsubscribe" link; you can also disable push notifications and stop SMS by replying "STOP".
  • Segmentation — we analyse clicks to send relevant content, but do not conduct invasive profiling.

CHANGES TO THIS POLICY

We reserve the right to modify or update this Privacy Policy at any time. Should significant changes be made, we will notify you via the Project or other appropriate channels. Your continued use of the Project after updates constitutes acceptance of the revised Policy.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, or if you wish to request previous versions of this Policy, please contact us at:

NEXTERS GLOBAL LTD
Address: 3101, Cyprus, Limassol, 55 Griva Digeni
Email: privacy@nextersglobal.com

FAITHFULLY YOURS,
NEXTERS GLOBAL LTD

This Policy is written in English. In the event of any discrepancies between translations, the English version shall prevail.

Limassol
55 Georgiou Griva Digeni, Limassol, 3101, Cyprus
Nexters owns a number of companies internationally, with remote and in-house teams located in Cyprus and other locations across the globe. Learn more about the Nexters companies
part of Nexters GDEV logo
Terms of Service · Privacy policy · Open Source Software · Parent’s Guide
©2025 Nexters Global Limited. Registered at 107 Faneromenis Avenue, Larnaca, 6031, Cyprus