Exploding Kittens, Inc.
PRIVACY POLICY

 

Last Update: February 17, 2025

Previous Version: Privacy Policy 2023


Welcome

This Privacy Policy (“Policy”) explains how we collect, use, store, protect, and share your personal information through our services. Exploding Kittens, Inc. is the data controller of the personal information collected through the services (as defined in our Terms of Service (“Terms”). Exploding Kittens, Inc. is referred to in this Policy as “EK”, “we”, “our” or “us”.

How we handle your information depends on which services you use, and how you use them. This Policy is grouped into these sections:

We encourage you to read this Policy carefully. If you have questions, please contact us.

 

About Us And This Policy

This Policy is designed to explain how we process your personal information and how you can exercise control over our processing. Capitalized terms that are used but not defined in this Policy are defined in our Terms. The Terms describe how the Services works in general, and establish a contract between you and us governing your use of the Services.

Contact us

If you have any questions or feedback about this Policy, email us at privacy@explodingkittens.com or write to us at:

Exploding Kittens, Inc.
7162 Beverly Blvd #272
Los Angeles, CA 90036
USA

Changes to this Policy

Because the Services change often, this Policy may change over time. Anytime we modify the Policy, we will post a revised version on the Services as noted at Last Updated above. If we intend to use your personal information in a way that is materially different from the ways described at the time of collection, we will notify you before the material changes to this Policy take effect, so you have time to review them. If we have your contact information (such as your email or phone number), we will notify you that way. We may also post a temporary notice on the Services, or notify you by other means to the extent required by law.

Check the Last Updated date periodically to ensure you’re aware of the current Policy. By using or accessing the Services, you signify that you have read, understand and agree to be bound by this Policy and the Terms.

When this Policy applies

This Policy applies to you when you use the Services, effective as of the Last Updated date. However, some collection and use of information falls outside this Policy:

  • Outside services: Outside Materials (as defined in our Terms) are not part of the Services, so this Policy doesn’t apply to any information you may exchange with providers of Outside Materials or other third parties. If you follow a link to a third-party website, your use of that website is governed by that website’s privacy policy, and is not covered by this Policy.
  • Our personnel: If you are a current or former employee or contractor of ours, this Policy does not apply to you. Reach out to your human-resources partner or supervisor with any inquiries about your personal information at privacy@explodingkittens.com
  • When we don’t control your information: If we receive your information in our role as a service provider to another business, our agreement with that business governs our use of your information. We will refer any questions or concerns of yours to that business.

 

Information We Collect & Why We Use It

We collect certain information when you use the services. This includes information you provide through the services, information we collect automatically, and information we receive from other sources. This also includes information you may provide to third-party service providers while using our services.

This section describes, comprehensively, how the services collect and use your information, and our legal basis for that processing. Under certain data protection laws like GDPR, companies must have a “legal basis”—a valid reason—to process personal information. We rely on different legal bases to process your information for the purposes described in this Policy.

What We Collect How We Use It Why We Process It Legal Basis Retention
Account management data — login credentials, permissions, and account actions (such as when your account is created, when you log in, add information, request a service, and any changes to your account). We collect, analyze, process, and store your account management data. To create and maintain an account at your direction. Account management data is processed as part of the performance of a contract. Account lifetime, or as applicable law requires.
Activity data – areas of the Services you visit, where you click, scroll, hover over or otherwise interact with the Services, and when and for how long the activity occurred. We collect, analyze, process, and store activity data including via automated means. For fraud prevention. To improve our Services. Legitimate interests in understanding user interaction; ensuring safety and security. Account lifetime
Communication data – interactions with or through EK or our our support providers, via our SMS or email providers We collect, analyze, process, profile, and store your communication data. To send you relevant communications and marketing emails. To improve our Services. ur legitimate interests in providing a valid and relevant service to our users and to continue to improve our products and Services. We provide an opt-out so you can object to marketing messages. Under the limited circumstances where we call you and where the call is recorded, we may rely on your consent. Account lifetime
Contact information – name, phone number, email and address We collect, process, and store your contact information. To send you marketing and transactional emails, and to send you reminders. To create an account at your direction. To contact you and provide Services related to campaigns sponsored by EK, including posting materials or prizes. Transactional emails are sent as part of performance of a contract. Marketing communications and alerts (including but not limited to order updates and changes to our Terms and this Policy) are sent if you consent. Account lifetime
Device information – IP address, device identifiers, user agent. We collect, process and store your device information. For fraud prevention. To administer your account. Our legitimate interests in keeping our Services safe and secure and to provide a valid and relevant service to our users. We only collect imprecise location data, and only when you have not indicated that you do not wish to share it. Account lifetime
Payment information – last four digits of your payment card and other verification data When you use chargeable Services, the Services collect information to facilitate payment and verify your account. EK never stores your full card number. To effect payment for a product. To facilitate due process and provide information in response to valid legal process. To comply with our legal obligations with respect to financial reporting and valid legal information requests. In our legitimate interest to ensure we are in contact with the correct person. Per applicable legal requirements
User Feedback and satisfaction data – including ratings, comments, survey responses, and Feedback on how we can improve our Services We process, monitor, review, store, and analyze such content, including via automated means. To improve our Services. Our legitimate interest in operating, managing, and improving our Services. Account lifetime
Commercial information – your purchases of Products We store records of how you buy Products and which you buy. To provide and improve the Services, including through research and development efforts. Performance of a contract with you when you buy Products. Account lifetime, or as our compliance efforts toward applicable law requires.

 

Any personal information that EK obtains from other third-party sources will be processed by EK in accordance with this Policy and all applicable laws. For example, our use and transfer of information via Google APIs will adhere to the Google API Service User Data Policy, including its Limited Use requirements.

Security

EK has implemented technical, administrative and physical security measures to protect your information from unauthorized access, use or disclosure. Still, no data transmission online is 100% secure, so we cannot guarantee or warrant the security of any information you provide, and you provide it at your own risk.

We cannot promise that your information will remain absolutely secure in all circumstances. We are not responsible for the circumvention of any privacy settings or security measures we may provide.

 

Information Disclosed To Others

This section describes how and why we exchange personal information with contractors and third parties. It also describes exchanges made for certain purposes, like advertising, legal reasons and consensual direct marketing. We may also disclose deidentified and aggregate data for these purposes.

Direct marketing

We will only disclose your contact information to third parties for direct marketing purposes if you opt-in, and will only do so until you opt-out. We may share information about you with third party sponsors or partners who will use it for marketing purposes but only if you opt in to such sharing or do not opt out when prompted. We will never share information in this manner without giving you one of these two options.

For personalized ads

We share information with advertising partners to make the advertising presented to you more relevant to you. We also market the Services to you through ads facilitated by marketing vendors.

  • For example, we use AdRoll to serve ads on the Services and we market the Services to you on third party services. AdRoll uses cookies or unique device identifiers, in combination with their own data, to show you ads based on your visits to our webpages and to other sites. You can opt out of the use of the AdRoll cookie by visiting its Opt-Out page.
  • We try to limit how third-party advertising technology vendors use information they collect from you. Most providers require us to enter contracts that allow them to optimize their ad services and products. Essentially, they combine any information they may gather about you through our Services with information they receive from their other clients. This helps them target ads to you on behalf of their other clients, not just us.

In the past twelve months, we have shared these categories of personal information with third parties to personalize advertising:

  • Device Information (including Personal Identifiers)
  • Commercial Information
  • Internet Activity
  • Geolocation

With our Affiliates

We may share, link or pool user information among affiliates and business partners with whom we jointly offer products or services, but always in accordance with applicable law, applicable agreements and this Policy.

Functional disclosures

In addition to the use of trackers, cookies, web beacons, and pixel tags described in our Cookie Policy, we contract with companies or individuals to provide certain services related to the functionality and features of the Services, including payment processing, shipping and fulfillment, data management, and administration of promotions. We refer to them as “contractors.”

