Last updated: May 23, 2026
Veiled Castle Ltd ("we", "us", or "our") operates the Veiled Castle live wallpaper application (the "App"). This Privacy Policy explains what personal information the App handles, what is sent to our servers, and your choices.
Our approach is to keep data on your device wherever possible. The data that does cross the network is limited to what is needed to verify Google Play purchases, deliver wallpaper files for your device, support the share-to-unlock feature, and diagnose crashes.
So that features such as purchase restoration, share-to-unlock, and crash grouping can work, and so that we can apply rate limits and prevent abuse on a per-install basis, the App associates each install with a per-install pseudonymous reference. This reference is generated locally, is not derived from your name, Google account, email address, phone number, or any hardware identifier, and is used only to relate records on our servers that belong to the same install of the App. We do not link it to your real-world identity.
In the course of buying and downloading wallpapers, the App sends Google Play purchase tokens, identifiers for the design you select, and your screen dimensions to our server. We do not retain a long-term record of your purchase or download history.
If you share a link to the App, the link contains a short attribution code that lets us credit you with installs that come from your shared links. If a recipient installs the App from that link, their first launch sends that code, along with install-attribution timestamps from Google, to our server. We hold no further information about either party.
If the App crashes, it sends a crash report to our servers. Each crash report contains:
Crash reports are deleted automatically after 90 days. We use crash reports solely to diagnose and fix bugs; they are not used for profiling or shared with any third parties.
| Data | Retention |
|---|---|
| Per-install reference | Stored on your device; appears server-side only on records associated with your install (purchases, share confirmations, crash reports) |
| Purchase tokens | Not stored long-term |
| Refund records | Retained to honour refunds and chargebacks (Google Play is the authority) |
| Share confirmation records | Retained while the share-to-unlock feature is in service |
| Crash reports | Deleted after 90 days |
We do not sell your data, and we do not share it with third parties for advertising. The third parties that process data on our behalf or are otherwise involved in delivering the App are:
Cloudflare, Inc. and Hetzner Online GmbH act as data processors for us and do not have independent rights to your data.
Privacy policies of relevant providers:
Requests from the App reach our servers through Cloudflare. As part of operating that service, Cloudflare receives the IP address your device used to make the request, along with standard request metadata (such as the time of the request and the response status). Cloudflare processes this data on our behalf for security, abuse prevention, and aggregate analytics. We do not store these IP addresses on our own servers, and we do not link them to the records associated with your install.
Cloudflare retains this data only as long as it needs to in order to provide its service. For current retention details, please refer to Cloudflare's Privacy Policy.
Data sent between the App and our servers is encrypted in transit. We use commercially reasonable measures to protect data in transit and at rest. No method of transmission or storage is 100% secure, but we minimise the data we collect in the first place and avoid retaining anything we do not need.
The App opts in to a narrow subset of Android Auto Backup so that your settings, local records of your purchases, and the information needed to associate a reinstall with your prior records can survive a reinstall on the same Google account. Downloaded wallpaper files and other caches are excluded. You can disable Auto Backup for the App in your Android Backup settings.
Veiled Castle Ltd is established in the United Kingdom. If you are in the UK or the European Economic Area, UK GDPR (or EU GDPR for EEA residents) gives you the rights set out below.
We process your personal data on the following lawful bases:
You have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw any consent on which processing relies. To exercise any of these rights, contact us at the email address below. Because we hold no name, email, or other directly identifying information, we may need additional information from you to locate your records.
Our application servers are operated by Hetzner within the EEA. Cloudflare's edge network is global, so a request from your device may be processed by Cloudflare infrastructure outside the UK or EEA. Cloudflare commits to UK and EU Standard Contractual Clauses for such transfers; further detail is available in Cloudflare's Privacy Policy.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk). EEA residents may instead complain to their local data protection authority.
If you are in Australia, the Privacy Act 1988 and the Australian Privacy Principles give you the right to access the personal information we hold about you and to request correction of any inaccuracies. To exercise these rights, contact us at the email address below.
The third parties listed in the Data Sharing section above process data on our behalf in locations outside Australia, including in the European Economic Area (Hetzner) and on Cloudflare's globally distributed infrastructure.
If you believe we have not handled your personal information in accordance with the Australian Privacy Principles, please first contact us. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).
If you are in Brazil, the Lei Geral de Proteção de Dados (Federal Law 13,709/2018) gives you the right to confirmation of processing, access to your data, correction of inaccuracies, anonymisation or deletion of unnecessary data, portability, deletion of data processed on the basis of consent, information about whom your data is shared with, information about the consequences of refusing consent, and revocation of any consent on which processing relies. To exercise any of these rights, contact us at the email address below.
If you believe we have not handled your personal data properly, you may lodge a complaint with the Autoridade Nacional de Proteção de Dados (gov.br/anpd).
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the rights set out below.
The categories of personal information we collect, as defined by the CCPA, are:
We do not collect sensitive personal information as defined by the CCPA, and we have not sold or shared personal information.
You have the right to know what personal information we collect, to request a copy of it, to request its deletion or correction, and to be free from discrimination for exercising any of these rights. The CCPA's right to opt out of the sale or sharing of personal information applies but is not actionable in our case because we do not sell or share. To exercise any of these rights, contact us at the email address below. You may designate an authorised agent to act on your behalf.
The App does not knowingly collect data from children under 13. The App contains no user-generated content, social features, advertising, or in-app messaging. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us so that we can take appropriate action.
The App and the Veiled Castle website may contain links to other sites that are not operated by us. We are not responsible for the content or privacy practices of those sites and encourage you to review their privacy policies before providing any information.
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.
If you have questions about this Privacy Policy or wish to make a request about your data, contact us at: