Privacy Policy

Published: July 2, 2026

This policy (hereinafter — the Policy) has been developed regarding the processing of data carried out by JSC "DIAVERS" (registration address: 123112, Moscow, Presnenskaya nab., 12, room 11/45) when you (hereinafter — the User) use the Diaverse mobile application (hereinafter — the Application).

When the Policy uses the terms: "we", "us", "our" and the like, it refers to the Administration of the Diaverse application.

In the Policy, we address you as a User of our Application.

To ask a question or leave feedback regarding data protection or the processing of your data, please contact the person responsible for information protection at the email address: diaverse@yandex.com

What is this Policy about?

In the Policy, we indicate for what purposes and what information about you we collect and process, how we ensure its confidentiality and security.

By registering (authorizing) in the Application and continuing to use it, the User expresses consent to its terms. If the User disagrees with the terms of this Policy, the use of the Application must be immediately discontinued.

This Policy is posted on the website: https://diaverse.app/privacy-policy/en and regulates the procedure for collecting, using, processing, and protecting information about Users of the Application.

The current version of the Policy, which is a public document, is available to any Internet user by following the link: https://diaverse.app/privacy-policy/en.

The Administration of the Application has the right to make changes to this Policy. In order to familiarize themselves with the current version of the Policy, Users are recommended to regularly review the text of this Policy. Continued use of the Application by the User after changes and/or additions to this Policy means acceptance and consent of the User to such changes and/or additions.

We collect and process only the data that is necessary for the purposes specified in the Policy, and only with your consent.

What data do we collect about you and why?

The Administration of the Application collects and processes only the information about Users that is necessary to provide the functionality of the Application and its use by the User. We do not verify the data provided by the User for accuracy. The Administration of the Application assumes that you provide reliable and sufficient data, update it in a timely manner, and have sufficient legal capacity to provide your data.

When you first create an account in the Application, you have several registration options.

Login via Telegram: The Application uses authorization through the Telegram messenger when using the Telegram auth bot (https://t.me/diaverseauth_bot) to allow Users to create and log into their account using their Telegram credentials. If you use this authorization method, you allow us to collect basic information from your Telegram profile, such as your first and last name, profile photo, and username. This information is collected by Telegram and provided to us in accordance with the terms of Telegram's Privacy Policy.

If you register in the Application using Telegram, the Application will only exchange with Telegram those types of data that you provided to Telegram when creating your account with them.

Email address. You may optionally link an email address to your game profile in the Application settings. Linking your email is optional and not required for basic use of the Application. The provided email is stored on our servers against your account and is used for account management and support. We do not share your email address with third parties for advertising or marketing purposes.

Location data. The Application may request access to your location data when you use certain features. The request is made through the standard iOS and Android system dialogs, and granting access is entirely up to you — you may decline or revoke previously granted permission at any time in your device system settings. Location data is used only locally within the Application, is not stored on our servers, and is not shared with third parties.

Device identifiers. The Application uses system device identifiers (including the Android Advertising ID) for basic Application functionality, linking the game account to the device, fraud prevention, and install analytics. These identifiers may be transmitted to our servers and to the Sentry crash monitoring service as part of technical events.

Analytics and diagnostics. To understand how the Application is used, improve its stability, and enhance its features, we use third-party analytics and monitoring services — AppMetrica (Yandex), Amplitude (including the Amplitude Session Replay session-recording feature), and Sentry. These services may process de-identified information about Application usage and in-app interactions, technical characteristics and device identifiers (including the advertising identifier), as well as crash and performance data. This data is used for analytics, ensuring functionality, and improving the Application.

Purchase data. When you purchase subscriptions, paid features, or in-app items, information about completed purchases (the fact, contents, and status of a purchase or subscription) is processed to provide paid access, support, and analytics. Payment details are processed by the app store platforms (Apple App Store, Google Play) and the RevenueCat subscription-management service; we do not receive or store your bank card details.

In-app advertising

To keep the App free to use, the App may display advertisements, including rewarded video ads that the User launches voluntarily in exchange for in-game rewards.