We may disclose information about you, such as personal identifiers, Commercial Information, Activity Data, and Device Information, to contractors as necessary for them to perform their services. Contractors are not permitted to use information about you for any other purpose. In the past twelve (12) months, we have disclosed these types of information to the following types of contractors:

  • Analytics providers, namely Microsoft Clarity, Facebook Connect, TikTok Analytics, and MNTN to tell us how the Services is doing, such as which parts interest visitors and how long they visit before leaving. Among other data, they may receive your IP address.
  • Various hosting services and data processors to provide the infrastructure of the Services, such as Cloudfront, which ensures that traffic is from real people, not computers. Among other data, they may receive your IP address.
  • Privacy providers, namely AdRoll CMP, to manage your data-collection preferences on the Services. Among other data, to set your preferences, they will receive your IP address.
  • Payment providers, namely ShopPay, PayPal, Google Pay, and Venmo, to process payments between you and us, such as for subscriptions or products. These providers receive information about your order in order to tie your payment process to your order. We don’t receive all of the information you may provide to them as part of that process (for instance, we don’t receive full payment-account numbers).
  • Support providers, namely Gorgias, to provide assistance to you when you request it. They are able to retrieve information about you that is relevant and necessary to your requests, such as account information and order details.

With your consent or at your request

We may periodically ask for your consent to disclose your information to third parties. Whenever we ask your consent for this reason, we will summarize the purpose and scope of the disclosure. For example, we may offer discounts to you if you consent to join our mailing list or participate in a promotion involving direct marketing communications.

  • In those cases, the Services will display a tickbox near an email-entry field explaining that by submitting your information, you agree to share your email with the content provider.
  • To be clear, we only exchange information about you with third parties for direct marketing purposes if you opt-in, and will only do so until you opt-out.

For legal reasons

Finally, we may disclose personal information:

  • In response to subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we reserve the right to raise or waive any legal objection or right available to us;
  • When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, property, or safety of our company, our users, or others; and in connection with the enforcement of our Terms and other agreements; or
  • In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

 

How Long We Retain Your Information

We retain your information only as long as we need it for the purposes described under ‘Information we collect & how we use it’, except when longer retention is required by our compliance policies and efforts toward applicable legal, tax, accounting and regulatory requirements.

How long we need information for those purposes varies by category, and even within categories. These retention determinations always consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from its unauthorized use or disclosure, whether we can achieve those purposes without using the personal information.

For example, we delete some Activity Data as soon as you exit the Services, whereas we may retain records of your orders for products for several years as required by law or contract, such as agreements with our payment processors or under our accounting standards.

Use By Minors

The Services are intended for people 16 and older. If you are between 13 and 15 years of age, you are only permitted to use the Services with your parent or guardian’s prior consent. We do not knowingly collect information from anyone under the age of 13, and we do not share or sell information about anyone under 13 without affirmative authorization. If we learn that we have collected information from a person under age 13, we will delete that information as quickly as possible.

  • If you are under 13: We’re sorry, but please stop using the Services. If you’ve already sent us information, please contact us first so we can delete it.

If you are a parent or guardian of a person under 16 years of age who provided information to us without your prior consent, please contact us so we can delete it.

 

How To Control Your Privacy

In General

As a user of the Services, you have rights and choices about your personal information. We want you to be in control of your information, so we want to remind you of the following options and tools available to you:

