PlayWhot Privacy Policy

Last updated: November 16, 2026

Effective immediately on publication. We will notify you in-app the next time we make a material change.

Who we are

PlayWhot ("we", "us", "our") publishes the PlayWhot mobile, web, and desktop card game. Whot!™ is a traditional Nigerian card game; the digital adaptation is operated by PlayWhot. Our registered contact for privacy questions is privacy@playwhot.com.

What this policy covers

This policy explains what personal data we process when you use PlayWhot, why we process it, who we share it with, how long we keep it, and the rights you have over it. It applies to the PlayWhot app on iOS, Android, web, and desktop, and to our back-end services (matchmaking, tournaments, social).

Data we collect

We collect the minimum data required to run a multiplayer card game safely. The categories below align with the disclosures we publish in our App Store and Google Play listings.

• Account data — display name, account ID, sign-in provider (Google or Apple), and (where you provide it) email address.
• Gameplay data — match history, hand outcomes, ratings, tournament participation, achievements, cosmetics inventory, and in-game purchases.
• Social data — friends list, friend requests, chat messages, reports, blocks. Only the recipients of a message see its content; moderation staff may review reported content.
• Device & diagnostic data — device model, OS version, app version, crash stack traces, performance metrics, language, region, and approximate IP-based location.
• Usage data — feature interactions, screen views, session duration, in-game events. You can opt out via Settings → Privacy → Privacy choices.
• Purchase data — App Store / Play Store transaction IDs and the SKU of any items purchased. We do NOT receive your card number, billing address, or full payment details.
• Advertising identifiers — Apple IDFA / Android AAID, only when you consent on devices where ATT or a regional law requires explicit consent.

How we use your data

• Provide the service — sign you in, deal cards, match you with opponents, run tournaments, sync your inventory.
• Safety and integrity — detect cheating, abuse, and broken matches; review reports; enforce community rules.
• Improve the game — diagnose crashes, debug bot behaviour, measure feature adoption, A/B-test changes.
• Communications — deliver in-app notifications and, with separate consent, push notifications.
• Monetisation — display ads via Google AdMob (you can remove ads permanently via an in-app purchase) and process in-app purchases through Apple / Google's stores.
• Compliance — comply with applicable laws, respond to lawful requests, and protect against fraud.

Legal bases (EU/UK users)

• Contract — running the game you signed up for.
• Legitimate interest — safety, integrity, fraud prevention, product analytics that is not based on tracking.
• Consent — personalised advertising, optional analytics in regions where consent is required, push notifications.
• Legal obligation — tax records for purchases, responding to lawful disclosure requests.

Who we share data with

PlayWhot does not sell personal data. We use the following processors (sub-processors). Each is bound by data-processing terms and only handles the data needed for their function:

• Firebase (Google LLC) — Authentication, Crashlytics, Analytics.
• Heroic Labs Nakama — Self-hosted on our infrastructure. Authoritative game server, matches, tournaments, friends, chat, inventory.
• Google AdMob — Ad serving (only when ads are enabled and, on iOS, only when ATT is granted).
• Apple App Store / Google Play — Purchase processing.
• Apple Game Center / Google Play Games — Optional leaderboard and achievement integration if you opt in.
• Cloud hosting (DigitalOcean / similar) — Stores the Nakama database. Located in the EU and the US.

International transfers

Where personal data leaves the EU/UK we rely on the Standard Contractual Clauses approved by the European Commission, supplemented with encryption in transit and at rest.

How long we keep data

• Account data — for as long as your account exists. Deleted within 30 days of account deletion.
• Match and tournament history — 12 months, then aggregated and anonymised for long-term statistics.
• Chat messages — 90 days unless reported (reports kept for 12 months for safety review).
• Crash logs and analytics — up to 14 months as set by Firebase.
• Purchase records — 7 years where required by tax law.

Your rights

• Access, correction, deletion, portability, objection / restriction.
• Withdraw consent at any time from Settings → Privacy.
• Delete your account from Settings → Account → Delete account, or by emailing privacy@playwhot.com.
• Complain to your local data-protection authority. EU/UK users can find theirs at edpb.europa.eu.

Children

PlayWhot is rated 12+. We do not knowingly collect data from children under 13 (under 16 in the EU). Contact privacy@playwhot.com if you believe a child has provided us personal data.

California (CCPA / CPRA) disclosures

California residents have the right to know, delete, non-discrimination, and opt out of "sale" or "sharing" of personal information. PlayWhot does not "sell" personal information for money. We may "share" advertising identifiers with Google AdMob for cross-context behavioural advertising when consented. To opt out, use Settings → Privacy → Privacy choices, or email privacy@playwhot.com with subject "Do Not Sell or Share My Personal Information".

Security

We use TLS for all network traffic, store passwords only via OAuth tokens (we never see your password), and apply rate limits and abuse detection on the match server. If we detect a breach that affects you we will notify you and the relevant supervisory authority as required by law.

Changes to this policy

We will update this policy when our practices change. Material changes are surfaced in-app on next launch.

Contact

Email: privacy@playwhot.com