Introduction
CHAOSGROUND HOLDINGS LTD ("Company", "we", "us", or "our") operates the GroundZero application ("App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the App.
We are committed to protecting your privacy and handling your personal data in compliance with applicable data protection laws, including the Abu Dhabi Global Market Data Protection Regulations 2021, the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable data protection legislation.
By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.
Data Controller
The data controller responsible for your personal data is:
CHAOSGROUND HOLDINGS LTD
DD-15-134-004 - 007, Level 15, Wework Hub71, Al Khatem Tower,
Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island,
United Arab Emirates
Email: support@chaosground.com
Information We Collect
3.1 Information You Provide
- Account Information: Name, email address, and gaming username provided during registration.
- Authentication Data: Information received from third-party authentication providers (Epic Games, Google, Discord) when you choose to sign in through these services.
- Profile Information: Username and any optional profile details you choose to provide.
3.2 Information Collected Automatically
- Device Information: Device type, operating system, unique device identifiers, browser type, and hardware model.
- IP Address: Your Internet Protocol address, which may indicate your approximate geographic location.
- Usage Data: Information about how you interact with the App, including features used, pages visited, time spent, and crash reports.
- Gameplay Telemetry: In-game event data collected through the Overwolf Game Events Provider (GEP) framework, including but not limited to match outcomes, kills, deaths, assists, session duration, player actions, in-game locations, and other gameplay statistics.
- Session Data: Session identifiers, timestamps, and performance metrics related to your gaming sessions.
3.3 Cookies and Similar Technologies
We may use cookies, web beacons, and similar tracking technologies to collect information about your use of the App. We will provide further notice and obtain any required consent before deploying such technologies.
How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Create and manage your account | Contract performance |
| Deliver missions, track progress, and award rewards | Contract performance |
| Process gameplay telemetry for mission completion | Contract performance |
| Improve and optimise the App | Legitimate interest |
| Generate aggregated analytics and insights | Legitimate interest |
| Communicate with you about the App | Legitimate interest / Consent |
| Detect and prevent fraud, cheating, and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Administer tournaments and competitions (future) | Contract performance / Consent |
Data Sharing and Disclosure
We may share your information in the following limited circumstances:
- Service Providers: Trusted third-party providers who assist us in operating the App (e.g., cloud hosting, analytics, authentication). These providers are contractually obligated to protect your data.
- Authentication Providers: When you sign in using Epic Games, Google, or Discord, limited data is exchanged as necessary for authentication.
- Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to appropriate protections.
- Safety and Security: We may disclose data to protect the rights, property, or safety of our users, ourselves, or the public.
Data Storage and Security
Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
7.1 Rights Under GDPR (EU/UK Users)
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data, subject to legal exceptions.
- Right to Restriction: Request restriction of processing of your personal data.
- Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise these rights, contact us at support@chaosground.com. We will respond within thirty (30) days. You also have the right to lodge a complaint with your local data protection authority.
7.2 Rights Under CCPA (California Residents)
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of personal information we have collected.
- Right to Opt-Out: We do not sell personal information. If this changes, we will provide a clear opt-out mechanism.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
California residents may submit requests by emailing support@chaosground.com.
7.3 Rights Under ADGM Data Protection Regulations
Users subject to ADGM jurisdiction have rights similar to those under the GDPR, including access, rectification, erasure, and objection. Contact us at support@chaosground.com to exercise these rights.
Children's Privacy
The App is intended for users aged thirteen (13) and above. We do not knowingly collect personal data from children under the age of 13. If you are a parent or guardian and believe your child under 13 has provided us with personal data, please contact us at support@chaosground.com and we will take steps to delete such information.
For users between 13 and 16 years of age in the European Economic Area, we rely on parental consent for data processing where required by applicable law.
Third-Party Services
The App may integrate with or link to third-party services, including:
- Authentication: Epic Games, Google, Discord
- Game Integration: Overwolf GEP framework for supported game titles
- Infrastructure: Supabase (database and authentication)
These third-party services have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third-party services.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy within the App and updating the "Effective Date" at the top of this document.
Where required by applicable law, we will obtain your consent before making material changes to how we process your personal data.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, where required by applicable law. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
CHAOSGROUND HOLDINGS LTD
DD-15-134-004 - 007, Level 15, Wework Hub71, Al Khatem Tower,
Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island,
United Arab Emirates
Email: support@chaosground.com
For EU/UK users, if you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.
GDPR Annex (EU / EEA Users)
This Annex applies only to users located in the European Union (EU) or European Economic Area (EEA) and supplements the Privacy Policy above.
Data Controller
CHAOSGROUND HOLDINGS LTD
DD-15-134-004 - 007, Level 15, Wework Hub71, Al Khatem Tower,
Abu Dhabi Global Market Square, Abu Dhabi, Al Maryah Island,
United Arab Emirates
Email: support@chaosground.com
Lawful Bases for Processing (GDPR Article 6)
Personal data is processed on the basis of:
| # | Lawful Basis |
|---|---|
| 1 | Contractual necessity — processing required to perform a contract with you (e.g., account creation, mission delivery, reward fulfilment) |
| 2 | User consent — processing based on your freely given, specific, informed, and unambiguous consent (e.g., marketing communications, cookies) |
| 3 | Legitimate interests — processing necessary for our legitimate interests, provided these are not overridden by your rights (e.g., service improvement, security, fraud prevention, analytics) |
| 4 | Legal obligation — processing necessary to comply with applicable laws and regulations |
Categories of Personal Data
We process the following categories of personal data:
- Email address
- Username or display name
- IP address and device identifiers
- Usage and interaction data
- Gameplay telemetry and session statistics
- Support communications
Your GDPR Rights
Under the General Data Protection Regulation, EU/EEA users have the following rights:
| Right | Description |
|---|---|
| Right of Access (Art. 15) | Request a copy of the personal data we hold about you, free of charge |
| Right to Rectification (Art. 16) | Request correction of inaccurate or incomplete personal data |
| Right to Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten"), subject to legal exceptions |
| Right to Restriction (Art. 18) | Request restriction of processing of your personal data in certain circumstances |
| Right to Data Portability (Art. 20) | Request your data in a structured, commonly used, machine-readable format |
| Right to Object (Art. 21) | Object to processing based on legitimate interests or for direct marketing purposes |
| Right to Withdraw Consent (Art. 7) | Withdraw consent at any time, without affecting the lawfulness of prior processing |
International Transfers
Personal data may be transferred outside the EU/EEA, including to the United Arab Emirates (ADGM) and Singapore (Supabase hosting).
We apply appropriate safeguards for such transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Contractual and organisational measures to ensure equivalent data protection
- Data processing agreements with all sub-processors
You may request a copy of the safeguards in place by contacting support@chaosground.com.
Data Retention (EU Users)
Personal data is retained only for as long as necessary to:
- Provide the Services and maintain your account
- Meet legal and contractual obligations
- Resolve disputes and enforce our agreements
When data is no longer required, it will be securely deleted or anonymised. Aggregated, anonymised data that can no longer identify you may be retained indefinitely for analytical purposes.
Automated Decision-Making
ChaosGround does not engage in automated decision-making or profiling that produces legal or similarly significant effects on data subjects under GDPR Article 22.
Mission recommendations and difficulty adjustments are based on aggregated gameplay data and do not constitute profiling with legal effects.
Supervisory Authority
You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.
A list of EU/EEA supervisory authorities is available at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en