My Darling Decoy Games, LLC

Privacy Policy

Last updated: February 7, 2026

We value your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

This Privacy Policy applies to all My Darling Decoy Games products and services, including the website (mydarlingdecoygames.com), MyCareCost (mycarecost.net), our mobile applications, and any other products or services that link to this Policy (collectively, the “Service”).

1. Information We Collect

1.1 Provided by you

  • Account data: email address and display name if you sign up with email/password.
  • Apple Sign-In / OAuth data: Apple-provided identifier and, if you choose, your name and email (may be a private relay email). On MyCareCost, Google or other OAuth providers may be used.
  • Support messages: content you send to us (e.g., bug reports, feedback, correction requests).
  • Search and usage preferences: saved searches, procedure comparisons, and preference settings you create within the Service.

1.2 Collected automatically

  • Device and usage data: app version, device model, OS version, browser type, referring URL, language, pages visited, in-app events, and interaction data.
  • Diagnostics: crash logs, error reports, and performance data.
  • Approximate location: derived from IP address for analytics, fraud prevention, and location-based features (e.g., hospital search radius on MyCareCost). We do not collect precise GPS location.
  • Log data: IP address, access times, pages viewed, and the page visited before navigating to our Service.

1.3 From third parties

  • Platform providers: Apple provides transaction status for purchases (no full payment card data reaches us).
  • Payment processors: Stripe or other processors handle payment on our behalf and share only transaction confirmation and status.
  • Service providers: authentication, analytics, crash reporting, and storage providers (e.g., Firebase, Vercel, Cloudflare).
  • Public data sources: MyCareCost aggregates publicly available hospital pricing data published under the CMS Hospital Price Transparency rule. This data does not contain personal information.

2. How We Use Information

  • Provide, operate, maintain, and improve the Service and its features.
  • Authenticate users and secure accounts.
  • Validate purchases, process payments, and deliver entitlements.
  • Communicate with you about updates, security alerts, and support.
  • Monitor performance, debug issues, and prevent fraud or abuse.
  • Personalize your experience, including search results and recommendations.
  • Generate aggregated, de-identified analytics to improve our products.
  • Comply with legal obligations.

3. Legal Bases (EEA/UK)

Where GDPR or UK GDPR applies, we process personal data on the following bases:

  • Contract: providing and maintaining the Service you signed up for.
  • Legitimate interests: security, analytics, product improvement, and fraud prevention, balanced against your rights.
  • Consent: where required (e.g., optional marketing communications or non-essential cookies). You may withdraw consent at any time.
  • Legal obligation: when processing is necessary to comply with applicable law.

4. U.S. State Privacy Rights

If you are a resident of California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or another state with a comprehensive privacy law, you may have additional rights, including:

  • The right to know what personal information we collect and how it is used.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale or sharing of personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate personal information.

To exercise these rights, contact us at info@mydarlingdecoygames.com. We will verify your identity before fulfilling any request and respond within the timeframe required by applicable law.

5. Sharing of Information

  • Service providers that help us run the Service under appropriate data-processing agreements (e.g., hosting, analytics, payment processing).
  • Platform providers (Apple, Google) to validate purchases and deliver entitlements.
  • Professional advisors (e.g., lawyers, accountants) under obligations of confidentiality.
  • Authorities when required by law, legal process, or to protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

We do not sell your personal information.

6. Data Retention

We retain personal data only as long as necessary for the purposes described above, for the duration of your account, and as required by law. When data is no longer needed, we securely delete or de-identify it. Aggregated or de-identified data may be retained indefinitely for analytics and product improvement.

7. Children’s Privacy

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, please contact us immediately so we can delete it.

8. Your Rights

Depending on your location, you may have the right to:

  • Access, correct, update, or delete your personal data.
  • Request a portable copy of your data.
  • Restrict or object to certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local supervisory authority (EEA/UK).

To exercise any of these rights, contact us at info@mydarlingdecoygames.com. We aim to respond within 30 days.

9. International Transfers

We process data primarily in the United States. If you access the Service from outside the U.S., your data may be transferred to, stored, and processed in the U.S. or other countries. Where required by law, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Security

We implement administrative, technical, and organizational security measures designed to protect personal data, including encryption in transit (TLS/SSL), access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

12. Cookies & Similar Technologies (Website)

Our websites may use cookies and similar technologies for essential functionality, analytics, and remembering preferences. You can manage cookies through your browser settings or our cookie preferences (where available). Our native mobile apps do not use browser cookies. See our Cookie Policy for full details.

13. Do Not Track

Some browsers transmit a “Do Not Track” (DNT) signal. There is currently no industry standard for how websites should respond to DNT signals. At this time, our websites do not respond differently based on a DNT signal. You can manage tracking preferences through your browser settings and our cookie controls.

14. Third-Party Links

The Service may contain links to third-party websites, services, or content that we do not own or control. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or products. The “Last updated” date at the top indicates the most recent revision. If we make material changes, we will provide notice through the Service or by email where feasible. Continued use of the Service after changes constitutes acceptance of the revised Policy.

16. Contact

My Darling Decoy Games, LLC
307 Wickliffe St, Troy IL 62294
Email: info@mydarlingdecoygames.com

We aim to respond to all inquiries within 30 days.