Privacy Policy

Summary of Key Points

This summary provides key points from our Privacy Notice. You can find full details for any topic by using the table of contents on this page.

Want to learn more about what we do with the information we collect? Review the Privacy Notice in full.

What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us when you create an account, purchase a license, install Tower Loop, or contact support.

The personal information that we collect depends on the context of your interactions with us. We may collect the following:

• Name
• Email address
• Billing address and country, for invoicing and tax purposes
• Payment information processed by Paddle.com Market Limited as Merchant of Record, authorized reseller, and payment handler; we do not store full card numbers
• TowerLoop account credentials, such as a hashed password, only if we offer an account feature
• Contact and communication preferences
• Contents of support requests and correspondence

Sensitive Information. We do not process sensitive personal information.

TowerLoop does not ask for or store your game account password, emulator account credentials, payment card number, or other credentials for third-party games or platforms.

Information automatically collected

In Short: Some information, such as your IP address, device and hardware identifiers, and operating system, is collected automatically when you use Tower Loop or visit our website. This is necessary to deliver license validation, security, and core functionality.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include:

• Device and hardware identifiers used to bind your license to your device and prevent license sharing or abuse, such as a hashed hardware fingerprint, machine GUID, MAC address hash, or similar
• IP address, used for license validation, fraud prevention, approximate location for tax compliance, and security
• Operating system, OS version, and system locale
• Tower Loop application version
• License activation, deactivation, and validation events, including timestamps and the IP/device involved
• Crash reports, error logs, and diagnostic data generated by Tower Loop when you submit them to support or enable a supported diagnostic/error-reporting workflow
• Website usage data when you visit tower-loop.com, such as browser type, referring/exit pages, pages viewed, and approximate location derived from IP

License information

Because Tower Loop relies on a licensing backend, we maintain records of the license keys we issue to you, the devices on which those licenses have been activated, the dates of activation and deactivation, and the validation requests sent from your installation. This information is essential for delivering the Services and enforcing our license terms.

Paddle, not Lemma 151 LLC, sends purchase receipts and tax invoices for completed license purchases.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes.

How Do We Process Your Information?

In Short: We process your information to provide, validate, and administer Tower Loop and its licensing, to communicate with you, to prevent fraud and license abuse, to comply with law, and, with your consent where required, to send marketing.

We process your personal information for the following purposes:

• To deliver Tower Loop and the licensing service. We process your information to issue, deliver, validate, and revoke software licenses; to bind licenses to specific devices; and to allow Tower Loop to run on your device.
• To process payments and manage orders. We process your billing information to charge for licenses or subscriptions, issue or validate license entitlements, and coordinate with Paddle, our Merchant of Record, for order processing, purchase receipts, tax invoices, refunds, chargebacks, and other transaction administration where legally required or otherwise offered under our published terms.
• To respond to user inquiries and provide support. We process your information to answer questions, troubleshoot issues, and resolve problems with the Services.
• To send administrative information. We may send you details about your license, changes to our terms or policies, and other service-related messages.
• To prevent fraud and license abuse. We process device identifiers, IP addresses, and activation patterns to detect and prevent unauthorized use, license sharing, and abuse.
• To maintain the security and stability of the Services. We process crash reports, error logs, and diagnostic data that you submit to support or provide through a supported diagnostic workflow to fix bugs, improve performance, and protect against threats.
• To comply with legal obligations. We may process your information to comply with applicable laws, including tax and accounting requirements.
• To send marketing communications where permitted by law and where you have not opted out.
• To protect vital interests. We may process your information when necessary to protect an individual's vital interests, such as to prevent harm.

What Legal Bases Do We Rely on to Process Your Information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason, or legal basis, to do so under applicable law.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following legal bases:

• Consent. We may process your information if you have given us permission to use your personal information for a specific purpose, for example, marketing. You can withdraw your consent at any time.
• Performance of a contract. We process your personal information when necessary to fulfill our contractual obligations to you, including issuing and validating your license and providing the Services.
• Legitimate interests. We may process your information where it is reasonably necessary to achieve our legitimate business interests, for example, preventing license abuse and fraud, securing our systems, improving Tower Loop, and analyzing how the Services are used, provided those interests are not overridden by your rights.
• Legal obligations. We may process your information where necessary for compliance with our legal obligations, such as tax, accounting, or law enforcement requests.
• Vital interests. We may process your information where necessary to protect your or another person's vital interests.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission, express consent, or in situations where your permission can be inferred, implied consent. You can withdraw your consent at any time. In some limited cases, applicable law permits us to process your information without consent, for example, for fraud detection and investigation, to comply with a subpoena or court order, or where the information is publicly available and specified by regulation.

When and With Whom Do We Share Your Personal Information?

In Short: We may share information with service providers that help us run the Services, and in certain legal or business situations described below.

We may share your personal information with the following categories of third parties:

• Merchant of Record and authorized reseller. Paddle.com Market Limited ("Paddle") is the Merchant of Record and authorized reseller for Tower Loop purchases, not merely a payment processor. When you buy a license, you are technically purchasing from Paddle while we license the Software to you under our Terms of Use. Paddle handles order processing, payment, tax, purchase receipts, tax invoices, refunds, and chargebacks. Paddle receives the information necessary to process your transaction, including your name, email address, billing address, payment method details, and IP address. We do not store full card numbers ourselves. Paddle's use of your information is governed by Paddle's own Privacy Policy. Because Paddle is based in the United Kingdom and operates global infrastructure, your information may be transferred internationally, including through Paddle's UK and EU infrastructure. Where required by applicable law, those transfers are protected by Standard Contractual Clauses or equivalent transfer mechanisms.
• Email and communications provider. We use email delivery providers to deliver transactional emails, such as license delivery, account notices, and password resets, and, where applicable, marketing emails.
• Cloud hosting and infrastructure. Our licensing backend, website, and supporting databases are hosted by cloud infrastructure providers, generally in the United States unless otherwise stated.
• Customer support tools. We may use customer support tools to manage support inquiries and correspondence.
• Analytics and error monitoring. We may use privacy-conscious analytics and error monitoring providers to understand website usage and capture application errors. Where required by law, we obtain consent before deploying non-essential analytics.

We may also share your information in the following situations:

• Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
• Legal obligations. We may disclose your information where required by law, subpoena, court order, or other legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or to respond to a government request.

How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We retain personal information for the following periods, unless a longer period is required by law:

• Account information for as long as your account is active, plus a reasonable period thereafter to handle disputes, enforce our agreements, and comply with legal obligations.
• License records for as long as your license is active, and for a period afterward sufficient to support customer service, renewal eligibility, and fraud prevention.
• Billing and tax records typically for at least seven (7) years, as required by tax and accounting law.
• Server logs, validation logs, and diagnostic data typically retained for up to 12 months and then deleted or aggregated. Local diagnostic logs remain on your device unless you submit them to support or provide them through a supported diagnostic workflow.
• Support correspondence for as long as needed to resolve the matter and a reasonable period afterward.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible, for example, because the information is stored in backup archives, we will securely store the information and isolate it from any further processing until deletion is possible.

How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, including encryption of data in transit (TLS), encryption at rest where applicable, access controls, and routine security review. However, despite our safeguards, no electronic transmission over the Internet or information storage technology can be made 100% secure, so we cannot promise that unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.

Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from a child under 18, please contact us at [email protected].

What Are Your Privacy Rights?

In Short: Depending on your state of residence in the US or your country, such as the EEA, UK, Switzerland, or Canada, you have rights that allow greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

In some regions, like the EEA, UK, Switzerland, and Canada, you have certain rights under applicable data protection laws. These may include the right (i) to request access to and obtain a copy of your personal information, (ii) to request rectification or erasure, (iii) to restrict the processing of your personal information, (iv) where applicable, to data portability, and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to processing. You can make such a request by contacting us using the details provided in the section "How Can You Contact Us About This Notice?" below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or the UK data protection authority .

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner .

Withdrawing your consent

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us at [email protected]. Please note that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails we send, or by contacting us at [email protected]. You will then be removed from the marketing lists. However, we may still communicate with you to send service-related messages necessary for the administration of your account, to respond to service requests, or for other non-marketing purposes, such as license-related notifications.

Account information

If you would at any time like to review or change the information in your account or terminate your account, you can email us at [email protected]. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with investigations, enforce our legal terms, and comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at [email protected].

Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is no industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

Do United States Residents Have Specific Privacy Rights?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

• Receiving help through our customer support channels;
• Participation in customer surveys or contests; and
• Facilitation in the delivery of our Services and to respond to your inquiries.

Sources of Personal Information

Learn more about the sources of personal information we collect in "What Information Do We Collect?"

How We Use and Share Personal Information

Learn more about how we use your personal information in "How Do We Process Your Information?"

Will your information be shared with anyone else? We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information in "When and With Whom Do We Share Your Personal Information?"

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months, as those terms are defined under applicable US state privacy laws. We will not sell or share personal information belonging to website visitors, users, and other consumers without providing notice and the right to opt out where required by law.

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

• Right to know whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request the deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to non-discrimination for exercising your rights
• Right to opt out of the processing of your personal data if it is used for targeted advertising, or sharing as defined under California's privacy law, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Depending upon the state where you live, you may also have the following rights:

• Right to access the categories of personal data being processed, as permitted by applicable law, including the privacy law in Minnesota
• Right to obtain a list of the categories of third parties to which we have disclosed personal data, as permitted by applicable law, including the privacy law in California, Delaware, and Maryland
• Right to obtain a list of specific third parties to which we have disclosed personal data, as permitted by applicable law, including the privacy law in Minnesota and Oregon
• Right to review, understand, question, and correct how personal data has been profiled, as permitted by applicable law, including the privacy law in Connecticut and Minnesota
• Right to limit use and disclosure of sensitive personal data, as permitted by applicable law, including the privacy law in California
• Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature, as permitted by applicable law, including the privacy law in Florida

How to Exercise Your Rights

To exercise these rights, you can contact us by emailing us at [email protected], by visiting https://tower-loop.com/contact, or by referring to the contact details at the bottom of this document.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request, and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at [email protected]. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California "Shine The Light" Law

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information, if any, we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at [email protected].

Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at [email protected].

How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To make a request, please email us at [email protected] or visit https://tower-loop.com/contact.