Privacy Policy of Hero Wars: Alliance

(Revised as of June 4, 2026)

WHY DO WE HAVE THIS POLICY?

This Privacy Policy is a set of commitments that NEXTERS GLOBAL LTD promises to follow when collecting, processing, and protecting your personal data. Your privacy is our highest priority, and we are committed to safeguarding your personal information in accordance with applicable laws and security best practices. This Policy explains:

  • What data we process;
  • With whom we may share your data;
  • The purposes of data processing;
  • How long we retain your data;
  • How we protect your data; and
  • How you can control your data.

We strive to comply with applicable data protection laws, including but not limited to the GDPR (European Union), LGPD (Brazil), and PIPA (Korea). Where local laws grant you specific rights, these are outlined in the section "How Can You Control Your Data?" and in any additional regional notices, as applicable.

WHO ARE WE?

NEXTERS GLOBAL LTD is an international game development company dedicated to providing engaging and secure gaming experiences. This Privacy Policy explains how we collect, use, and protect your personal data as you play Hero Wars: Alliance.

This Privacy Policy applies to your use of Hero Wars: Alliance on supported mobile devices, supported browser-based and web versions, and related websites, authentication flows, support channels and cross-platform features, including where your account, progress, settings or gameplay state are accessed, synchronized or restored across versions of the Project.

If you are not an adult, please obtain permission from your legal guardian before using the Project. For any questions or concerns, please contact us via the “Support” section in the Project or by email at:
Email: privacy@nextersglobal.com

If, under applicable law (e.g., GDPR), we are required to appoint a Data Protection Officer (DPO) or a similar representative (e.g., "Encarregado" under LGPD), we will provide the relevant contact information upon request.

Data Controller

For the purposes of the GDPR and other applicable data protection laws, the Data Controller is:

NEXTERS GLOBAL LTD
3101, Cyprus, Limassol, 55 Griva Digeni
Email: privacy@nextersglobal.com

WHAT DATA DO WE COLLECT AND WHY?

We consider any information that can identify you as personal data. We collect various types of data to provide you with a full gaming experience and to continually improve our services. In order to clearly explain the data we process, please refer to the table below.

Where we rely on your consent as the legal basis for processing, we do not rely on that consent indefinitely. As a general rule, we consider your consent to remain valid for no longer than five (5) years from your last relevant interaction with the Project or our communications, unless you withdraw it earlier or a shorter period is required by applicable law.

When you use the browser-based or web version of the Project, we may process browser, device and session data, including cookies, local storage and similar technologies, to authenticate you, keep the Project secure, remember your session and preferences, enable gameplay, and support analytics or advertising where permitted by applicable law and, where required, with your consent. We may also process cross-platform account-linking and synchronization data to let you continue gameplay between mobile and web versions of the Project.

Data Processing Overview

Data Processing Purpose Legal Basis Data Categories Retention Period Additional Information
Gaming process & application features availability Contract Account information, your interaction with the Project and its features (e.g., session and gameplay logs, use of in-game functions, events and items), game progress and related in-Project history. For the duration of the account; typically removed or anonymized within 30 days after deletion request Essential for accessing, playing and using the core features of the Project.
Browser Version Access, Cross-Platform Login and Synchronization Contract / Legitimate Interest / Consent Account ID and linked account data; browser, device and session data (for example, IP address, user agent, browser language, OS, cookies, local storage IDs and session tokens); login and confirmation events (for example, QR or deep-link sign-in flow, approval status and timestamps); gameplay, settings and account synchronization metadata. For the duration of the account and/or session; persistent identifiers remain until expiry, logout, deletion, or withdrawal of consent where applicable. Used to launch and operate the browser-based or web version, remember your session where supported, synchronize progress and settings across supported versions of the Project, and protect account security. Non-essential browser technologies are used only where permitted by applicable law and, where required, based on your consent.
Account Creation & Management Contract Account information (username, display name, email address, account ID, account creation date) For the duration of the account; typically removed or anonymized within 30 days after deletion request Essential for accessing and using the Project.
User Verification & Security Legitimate Interest IP address, unique device IDs (device ID, advertising ID, Android ID, etc.), broad location data (e.g., country code) For the duration of account activity or until you successfully object Used for anti-cheat measures, fraud prevention, and protecting user accounts.
In-Project Transactions Contract Transaction details (amount, currency, date/time, voucher codes, order IDs) Retained for up to 7 years (or as required by tax and legal obligations) Payment data (e.g., credit card numbers) is processed directly by the app store or payment provider and is not stored by us.
Marketing & Communications Consent Email address and other contact details (if provided) For up to five (5) years from your last interaction with our marketing communications Used for sending newsletters, product updates, offers, and promotional communications. Account, transaction and security messages may be sent separately as service communications where permitted by applicable law.
Chat messaging & on‑demand translation Contract/ Legitimate Interest Message text; translated text; source & target languages; minimal logs Retained for up to 3 years Safety/moderation measures may apply (reports, abuse prevention); do not share personal/sensitive data in chats
Chat safety and moderation Legitimate Interest Chat message content, reports and flags submitted by users, technical logs, enforcement data For up to 3 years from the relevant event or longer where required by applicable law or necessary for the establishment, exercise or defence of legal claims. We use automated tools and limited human review to detect, investigate and address spam, threats, hate speech and other violations of our rules, and to comply with applicable laws.
Advertising & Analytics Consent / Legitimate Interest Advertising identifiers (e.g., IDFA/GAID), usage logs, device information, crash logs, and performance metrics For up to five (5) years from your last in-Project activity or until you opt out of such processing, whichever occurs first. Aggregated or anonymized data may be stored indefinitely. Data may be shared with third-party advertising networks or analytics providers (with your consent, where applicable).
Advertising Audiences for Nexters Games Consent for users in the EEA, UK and other jurisdictions where consent is required. In certain US states, this processing may be treated as “sharing” for cross-context behavioral advertising or “targeted advertising”, and you may opt out as described in this Policy. Email address, Account ID, Project/source information, country or region, consent status, advertising identifiers where available, limited gameplay or engagement segments, and audience inclusion or exclusion status. Until you withdraw your consent or opt out, or until the validity period of your consent expires, whichever occurs first. The validity period of your consent for advertising audiences is 12 months unless you withdraw it earlier or a shorter period is required by applicable law. Audience records are refreshed, removed or suppressed according to our internal settings and partner technical capabilities. Consent and suppression records may be retained longer where necessary to demonstrate compliance and avoid re-uploading opted-out users. Used to create, update, suppress and measure advertising audiences; to share such audiences with AppsFlyer and selected advertising partners; to show ads for current and future Nexters games and game-related services on third-party websites, apps, social media platforms and advertising networks; and to create similar or lookalike audiences where you have given consent.
Facebook Integration (Optional) Consent Facebook public profile information (name, profile picture, friend list, email address) For as long as your Facebook account remains linked to the Project and, in any case, no longer than five (5) years from your last login. Enables account verification and social features; integration is entirely optional and can be disconnected at any time via account settings.
Customer Support Contract / Legitimate Interest Data you provide when contacting support (e.g., email, screenshots, device details) For the duration of the support case or as required by applicable law Used solely for resolving support queries and ensuring optimal customer service.
Improvement and development of the Project (including product experiments and test servers) Contract / Legitimate Interest Account and gameplay data (e.g., account ID, region/server, platform, test/control group); gameplay metrics (FTUE completion, use of key mechanics, conversions, early retention); technical data (device/OS info, performance and crash data); short in-game gameplay video fragments (engine-rendered only). For the duration of the experiment, typically retained up to 12 months for validation and aggregated reporting. Aggregated or anonymized data may be kept longer. Used to test and improve early-game experience, mechanics and Project performance.
Technical & Diagnostic Data Legitimate Interest Crash logs, error reports, device specifications, in-Project usage statistics, and diagnostic data For the duration of account activity; aggregated or anonymized data may be retained indefinitely Helps us monitor, diagnose, and resolve technical issues and improve Project performance.

CROSS-PLATFORM USE

The Project may be made available through one or more supported client environments, including a supported mobile application version (“Mobile Version”) and a supported browser-based or web version (“Browser Version”). The Mobile Version and the Browser Version are equal access points to the same Project, and not separate games or separate services, unless we expressly state otherwise for a particular feature, environment or test.

Where supported, you may access the Project through either version, or move between them, using the same Account. This means that the Project may operate as a cross-platform service in which the same Account, game identity and core gameplay continuity are recognized across supported versions, subject to the Terms of Service, this Policy, technical compatibility, platform rules, region availability and any feature-specific limitations.

ACCOUNT LINKING, LOGIN AND SESSION CONTINUITY

To enable secure access to the Browser Version or other supported environments, we may provide account linking, login confirmation or verification flows. These may include, for example, displaying a QR code or another verification method on a webpage and asking you to confirm the login from an already authenticated device, a supported Mobile Version, or another trusted environment associated with your Account.

If you approve the login request, we may authenticate your Account and create, resume or restore a session in the Browser Version. If you do not approve, complete or successfully pass the relevant verification flow, the requested browser or cross-platform session will not be activated.

We may also use authentication, session recovery, reauthorization and security checks when you switch between supported versions, reconnect an existing session, log in from a new device or browser, or attempt to access protected areas of the Project. These measures help us maintain account security, prevent fraud and unauthorized access, and provide continuous access to the Project across supported platforms.

SHARED PROGRESS, INVENTORY, SETTINGS AND GAME CONTINUITY

Where cross-platform functionality is supported, the Mobile Version and the Browser Version may share a common game state connected to the same Account. This may include, for example, shared progress, heroes or characters, inventory, entitlements, settings, preferences, support history, gameplay history, and other Account-related records necessary for continuity of play and service administration.

This means that actions taken while using one supported version of the Project may be reflected in another supported version associated with the same Account. For example, your progress, configuration choices, completed actions, available content, support status, security status, or other Account-related state may be synchronized across supported versions so that you can continue using the Project seamlessly across platforms.

At the same time, some features, offers, technical capabilities, payment options, interface elements, events, controls, browser functions, social integrations or support tools may differ between the Mobile Version and the Browser Version because of platform-specific requirements, legal restrictions, user interface considerations, third-party platform rules or technical limitations. The existence of such differences does not change the fact that both versions remain part of the same Project.

CROSS-PLATFORM DATA PROCESSING

In connection with Mobile Version, Browser Version and cross-platform use of the Project, we may collect, use, combine, synchronize and otherwise process personal data and related technical data necessary to provide access to the Project and maintain continuity, integrity and security across supported versions.

This may include, for example:

  • account identifiers and Account status information;
  • authentication, login approval and session data;
  • device, browser, application and operating system information;
  • IP address, approximate region, server and localization data;
  • gameplay progress, inventory, settings, preferences and usage history;
  • technical logs, crash data, diagnostics and performance information;
  • fraud-prevention, security and abuse-prevention signals;
  • support-related and service-administration information; and
  • other data reasonably necessary to provide cross-platform gameplay, support, compliance and account protection.

We process such data in order to authenticate users, enable secure login and account linking, synchronize shared game state, restore sessions, provide customer support, prevent fraud and abuse, detect technical issues, enforce our rules, comply with legal obligations and maintain the Project as a cross-platform service.

BROWSER TECHNOLOGIES, LOCAL STORAGE AND SESSION PERSISTENCE

Where supported, the Browser Version may remember your browser, restore your session, preserve technical preferences or maintain login continuity on subsequent visits by using cookies, local storage, secure tokens, browser cache, software development kits, pixels or similar technologies.

Some of these technologies are strictly necessary for the operation, security and integrity of the Browser Version, including authentication, session management, fraud prevention, load balancing, interface continuity and other essential service functions. Other technologies may be used for analytics, improvement, personalization, advertising or similar purposes only where permitted by applicable law and, where required, on the basis of your consent or another valid legal basis.

You may terminate or limit browser-based access in a number of ways, including by logging out, clearing the relevant browser storage, deleting cookies, adjusting browser settings, using available privacy controls, or withdrawing consent where such processing is based on consent. Please note, however, that disabling or removing strictly necessary browser technologies may prevent some parts of the Browser Version from functioning properly.

PLATFORM DIFFERENCES, SIMULTANEOUS USE AND TECHNICAL LIMITATIONS

Although the Mobile Version and the Browser Version are part of the same Project and may share one Account and one progression environment, not all content or technical behavior will necessarily be identical across supported versions at all times. Certain content, functionality, payment methods, offer availability, browser capabilities, login methods, localization options, save timing, performance characteristics, test features or release schedules may vary by platform, browser, operating system, region, device type, store rules or technical environment.

In addition, if you attempt to use the same Account across multiple supported environments close in time or simultaneously, we may apply synchronization, validation or protective measures to preserve account integrity, prevent conflicting game states, maintain security or comply with technical requirements. As a result, some actions, updates or session states may not appear instantly across every supported version.

If you use the Browser Version on a shared or public device, you should log out after each session and avoid approving login requests on devices or webpages you do not trust. You remain responsible for maintaining the confidentiality of your Account credentials and for the security of devices, browsers and sessions used to access the Project.

Chats — Data Processing

Our Project include in-game chats that enable players to communicate in real time. To support a safe and reliable experience, we process chat messages to deliver core functionality (send/receive), optional on-demand translation, and safety/moderation measures. This approach aligns with practices used by leading games and communications platforms, which disclose processing of message content for service delivery, abuse prevention, and—where applicable—translation. The details below explain what we process, why, and with whom it may be shared.

What we process in chats

Categories of data. We process message content — the text you send via in app chats. Please do not share personal or sensitive information in chats. If you choose to do so, such information will be processed as part of your message.

Purposes and legal bases

We process chat messages for several purposes:

  • to provide core chat functionality (sending and receiving messages) and optional on-demand translation — based on performance of contract; and
  • to maintain chat safety and enforce our rules (including automated and manual review of messages and logs where necessary) — based on our legitimate interests and, where applicable, legal obligations.

We may use automated tools and limited human review to detect and address spam, threats, hate speech, and other policy violations. This may involve analyzing message content and related technical logs. If a message or account is reported, we may review and temporarily retain relevant chat content and logs to investigate and to comply with legal obligations. You can report problematic messages in app or via the support contacts listed in this Policy. We offer appeals consistent with our rules and applicable law.

We share chat data only as described below:

Processors (service providers).

  • Amazon Web Services, Inc. (Amazon Translate);
  • Google LLC (Google Cloud Translation). These providers act under our instructions, process data solely to deliver translation, and apply appropriate security and confidentiality measures.

PRODUCT EXPERIMENTS AND TESTING

From time to time, we run product experiments, A/B tests and other testing activities to understand how players use the Project and to make the gameplay experience better, clearer, safer and more enjoyable. These activities may include testing different versions of our first-time user experience, early-game mechanics, content presentation, offers, features, technical performance, browser or cross-platform functionality, and comparing results between test and control groups.

We may also conduct closed or open alpha tests, beta tests, technical tests, soft launches, feature previews, server stress tests, regional roll-outs and other pre-release or limited tests of the Project or particular features (collectively, “Tests”). Tests may be invitation-based, automatic for eligible accounts, limited to certain regions, platforms, browsers, devices, servers, account ages or newly created accounts, and may take place in separate or live environments.

To carry out these Tests, we may assign players to different versions of the Project, direct registrations from certain countries, platforms or browsers to dedicated test servers, limit participation to specific cohorts, or make temporary or experimental content available only within a test environment. Depending on the Test, this may affect the availability, appearance or order of features, content, offers, onboarding steps, pricing presentation, game balance, browser or login flows, progression pacing, or access to particular environments. Prices of existing offers generally remain unchanged; we may test new offers, but we do not increase the prices of existing offers solely because of a player’s participation in a Test.

As part of these Tests, we may process account, gameplay, technical and analytics data that helps us understand how players interact with the Project, including, for example, account ID, region or server, platform, browser type, device or operating system information, session and gameplay events, progression data, engagement and retention metrics, conversion-related events, crash data, performance metrics, support-related signals and other information reasonably necessary to analyse the Test and improve the Project.

In certain Tests, we may also collect short sequences of in-game visuals or gameplay fragments showing what the game engine displays at specific moments, together with related gameplay and technical information, to understand how players move through tutorials, interact with features, and encounter usability, balance or performance issues. These visuals reflect only what happens inside the Project. We do not capture your device’s operating system screen, notifications, calls, SMS, microphone or camera.

All collected data is processed within the Project or the relevant test build, transferred securely to our systems, and removed from your device afterwards where applicable. We keep such data only for as long as needed to analyse and validate the Test, typically up to 12 months, and then delete or anonymize it unless a longer period is required by law or the data has been aggregated or anonymized. Access is strictly limited to teams and service providers who help us analyse gameplay, maintain service quality, detect issues and improve the Project. We do not use data collected for these Tests for targeted advertising.

Where permitted by applicable law, participation in product experiments and Tests is generally automatic for eligible accounts and does not require separate consent where the relevant processing is necessary to provide, operate, secure, support or improve the Project or a test build you choose to access, to authenticate users, prevent fraud, ensure service quality, fix bugs, evaluate gameplay balance or performance, or conduct proportionate product improvement using data that we already process for the Project. In such cases, we generally rely on performance of contract and/or our legitimate interests, subject to appropriate safeguards and your rights under applicable law.

We will obtain your consent, or another form of authorization required by applicable law, before conducting a Test where we need to use personal data, device access or tracking technologies that are not necessary for the Test or not reasonably expected in the context of the Project. This may include, for example, non-essential cookies or similar technologies on the browser-based or web version, optional marketing communications about a Test, access to device permissions such as camera, microphone, contacts, photo library or precise location, collection of operating-system screen recordings or comparable monitoring beyond the Project itself, or use or disclosure of data for third parties’ own purposes. Where required by law, we will also obtain verifiable parental or guardian consent for participation by children.

Depending on the Test, content, features, progression, rewards, purchases, entitlements or access available in a test environment may be temporary, unstable, limited, reset, modified or unavailable after the Test ends, unless otherwise stated in a separate notice, test-specific terms or other communication. Participation in a Test does not by itself grant any ownership or guaranteed continued access to any feature, item, progress or reward made available during the Test.

Where appropriate, we may provide an additional notice, an in-Project prompt, a consent screen, an invitation flow, or separate test terms describing the specific purposes, categories of data, retention periods, eligibility criteria, regions, confidentiality requirements, withdrawal mechanisms and other conditions applicable to a particular Test. You may also contact us through in-Project support to request removal from a specific Test where technically feasible, or to object to processing based on our legitimate interests, as described in the section “How can you control your data?”.

FACEBOOK VERIFICATION AND INTEGRATION

To streamline account management and enhance your social experience, we offer an optional Facebook integration.

How It Works

  • Consent and Connection:
    If you choose to verify your account via Facebook or enable social features (such as sharing achievements or inviting friends), you will be redirected to Facebook. There, you will be asked to grant permission for our Project to access specific data from your Facebook account.
  • Data Received from Facebook:
    With your consent, we may receive the following information from Facebook:
    • Your public profile (name, profile picture, friend list)
    • Your email address
    • Any additional information you permit Facebook to share
  • Purpose of Facebook Data Processing:
    The data obtained is used solely to:
    • Verify your identity and facilitate login via Facebook
    • Enable social features within the Project
    • Enhance your overall gaming experience
  • Voluntary Integration & Revocation:
    Facebook integration is entirely optional. Should you choose not to link your Facebook account, core features of the Project remain available, though certain social functionalities will not be enabled. You may revoke your consent at any time via your account settings or the Facebook interface. Once revoked, we will cease processing data obtained from Facebook for these purposes.
  • Compliance:
    All processing of Facebook data is conducted in accordance with this Privacy Policy and Facebook’s own policies.

ADVERTISING AUDIENCES AND ADS FOR NEXTERS GAMES ON THIRD-PARTY PLATFORMS

Where you give us separate consent, we may use your email address, Account ID, Project information, country or region, advertising identifiers where available, consent status, and limited information about your interaction with our games to create advertising audiences.

We may share these advertising audiences with AppsFlyer and selected advertising partners, such as advertising networks, social media platforms and measurement providers, to help us show you ads for current and future Nexters games and game-related services on third-party websites, apps, social media platforms and advertising networks.

Our advertising partners may match the email address or other identifiers that we provide with information they already hold about their users. This helps us reach users who have agreed to receive this type of advertising, measure our campaigns and avoid showing irrelevant ads.

We may also use your data as part of an audience used to identify users with similar interests in Nexters games. This is sometimes called a similar audience or lookalike audience.

We do not use children’s data, or data from users whose age status does not allow this processing, for behavioral advertising, advertising audiences, customer list uploads or similar/lookalike audience creation.

Some advertising platforms require additional permissions or consent signals. On iOS, certain advertising uses may require Apple’s system tracking permission. For Google and certain other advertising platforms, we may pass your consent status for advertising data use and ad personalization. If the required permission or consent signal is not available, we will not use your data for the corresponding advertising audience.

You can withdraw your consent or opt out at any time in the privacy settings, account settings, consent management interface, or by contacting us. After withdrawal or opt-out, we will stop including your data in new advertising audiences and will take reasonable steps to remove or exclude your data from active audiences where technically available through AppsFlyer or the relevant advertising partner.

We maintain an up-to-date list of advertising and measurement partners here, including partner names, the services they provide and links to their privacy policies.

LEGAL BASES FOR DATA PROCESSING

We process your personal data only when necessary for providing access to and improving the Project. Our legal bases for processing include:

  • Contract: For account creation, management, and processing in-game transactions.
  • Legitimate Interests: For security measures, fraud prevention, and the analysis of user behavior to enhance the gaming experience.
  • Consent: For processing data based on your explicit permissions (e.g., marketing communications, Facebook integration, targeted ads, advertising audiences and similar/lookalike audiences, where applicable).
  • Legal Obligations: To comply with applicable laws such as tax reporting and consumer protection regulations.

HOW DO WE SHARE YOUR DATA?