  • Account controls: You can update the personal information in your account through the account settings made available on the Services. Any updated information will be reflected in our records and throughout the services promptly.
    • Deleting Your Account. If you no longer want Exploding Kittens to process or make active use of your information, you may send an e-mail to privacy@explodingkittens.com. Place "Delete My Account" in the subject line and include your first name, last name, e-mail address, and if you have accessed the game from a third party provider (if applicable) in the body of the e-mail. Please note that we will process these requests in accordance with applicable laws and certain records will be retained for legal and accounting purposes.
  • Marketing opt-outs: You may opt out of any newsletters or promotional communications from us by following the unsubscribe instructions in the communication you receive. We may continue to send you communications regarding the Services, such as notices about administrative updates, transaction reports, and changes to the Services, this Policy or the Terms.
    • SMS. You can unsubscribe from any SMS you receive from us by responding “Stop” to any of our text messages.
    • Push notifications. You can choose to receive mobile or browser push notifications from our Services. The Services will send you push notifications from time to time in accordance with any notification preferences you have set on your device or browser. If you later decide you no longer want to receive these notifications, you can use your device or browser’s settings to turn them off.
  • Exercising rights: If any of the local privacy laws listed below apply to you, see ‘Requesting information’ to exercise your rights. These rights are provided only to human account holders, and are not available to employers or other legal entities, except as required by law.
  • Personalized ads: In addition to any choices the Services offer you, there are several ways to exercise choice regarding technologies that are similar to cookies, such as browser storage and plugins (for example, HTML5, IndexedDB, and WebSQL). For example, many popular browsers provide the ability to clear browser storage, typically in the settings or preferences area. See your browser's help function or support area to learn more.
  • “Do Not Track.”: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. However, you may use our Do Not Sell or Share My Personal Information form to opt out of the sale or share of your personal data.

International Data Transfers

If you reside outside the United States, we transfer information about you for processing in the United States. By providing your information to us, you consent to the processing of the information in the United States. The transfer of this information to the United States is necessary for the performance of our contract for use of the Services.

When we transfer personal data subject to GDPR outside of the EU, we use standard contract clauses approved by the EU for this purpose, or another appropriate transfer mechanism.

Note that U.S. law is not equivalent to laws in other countries, such as GDPR in Europe or PIPEDA in Canada. As of the Last Updated date, the U.S. has not been deemed an ‘adequate’ jurisdiction under GDPR for the purposes of international data transfers. However, the EU and the U.S. are negotiating the terms of an adequacy determination that may go into effect in the years to come.

 

Information About Local Privacy Laws

The Services operates from the United States, but this Policy applies worldwide. Our practices generally do not differ based on your location, but your rights and choices depend in part on the law where you live.

If any of these local privacy laws apply to you, that section override any contrary descriptions elsewhere in the Policy as they relate to you. If you have questions about your rights under other data privacy laws, please contact us.

Requesting information

Submitting requests

To exercise any rights described in this Policy, please contact us. Your request must:

  • provide sufficient information to identify you and the law that applies to you, such as your name, e-mail address, home or work address, or other information we maintain.
  • not include social security numbers, driver’s license numbers, third-party account numbers, credit or debit card numbers, or health information.

Verifying requests

We verify requests by first confirming the source of the request and then by matching the information submitted to the information we maintain. If your request is unclear or we are unable to authenticate your identity, we will respond with direction on how to remedy the deficiencies, in accordance with law that applies to you.

If we cannot verify the identity of the individual making the request, we may deny it, in full or in part.

Responses to requests

We will respond to your request as quickly as we can, taking into account the nature of your request and the volume of pending requests. The content of our response will vary with the nature of your request, but will always respond in accordance with any deadlines or requirements specified by the laws that apply to you.

Under certain circumstances, we may be unable to provide responsive personal information, such as when disclosure would create a substantial, articulable and unreasonable risk to the security of the information, customers’ account with us, or the security of our systems or networks. We do not disclose account passwords or any other non-personal information that enables access to an account.

Please understand, however, that we reserve the right to retain an archive of any deleted information, to the extent permitted by law. We may also retain deidentified or aggregate data derived from information about you.

Appealing decisions

Residents of California, Colorado, Connecticut, Virginia and other jurisdictions that provide for an appeal mechanism may appeal a decision we have made regarding their requests by contacting us.

