Legal

Privacy Policy

Last updated: April 2026. We believe your data belongs to you.

1. Introduction & Data Fiduciary Identity

This Privacy Policy describes how GamerFlick (“we”, “us”, or “our”), the Data Fiduciary under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), collects, uses, shares, and protects personal data when you use the GamerFlick platform at gamerflick.in and associated mobile applications.

By creating an account or using the Service, you consent to the practices described in this Policy. If you do not agree, please discontinue use of the Service. This Policy is governed by the DPDP Act, 2023, and the Information Technology Act, 2000.

2. Information We Collect

We collect the following categories of personal data:

  • Account Info: Email address, phone number, and date of birth (required to verify age eligibility).
  • Profile Info: Display name, username, avatar image, and gaming IDs you choose to share.
  • Device Fingerprint: Hardware identifiers and device signals used solely for anti-fraud purposes (enforcing the 3-account-per-device limit). Not used for advertising.
  • Gaming Activity: Tournament entries, match results, XP progression, referral activity, and community interactions.
  • Coin Activity: Coin balance, transaction history (entry fees, prize wins, refunds, bonuses). Coins on GamerFlick have no monetary value, cannot be purchased, and are never converted to cash — so we do not collect PAN, UPI handles, or any banking information.
  • Communications: Emails, in-app messages, and support tickets you send to us.
  • Automated Data: Cookies, browser/device type, IP address, page views, Web Vitals, crash reports, and session recordings (see Section 4).

3. Lawful Grounds & Purposes

Under the DPDP Act, 2023, we process your personal data on the following lawful grounds and for the explicit purposes stated:

  • Consent: Account creation, marketing communications, and session recording (Microsoft Clarity).
  • Contract performance: Processing tournament entries, prize distributions, and in-app coin operations.
  • Legitimate interests: Platform security, anti-fraud (device fingerprinting), abuse prevention, and product improvement — balanced against your privacy rights.
  • Vital interests: Detecting and responding to safety threats to users or the platform.

4. Data Sharing with Third Parties

We do not sell your personal data. We share data only with the processors listed below, each bound by data processing agreements:

  • Vercel — hosting infrastructure, Vercel Analytics (page view counts, no PII), and Speed Insights (Web Vitals).
  • Cloudflare — DNS resolution and edge network security.
  • Firebase (Google LLC) — user authentication (sign-in, token management).
  • Google Cloud Storage — storage of user-uploaded images (avatars, tournament banners) via presigned URLs.
  • Microsoft Clarity — anonymised session recordings and heatmaps to understand user behaviour. You may opt out via clarity.microsoft.com/opt-out.
  • Zoho Mail (Zoho Corporation Pvt. Ltd.) — transactional email delivery (welcome emails, OTPs, tournament notifications) via smtp.zoho.in.

5. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. Following a verified account deletion request:

  • Account and profile data is deleted within 30 days.
  • Coin transaction logs (entry fees, prize wins, refunds, bonuses) are retained for 12 months for audit and dispute-resolution purposes, then purged.
  • Soft-deleted records (flagged with deleted_at) are purged from production databases after the applicable retention window.

6. Your Rights under the DPDP Act

As a Data Principal under the DPDP Act, 2023, you have the following rights:

  • Access: Obtain confirmation of what personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of personal data no longer required for the stated purposes (subject to legal retention obligations).
  • Data Portability: Receive a copy of your personal data in a structured, commonly-used format.
  • Withdraw Consent: Withdraw previously given consent at any time (this does not affect lawfulness of processing before withdrawal).
  • Grievance Redressal: Lodge a complaint with our Grievance Officer (Section 10) or with the Data Protection Board of India.

To exercise any of these rights, email privacy@gamerflick.in with the subject line “DPDP Rights Request”. We will respond within 30 days.

7. Data Security

We implement industry-standard technical and organisational measures to protect your personal data:

  • All data in transit is encrypted via TLS 1.2 or higher.
  • All coin operations (entry fees, prize credits, refunds) use database-level row locking within atomic transactions to prevent race conditions and double-spends.
  • A soft-delete-only policy ensures no data is permanently erased without a formal retention review.
  • Access to production systems is restricted to authorised personnel only.
  • We conduct periodic security reviews and penetration tests.

8. Children's Privacy

GamerFlick does not knowingly collect personal data from children under the age of 13. Users aged 13–17 may access all features only with verifiable parental or guardian consent. Because GamerFlick coins have no monetary value and cannot be exchanged for cash, there is no real-money gambling element on the Platform.

If we learn that personal data has been collected from a user under 13 without appropriate consent, we will take prompt steps to delete that data and terminate the associated account. Parents or guardians who believe their child has an account should contact us at privacy@gamerflick.in.

9. International Data Transfers

Some of our third-party processors operate servers outside India. Your data may be transferred to and processed in the following jurisdictions:

  • United States — Vercel, