Privacy Policy

Effective Date: July 23, 2025

Moonfrog Labs Private Limited ("Moonfrog Labs") respects your privacy rights and is committed to maintaining strong security measures to protect your personal data. This Privacy Policy covers how we handle personal data when you register an account, visit our websites (moonfroglabs.com, teenpattigold.com, ludoclub.com), use our services, or communicate with us.

For the purposes of this Privacy Policy the following definitions apply:

• "Data Privacy Laws" means applicable data protection and data privacy laws including the General Data Protection Regulation (GDPR) and the Information Technology Act, 2000.
• "Processing" (and "Process") means any operation or set of operations performed on Personal Data, whether or not by automated means.
• "Services" means our applications, games, websites, forums, web shop, email communications, social media accounts, and related services.
• "Personal Data" means any data relating to an identified or identifiable natural person. All other capitalised terms have the meanings ascribed to them under the GDPR.

Our services are not directed at children under 16.

1. Who We Are

Controller

Moonfrog Labs Private Limited
Unit No. 101, 1st Floor, Tower-D, RMZ Infinity
Municipal No. 3, Old Madras Road, Benniganahalli
Bangalore – 560016, Karnataka, India
Email: contact@moonfrog.com

Moonfrog Labs is part of Stillfront Group AB (publ), a Swedish gaming company listed on Nasdaq First North Premier Growth Market.

Data Protection Officer

Peter Birgersson, Deloitte AB
Email: dpo@stillfront.com

2. What Information Do We Collect?

Source	Information collected includes/may include the following data
Information you provide voluntarily when using our Services	Names, email addresses, and other contact details; social media connections; communication channel data; subscription and preference data; survey responses and feedback
Information you provide when using our games	Profile information (address, gender, pictures); billing information; additional information such as age, occupation, hobbies, and interests
Directly from you and/or your device by automatic means	Device type, operating system, IP address, browser type; usage data and game activity logs; crash logs and performance data; inferences drawn from your activity

We do not expect or intend to collect special categories of data such as genetic, biometric, or health information, or data revealing racial origin, political beliefs, or criminal records.

3. How Do We Use Your Personal Data?

Lawful basis	Purpose of the processing
To perform our contract with you	Enable and maintain service access; personalise your experience; provide account features and present content effectively
Based on your given consent	Interest-based advertising; marketing communications; newsletter delivery; payment information storage
Based on legitimate interest to make Services the best they can be	Service operation, maintenance, and improvement; customer support and bug troubleshooting; usage analytics and aggregate data creation
Based on legitimate interest to make services more intuitive and evaluate user behaviours	Player retention and lifetime value analysis; understanding player engagement and session patterns
Based on legitimate interest to facilitate performance marketing	Customised experiences and targeted advertising; measuring campaign effectiveness
Based on legitimate interest to provide interest-based services and advertisement	Delivering personalised content and offers based on your in-game behaviour and preferences
Based on legitimate interest to safeguard our operations	Fraud prevention; security monitoring; ensuring platform integrity
Based on legitimate interest to establish, exercise and defend legal claims	Maintaining records necessary to assert or defend against legal claims; compliance with applicable law

4. Who We Share Your Information With

Personal data may be transferred to:

• Stillfront Group companies
• Service providers (development, analytics)
• Third-party platforms (login/linking services)
• Professional advisors
• Outsourced service providers (IT support, cloud storage including Dropbox and AWS)
• Courts and government authorities when legally required
• Entities necessary to protect vital interests or legal rights

5. International Data Transfers

Data transfers outside the EU/EEA (including to the United States) are protected through Standard Contractual Clauses or alternative safeguards. You may request documentation of these protective measures from our Data Protection Officer.

6. How Long Do We Keep Your Data?

Retention depends on the duration of our ongoing relationship, applicable legal obligations (tax, accounting), and the advisability of maintaining records in light of statutes of limitations. Specific retention periods are available upon request from our Data Protection Officer.

7. Security

We implement appropriate technical, physical, and organisational measures to protect your personal data against unauthorised or accidental destruction, alteration, disclosure, misuse, damage, theft, accidental loss, or unauthorised access.

8. Your Rights

General Right

You may request deletion of your data within 30 days unless exceptions apply (fraud prevention, regulatory obligations, dispute resolution). Upon consent withdrawal, data collection ceases and stored data is deleted per applicable law.

EU Residents

• Access – Confirm processing and receive copies of your personal data within 30 days
• Object – Oppose processing based on legitimate interests or direct marketing
• Rectification – Correct inaccurate or incomplete data
• Erasure – Request deletion under certain circumstances
• Restrict Processing – Limit processing to storage only
• Withdraw Consent – Revoke consent at any time
• Data Portability – Receive machine-readable copies or transfer to another controller
• Supervisory Authority Complaints – Lodge complaints with relevant data protection authorities

US Residents

• Opt-Out – Decline interest-based advertising
• Access and Portability – Request details of collected personal data
• Correction – Request inaccurate data correction
• Deletion – Request deletion within 30 days unless exceptions apply
• Non-Discrimination – Receive equal service quality regardless of rights exercise
• Appeal – Challenge denied requests per state law
• Limitation – Restrict use of sensitive personal information

California "Shine the Light"

California residents may request annually what customer information was shared for direct marketing purposes. Email contact@moonfrog.com with the subject line "Request for California Privacy Information."

9. Changes to This Privacy Policy

We may update this policy from time to time due to operational or legal changes. Updates will be posted on our website with appropriate notification based on the significance of the change.