Ads are served through the CAS.AI ad mediation platform (Clever Ads Solutions LTD) and its participating partner ad networks, including but not limited to: Google AdMob, Unity Ads, IronSource, Liftoff Monetize, InMobi, Mintegral, Pangle, DT Exchange, AppLovin, Meta Audience Network, Bigo Ads, Yandex Ads.

To select, deliver and measure ads, limit ad frequency and prevent fraud, advertising partners may process: the device advertising identifier (IDFA on iOS, GAID on Android), IP address, general technical information about the device (model, operating system version, language), and ad interaction data (impressions, clicks, views).

In regions where the law requires consent to data processing for advertising purposes (in particular, GDPR in the EEA and the UK), personalized ads are shown only after such consent is obtained via a consent form. On iOS devices, access to the advertising identifier is granted only after the User's permission via the system AppTrackingTransparency request; if declined, ads continue to be shown without personalization.

The User may at any time reset the advertising identifier or limit its use in the device system settings (iOS: Settings → Privacy & Security → Tracking; Android: Settings → Google → Ads). For more details on data processing by the mediation platform, see the CAS.AI privacy policy: https://cas.ai/privacy-policy.

What step data do we use?

To count steps for in-game mechanics, the Application obtains them in one of two ways depending on the platform:

• Through system health services — Apple HealthKit on iOS and Health Connect on Android — provided you grant the corresponding permission. From these services we only request the step count (the StepCount data type on iOS and the READ_STEPS permission on Android). The Application does NOT request access to other health metrics such as heart rate, blood pressure, sleep, calories, distance, medical records, reproductive health, or similar categories.

• Through the device built-in step counter. On Android, the Application can read steps directly via the phone hardware step counter sensor (android.hardware.sensor.stepcounter), independently of Health Connect. This lets step counting work even without Health Connect.

The step count we receive is transmitted to our servers and stored against your game profile so that we can calculate your in-game progress, credit XDV tokens and coins for steps taken, generate clan rankings, and power challenges.

We do NOT share your step data with third parties for advertising or marketing purposes. For stability monitoring and crash diagnostics the Application uses Sentry: technical error events are sent there together with your game account identifier, which is used to group crashes by individual user during debugging. Step data itself is not sent to Sentry.

You can revoke access to the system step source at any time in your device settings: on iOS — Settings → Privacy & Security → Health → Diaverse; on Android — Settings → Apps → Health Connect → permissions for Diaverse. On Android you can also separately disable the built in step counter sensor via the Application permissions. After the corresponding sources are revoked, steps will stop being delivered to the game.

How do we store and process your data?

User data is stored exclusively on electronic media of the Application Administration and is processed using automated systems, except in cases where non-automated processing of personal data is necessary in connection with the fulfillment of legal requirements.

What cookies and browser storage do we use?

We use technically necessary cookies and browser storage for authorization, guest mode, session security, interface state restoration, and storing your privacy choice. Without this data, some website and cabinet functions cannot work correctly.

The cabinet access and cabinet refresh authorization cookies are used for signing in to the personal cabinet. The access cookie is stored for up to 30 minutes, and the refresh cookie is stored for up to 24 hours. The guest cookie cab_guest_token is used to preserve guest actions and is stored for up to 30 calendar days.

With your consent, we use the local identifier diaweb:site-analytics:visitor-id and session storage diaweb:site-analytics:sent for site visit analytics: counting unique visits, devices, opening context, pages, referrer, time zone, and screen size. If you reject analytics, this data is not created and the /v1/analytics/site/visit request is not sent.

You can accept or reject optional analytics in the cookie banner. Your choice is stored in browser storage diaweb:privacy-consent:v1 until you change browser settings or clear site data.

How do we ensure the security of personal data?

We do not transfer or disclose your data to third parties, we ensure their protection from complete or partial loss, and we prevent unauthorized access to them. The Administration of the Application takes technical and organizational-legal measures to ensure the protection of the User's personal data from unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions.

For this purpose, we use all necessary technical and organizational measures to ensure the security and confidentiality of data as prescribed by law and constantly update them taking into account the latest technical developments. This Policy does not apply to the actions and Internet resources of third parties.

The Administration of the Application is not responsible for the actions of third parties who have gained access to User information as a result of using the Application, for the consequences of using information that, by the nature of the Application, is available to any User. The Administration of the Application recommends that Users approach responsibly the decision about the amount of information about themselves posted in the Application.

Protecting the confidentiality of your data is a fundamental principle of our Policy. We apply security measures to protect against misuse, loss, and/or alteration of personal information under our control. However, we would like to draw the User's attention to the fact that the Application Administration cannot guarantee 100% that unauthorized use, loss, or alteration of your information will never occur, but we make all reasonable efforts to prevent such cases.

As part of security measures and ensuring the safety of your data, the Application Administration: develops its own local acts and procedures to help implement measures to protect User information; provides access to data only to a limited circle of persons; does not process data for purposes not specified in this Policy; monitors compliance with internal procedures and rules; familiarizes persons with access to personal data with current legislation; restricts access to information resources; uses antivirus tools; appoints a person responsible for information protection (diaversegame@gmail.com); conducts regular risk assessments and internal investigations.

How long do we store your data?

Account data, game profile data, progress, balance, inventory, and activity history in the Application are stored for the period of account use and are deleted or anonymized within 30 calendar days after account deletion, unless a longer retention period is required by law or is necessary to protect the rights of the Application Administration.

Guest sessions and related temporary access rights are stored for up to 30 calendar days. Personal cabinet authorization sessions are stored for up to 24 hours from issuance or last refresh.

Technical events and security logs are stored for 60 calendar days. Resolved service alerts are stored for 180 calendar days. Site visit analytics data, including hashed visitor identifiers and aggregated metrics, is stored for no more than 13 months.

After these periods expire, data is deleted, anonymized, or isolated from further processing if immediate deletion is not possible due to backup technology or legal requirements.

What rights do you have?

During the period of storage of your personal data with us, you can exercise the following rights regarding personal data:

Right of access — you can request a copy of your personal data in electronic format that we process by submitting a request.

Right to correction — you can ask us to correct your data if it is inaccurate (incomplete or imprecise).

Right to withdraw — you can withdraw your consent to the processing of your personal data if you do not want us to process them further. You can withdraw consent by deleting your account in the Application or by submitting a request.

Right to deletion — you can demand the deletion of your data from our databases. This is possible in all cases, except when we are required to store this data by law.

You can also contact us at any time with a request to clarify other rights guaranteed to you in accordance with the legislation on the protection of confidential information of your country of residence.

Is data of minors collected?

The Application Administration does not knowingly collect or use personal data of minors under the age of 18. When creating an account in the Application, you must confirm that you are at least 18 years old or that your parents (legal representatives) have agreed that you may use the Application.

If you are located in the EU, you may use the Application only if you are above the appropriate age at which you can give explicit consent to the processing of your data in accordance with the laws of your country, or if you have the consent of your parent or legal representative.

If you are a parent (legal representative) and have learned that your child (ward) is using the Application without your permission, or if you have a specific question about data privacy in the Application, you can contact us with a request.

Policy Amendment Procedure

The Application Administration reserves the right to make changes to this Privacy Policy from time to time to reflect changes in legislation, our data collection and use practices.

Please periodically check this page for changes to see if it has been revised since your last visit. If we make any changes to this Privacy Policy that we consider material to your consent to data processing, we will notify you.

Prevailing Language of the Privacy Policy

We also use professional translators and proofreaders for the most accurate translation of our documents and communications, including this Privacy Policy into English. However, please understand that we cannot guarantee 100% accuracy of all our translations, particularly with regard to any legal content. Please note that the Russian version of this Privacy Policy is the original version, which prevails over all other versions in case of deviation from the English version.

How can you contact us?

For any questions regarding data processing and to exercise your rights, including the right to stop data processing, withdraw consent to their processing, you can contact us by email at diaverse@yandex.com

When contacting us, please provide your name and contact details so that we can identify you and determine whether we process your data.

We will respond to your request within 10 business days of receiving it.