We do not sell your personal data for money. However, certain disclosures to advertising partners may be considered “sharing” for cross-context behavioral advertising, “targeted advertising” or similar activity under some US state privacy laws. Where applicable, you may opt out of such sharing or targeted advertising as described in this Policy. To provide you with our services, we may share your data under the following circumstances:

  1. Service Providers & Partners:

    • Technical/Customer Support Providers: Companies that help us operate and maintain the Project.
    • Cloud/Hosting Services: Providers that securely store and process data on our behalf.
    • Analytics & Advertising Partners: Third parties that assist us in understanding usage patterns and delivering relevant ads (subject to your consent).
    • Advertising Audience Partners: Where you have given separate consent, or, for users in certain US states, where this processing is permitted subject to your right to opt out, we may share email addresses and related audience information with AppsFlyer and selected advertising partners to create, update, suppress, match or measure advertising audiences for Nexters games. These partners may match the identifiers we provide with information they already hold about their users and may act as processors, independent controllers or joint controllers depending on the service and applicable terms.
    • Software Providers: Partners offering services in accordance with our instructions and contractual obligations regarding data protection.
    • Email-Service Provider (e.g., PushWoosh, or another equivalent platform) – delivery of transactional and marketing emails; storage of subscriber status. Each provider is engaged under data-processing terms that ensure GDPR/LGPD compliance.
    • Web infrastructure, authentication and anti-fraud providers: providers that help us host, deliver, secure and authenticate the browser-based or web version and cross-platform login flows.

    Web infrastructure, authentication and anti-fraud providers: providers that help us host, deliver, secure and authenticate the browser-based or web version and cross-platform login flows.

    We maintain an up-to-date list of these third-party partners here. This list includes the partner names, the nature of the services they provide, and, where applicable, links to their own privacy policies. We update this list whenever we add or remove a vendor to ensure transparency and compliance with applicable laws.

  2. Affiliates & Business Transfers:

    • Data may be shared within our corporate group or transferred in connection with mergers, acquisitions, or asset sales, subject to confidentiality agreements.

  3. Legal & Regulatory Requirements:

    • We may disclose data to comply with legal obligations, respond to lawful requests, or protect the rights, property, or safety of our users or the public.

  4. International Transfers:

    • When data is transferred outside the EEA, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

If you reside in other regions (e.g., Brazil, Korea), we will also use appropriate or equivalent safeguards to ensure lawful data transfers, in line with LGPD or PIPA requirements.

DATA RETENTION

We retain your personal data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For example:

  • Account Data: Retained for as long as your account is active; if deletion is requested, data is generally removed or anonymized within 30 days (except where longer retention is required, e.g., 7 years for financial records).
  • Usage & Analytics Data: Retained in aggregated or anonymized form indefinitely unless you opt out.
  • Support Data: Retained for the duration of the support case or as required by law.

Once the purpose for which data is processed has been fulfilled, personal data is securely deleted.

HOW CAN YOU CONTROL YOUR DATA?

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion ("Right to be Forgotten"): Request deletion of your personal data (note that this may result in loss of access to the Project).
  • Restriction & Objection: Request that we limit or cease processing your data.
  • Withdraw Consent: Revoke consent for data processing where it is based on your permission (e.g., marketing communications, Facebook integration).

Additional rights for specific regions:

  • Data Portability (GDPR, some other jurisdictions): Receive your data in a structured, commonly used, and machine-readable format.
  • Right to Lodge a Complaint: You may file a complaint with a supervisory authority (for example, in the EU or Brazil) if you believe we have processed your data unlawfully.
  • Request for Suspension of Processing (Korea): Under PIPA, users may request temporary suspension of processing under certain conditions.

To exercise these rights, please contact us via the in-game “Support” section or email:
Email: privacy@nextersglobal.com

We may require you to verify your identity before processing your request, which we will typically complete within 30 days.

If you use the browser-based or web version, you may also control certain browser-side data by logging out, clearing cookies or local storage, adjusting browser settings, and using any cookie or privacy controls that we make available. Disabling certain strictly necessary technologies may affect the functionality of the Project.

Advertising Audiences and Targeted Advertising Choices:

You can withdraw your consent to advertising audiences or opt out of targeted advertising at any time through the privacy settings, account settings, consent management interface, or by contacting us. Once withdrawn or opted out, we will stop using your data for new advertising audiences and will take reasonable steps to remove or suppress your data from active audiences maintained through AppsFlyer or our advertising partners where technically available.

If you are a resident of a US state that provides this right, you may opt out of the sale or sharing of personal information and targeted advertising. Where required by applicable law, we also process applicable opt-out preference signals, such as Global Privacy Control.

Read more

You have all the technical capabilities to determine how the Data shall be used. We are constantly improving the data management methods available to you.

