Corporate comedian Greg Schwem reading a phone privacy policy while playing Candy Crush

I Read the Updated Candy Crush Privacy Policy so You Don’t Have To

Does collecting Sugar Bombs and Coconut Wheels – terms instantly familiar to Candy Crush aficionados – mean having to sacrifice my anonymity?    I was about to find out.

Collecting Sugar Bombs and Coconut Wheels is fun. Finding out what King.com collects about me in exchange? That took actual research. Here’s what happened when a corporate comedian did something almost nobody does: read the whole privacy policy.

Why I Actually Read a Privacy Policy for Once

Like most people who spend too much time online, my inbox recently filled up with “we’re updating our privacy policy” emails. They came from companies I use every day, companies I barely remember signing up for, and a few apps I apparently downloaded in an airport bar and forgot existed by the time I sobered up.

Most of these updates trace back to GDPR, Europe’s sweeping data privacy law that forced practically every company on earth to rewrite their fine print. The emails read like mortgage paperwork, and I usually delete them without a second thought, privacy experts’ warnings be damned.

But when King.com, maker of Candy Crush, the one mobile game I’ve never managed to quit, sent theirs, I decided to actually open it. Not skim it. Read it.

Why Candy Crush, Specifically

My kids gave up on Candy Crush years ago and never miss a chance to mock me for still playing. I don’t care. It’s my go-to during flight delays, dull TV, and conference calls where an executive is explaining, again, why blockchain is about to change everything.

So before my next match-three binge, I wanted to know: does collecting candy also mean surrendering my privacy? Time to find out.

What’s Actually Buried in the Terms of Service

Scrolling through King.com’s Terms of Service, I hit a section written entirely in aggressive all-caps legal language, the kind that basically says the company isn’t liable for anything, ever, including personal injury from playing the game.

If anyone reading this has genuinely been hurt playing Candy Crush, email me. I need the story.

What the Privacy Policy Actually Says About Your Data

The Privacy Policy itself had a few lines worth flagging for anyone who’s never bothered to check:

  • Downloading or playing King’s games means consenting to information collection about you.
  • King and its advertising partners use your data to send marketing about other King games and related services based on your interests.
  • Unless you specifically opt out, you’re agreeing to let advertising partners collect and use your data to improve targeting and measurement, so they can serve you “relevant” third-party ads inside the game.

There it was, tucked into a later section: it’s on you to opt out if you don’t want your browsing habits tracked and monetized. King.com does point users toward the Digital Advertising Alliance’s opt-out tool, which lets you reset ad tracking on your device, though even that site admits you’ll still see other types of targeted advertising “consistent with DAA principles.”

So, Is Candy Crush Safe to Play?

Reading the whole thing felt like installing a home security system. I feel a little safer. I do not feel bulletproof.

The only truly airtight way to protect my data completely would be to quit Candy Crush for good. To every blockchain-obsessed executive I’ve ever sat through on a conference call: your moment may finally be coming.