Information for Users in Certain U.S. States

Exercising your rights: As described in the ‘How to control your privacy’ section of the Policy, all our users have control over their information and can limit what data we process. If you are a resident of California, Colorado, Connecticut, Utah, Virginia or another state with a similar data-privacy law, you may have additional rights that you (or, in certain states, an authorized agent acting on your behalf) can exercise by contacting us, including the right to:

  • More information about the categories and specific pieces of personal information we have collected and disclosed for a business purpose in the last 12 months
  • Access and/or receive a copy of certain personal information we hold about you
  • Correct your personal information
  • Delete certain personal information we hold about you
  • Receive information about the financial incentives that we offer to you, if any
  • Opt out of the processing your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, if applicable
  • You also have the right to not be discriminated against for exercising your rights. You may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising.” We do not sell the personal data of our users or share personal data for targeted advertising purposes.

Certain information may be exempt from the requests above under applicable law. For example, we need to retain certain information in order to provide our services to you. We also need to take reasonable steps to verify your identity before responding to a request. If you are an authorized agent submitting a request on a user’s behalf (where permitted), we may require proof of your written authorization before processing the request. Depending on applicable law, you may have the right to appeal our decision to deny your request.

If you have any questions about these rights, wish to exercise them, or request an appeal, please contact us.

Additional Information for Users in California

In addition to the rights described above, consumers residing in California are afforded the right to certain additional information with respect to their personal information under the California Consumer Privacy Act (“CCPA”). If you are a California resident, this section applies to you.

  • ‍Our collection and use of personal information:
    • We collect the following categories of personal information: identifiers (such as your username, the email address you used to sign up, and your phone number if you’ve chosen to provide it); commercial information (a record of what you’ve bought from EK, if anything); financial data (payment information and your history of purchases from EK); internet or other network information (how you interact with the services); location information (because your IP address may indicate your general location); inference data about you (for example, what content you may be interested in); and other information that identifies or can be reasonably associated with you. For more information about what we collect and the sources of such collection, please see the ‘Information we collect & why we process it’ section of the Privacy Policy. To the extent we collect or use sensitive personal information as defined by law (such as the CCPA), we do so in accordance with applicable legal requirements, and we do not use or disclose it other than for purposes for which there is not a right to limit under the CCPA.
  • We may disclose your personal information with service providers and third parties for business or commercial purposes as described under ‘Our disclosures of information to others
  • ‍Disclosure of personal information: We may share your personal information with third parties as described in the ‘Our disclosures of information to others’ section of the Policy. We disclose the categories of personal information mentioned in that section for business or commercial purposes.
  • ‍No sale or “share” of personal information: The CCPA sets forth certain obligations for businesses that sell or “share” personal information. We do not sell or share the personal information of our users as those terms are defined in the CCPA. We do disclose certain information as outlined in the ‘Our disclosures of information to others’ section of the Policy and you can make choices with respect to your information as outlined in that policy.
  • We retain personal information as described in the ‘How long we retain your information’ section of the Policy.

California’s “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties, as defined under applicable law, for their direct marketing purposes. We only share your personal information with third parties for their own direct marketing purposes with your consent and, if you have consented, only until you withdraw your consent.

Additional Information for Users in Nevada

If you are a resident of Nevada, you have the right to opt out of the sale of certain personal information to third parties who intend to license or sell it. You can exercise this right by contacting us at privacy@explodingkittens.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your personal information as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us at the email above.

Information for Users in the European Union and Switzerland

Overview: As described in the ‘How to control your privacy’ section of the Policy, all our users have control over their information and can limit what data we process. In addition to these rights, users residing in the European Union and Switzerland are afforded the right to certain additional information with respect to their personal information under the GDPR. If you reside in any of those jurisdictions, this section applies to you.

  • Data retention and destruction: We retain personal information until we determine it is no longer needed for the processing purposes for which we collected or retain it or for legal compliance.
  • Exercising your rights: All our users have control over their information and can directly edit or delete information from their account and limit what data we process. Users in the European Union and Switzerland have additional rights that you can exercise by contacting us. Those rights include:
    • Right of access to your personal data
    • Right to rectify your personal data if they are incorrect
    • Right to erase your personal data
    • Right to limit the processing of your personal data
    • Right to the portability of your personal data
    • Right to object to the processing of your personal data
    • Right to withdraw consent. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

‍Additionally, you may contact EK’s Privacy Officer by emailing privacy@explodingkittens.com.