You can form a request within the Project by sending a request in the Support section or Account. You are entitled to obtain information from us on how we handle your personal data, to see copies of all personal data held by us and to request that your personal data is amended, corrected or deleted from our systems. You can also limit, restrict or object to the processing of your data.

For exercising your rights, you can:

  • at any time withdraw your consent for Data Processing;
  • access to your Data received by us. You are entitled to access the Data about you received by us which means you have the right to request the provision of information about Data storage, access to Data, as well as copies of the stored Data;
  • require limitation of Data processing for the time required to verify the reliability of the information provided;
  • change the Data. You may discretionary determine the Data, which shall be associated with your Account.
  • object to the processing of your Data. If you believe that we have no legitimate reason for processing your Data, please contact us using email: privacy@nextersglobal.com. If we fail to satisfy your claim, you have the right to file a complaint with the local supervisory authority.
  • delete Data related to the Account.

The procedure for withdrawing consent to the processing and deletion of Data:

PLEASE NOTE that the Data is used by us solely for the purpose of providing you access to the Project and improving the quality of the Services. By deleting of Account Data, you will lose access to the Project and your Data will be permanently deleted.

HOW DO WE PROTECT YOUR DATA?

We implement robust technical and organizational measures to safeguard your data against unauthorized access, alteration, or loss. Our security measures include:

  • Data Encryption: During both storage and transmission.
  • Access Controls: Restricting data access to authorized personnel only.
  • Two-Factor Authentication: For sensitive account operations.
  • Regular Audits & Security Assessments: To continuously identify and mitigate vulnerabilities.
Read more

We provide you with access to international Project and strive to comply with applicable local laws. Please note that our Services are provided "as is" and you should get to know with applicable laws. By continuing your use of the Project, you warrant that your use of the Project is not contrary to the applicable law and Terms of Service.

NEXTERS GLOBAL LTD respects the confidentiality of your data and strives to ensure the highest level of protection. Despite the measures we are taking to protect your information, any measures that we apply will not have any effect if you neglect the data security.

The project implemented reliable means of protection to ensure the security of your data. We do everything possible for your safety when using the Project and are constantly improving our information protection methods. As some means of protecting information from unauthorized access, alteration, disclosure or destruction, we use the following methods:

  • data encryption during storage and transmission;
  • we carry out two-factor user authentication when requesting an action with the Data;
  • we improve the techniques and methods of collecting, storing and processing the Data;
  • access to the Data, in encrypted and impersonal form, have only authorized employees, consultants or interested groups of people who need access to this information to perform their duties;
  • all persons having access to the Data are briefed on working with data, their knowledge and skills are systematically being checked.

In spite of all measures taken by us, your careful attitude to the Account and access to it has a great importance in the safety of your Data. To prevent unauthorized access to your Data and Account, we strongly recommend you not to share access to the account to any third parties and to comply with the rules of the project and use of the Services. In case of your violation of the Terms of Service of the Services, we will not be able to guarantee the security of your Data.

WARNING! The following actions are prohibited by this Policy and the Terms of Service, and may also violate the confidentiality of your data:

  • transfer of information about the Account and (or) access rights to third parties. Please note that our official representative will never request access to your Account;
  • the use of unauthorized third-party programs, the use of robot programs and (or) programs that change the Project process, including assistance in the Project process. In addition to the fact that the use of such programs is expressly prohibited by the Terms of Service, they may contain malicious software that could harm the security of your data;
  • the acquisition of in-game values from third parties. By acquiring in-game values bypassing the Terms of Service, you can become a victim of fraudsters.

NEXTERS GLOBAL LTD appreciates the help of our users in identifying and addressing potential vulnerabilities, as we take the security of our systems and data extremely seriously. Please report any security vulnerabilities found in our systems or applications to us as soon as possible.

In your email, please include a detailed description of the vulnerability, including any relevant technical details that may help us understand the nature and severity of the issue. If possible, please also include steps to reproduce the vulnerability, so that we can more easily investigate and remediate the issue. We take all reports of security vulnerabilities seriously, and we will investigate each report promptly and thoroughly.

We may also contact you for additional information or clarification, so please be sure to include your contact information in your email. Thank you for helping us maintain the security of our systems and data. We greatly appreciate your contribution to our security efforts.

Please keep your account credentials secure and do not share them with others. If you suspect any security breach, contact us immediately at:
Email: privacy@nextersglobal.com

CHILDREN’S PRIVACY

Hero Wars: Alliance is not directed to children under the age of 18 (or under the minimum digital age in your jurisdiction, if higher). We are committed to ensuring that if children do engage with our Project, their personal data is handled responsibly and in compliance with relevant regulations.