Information for users in Brazil

  • Overview: As described in the ‘How to control your privacy’ section of the Policy, all our users have control over their information and can limit what data we process. In addition to these rights, users residing in Brazil are afforded the right to certain additional information with respect to their personal information under the Lei Geral de Proteção de Dados (LGPD). If you are a Brazilian resident, this section applies to you.
  • Exercising your rights: All our users have control over their information and can directly edit or delete information from their account and limit what data we process. Users in Brazil have additional rights that you can exercise by contacting us. Those rights include:
    • Right of access to your personal data
    • Right to rectify your personal data if it is incorrect
    • Right to erase your personal data
    • Right to limit the processing of your personal data
    • Right to the portability of your personal data
    • Right to object to the processing of your personal data
    • Right to withdraw consent. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal
    • Right to the review of decisions based on the processing of personal data carried out exclusively by automated means

Questions or concerns about your privacy? You can email us at privacy@explodingkittens.com.

Information for users in Canada

  • Overview: As described in the ‘How to control your privacy’ section of the Policy, all our users have control over their information and can limit what data we process. In addition to these rights, users residing in Canada are afforded the right to certain additional information with respect to their personal information under the Personal Information and Electronic Documents Act (PIPEDA). If you are a Canadian resident, this section applies to you.
  • Exercising your rights: Users in Canada have additional rights that you can exercise by contacting us. Those rights include:
    • Right of access to your personal data
    • Right to rectify your personal data if they are incorrect
    • Right to withdraw consent. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal
    • Right to file a complaint regarding the processing of your personal data with the Office of the Privacy Commissioner of Canada

Additionally, you may contact EK’s Privacy Officer by emailing privacy@explodingkittens.com.

Information for Users in the Republic of Korea

Overview: As described in the ‘How to control your privacy’ section of the Policy, all our users have control over their information and can limit what data we process. In addition to these rights, users residing in the Republic of Korea are afforded the right to certain additional information with respect to their personal information under the Personal Information Protection Act. If you are a Republic of Korea resident, this section applies to you.

  • Data retention and destruction: We retain personal information until we determine it is no longer needed for the processing purposes for which we collected or retain it or for legal compliance.
  • Exercising your rights: All our users have control over their information and can directly edit or delete information from their account and limit what data we process. Users in the Republic of Korea have additional rights that you can exercise by contacting us. Those rights include:
    • Right of access to your personal data
    • Right to rectify your personal data if they are incorrect
    • Right to erase your personal data
    • Right to limit the processing of your personal data
    • Right to the portability of your personal data
    • Right to object to the processing of your personal data
    • Right to withdraw consent. Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

‍Additionally, you may contact EK’s Privacy Officer by emailing privacy@explodingkittens.com.

Notice of Financial Incentive

From time to time, we may offer you promotional pricing or discounts in exchange for enrolling in our SMS or email marketing messages. By confirming enrollment, you consent to receive our SMS or email messages until you opt out, including any discount codes we offered you. The specific terms of any offer are disclosed at the time the offer is extended. To opt-in to emails, a consumer must enter their email address into the form and submit it. To opt-in to SMS messages, a consumer must enter their phone number and receive an auto-generated confirmation message. To opt out of future emails, unsubscribe from our marketing emails by using the unsubscribe link in the email footer at any time. To opt out of future SMS, reply "STOP" to any of our SMS.

We may also offer referral programs wherein you provide your personal information in exchange for a reward and provide personal information regarding your friends or colleagues (such as their email address) and receive rewards when they sign up to use our Services. (The referred party may also receive rewards for signing up via your referral.) These programs are entirely voluntary and allow us to grow our business and provide additional benefits to you.