We do not knowingly collect personal information from children under the age of 18 (or below the minimum age of consent in your country) without verifiable parental consent.

If we discover that we have inadvertently collected personal data from a child without proper consent, we will promptly delete or anonymize that data.

Age Restriction & Verification

Age Gate: Where feasible, we implement checks (e.g., age prompts) to discourage children under the required age from providing personal data.

Parental/Guardian Consent: If a user is under the required age, they must obtain permission from a parent or legal guardian before accessing or using the Project’s services. We may request a parent’s email address or other verification information to ensure consent is valid and verifiable.

Limited Data Collection

Any data collected in connection with children’s activity (e.g., for support requests or gameplay functionality) is minimized to what is strictly necessary for providing our services. We do not use such data for behavioral advertising or other purposes not permitted by law.

We do not use children’s data, or data of users whose age status does not allow such processing, to create advertising audiences, upload customer lists to advertising platforms, match users on third-party advertising platforms, or create similar/lookalike audiences.

The same principles apply to browser-based or web versions, cross-platform login flows and any alpha, beta or other pre-release environments made available to child users, unless stricter rules apply under local law.

Parental Controls & Guidance

We encourage parents and guardians to familiarize themselves with online safety practices and monitor their children’s in-game activities. Please visit our Parental Guide for tips on protecting children’s privacy, managing in-app purchases, and setting controls to ensure a child-friendly experience.

Parental Rights

Parents or legal guardians may request to review, delete, or prevent further collection of their child’s personal data. If you believe we have collected information from a child contrary to applicable law, contact us immediately, and we will take appropriate measures.

Contact for Children’s Data Concerns

If you have concerns about the data we may hold from or about a child, or wish to withdraw consent previously given, please contact our support team:

Email: privacy@nextersglobal.com

CONTEST & PROMOTION PARTICIPANTS

Data category Includes Legal basis Retention
Contestant data Name, nickname, age/DOB, country, contact email/phone, shipping address, player ID, UGC (screenshots, photos, videos), tax info (if needed) Contract (contest rules), Legitimate interest (prevent fraud), Legal obligation (tax) Up to 12 months after contest end or longer if required by law

We use this data to:

  • Verify eligibility (age, region);
  • Administer the contest (collect entries, pick winners, notify and ship prizes);
  • Publicly announce winners if required;
  • Meet tax/reporting duties.

Sharing: logistics/postal operators, sponsor partners (if stated in rules), tax authorities.

NEWSLETTERS & MARKETING COMMUNICATIONS

Data category Includes Legal basis Retention
Subscriber data Email address and associated Account ID, game preferences, engagement metrics (opens, clicks) Consent (opt-in) or Legit. interest (soft opt-in) Stored in our internal database and with our email-service provider (e.g., PushWoosh or an equivalent vendor) until you withdraw your consent or for up to five (5) years from your last interaction with our marketing communications (whichever occurs first) + 30 days for system sync

How it works:

  • Subscription — ingame, website, or email form; double opt-in verifies ownership.
  • Unsubscribe — every message has an "Unsubscribe" link; you can also disable push notifications and stop SMS by replying "STOP".
  • Segmentation — we analyse clicks to send relevant content, but do not conduct invasive profiling.

Marketing email subscriptions are separate from advertising audience consent. If you subscribe to newsletters or marketing emails, this does not by itself allow us to use your email address to create advertising audiences, upload customer lists to advertising platforms or create similar/lookalike audiences. We will do this only where you have given separate consent, or, for users in certain US states, where applicable law permits this processing subject to your right to opt out.

CHANGES TO THIS POLICY

We reserve the right to modify or update this Privacy Policy at any time. Should significant changes be made, we will notify you via the Project or other appropriate channels. Your continued use of the Project after updates constitutes acceptance of the revised Policy.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, or if you wish to request previous versions of this Policy, please contact us at:

NEXTERS GLOBAL LTD
Address: 3101, Cyprus, Limassol, 55 Griva Digeni
Email: privacy@nextersglobal.com

FAITHFULLY YOURS,
NEXTERS GLOBAL LTD

This Policy is written in English. In the event of any discrepancies between translations, the English version shall prevail.

Limassol
55 Georgiou Griva Digeni, Limassol, 3101, Cyprus
Nexters owns a number of companies internationally, with remote and in-house teams located in Cyprus and other locations across the globe. Learn more about the Nexters companies
part of Nexters GDEV logo
Terms of Service · Privacy policy · Open Source Software · Parent’s Guide
©2026 Nexters Global Limited. Registered at 107 Faneromenis Avenue, Larnaca, 6031, Cyprus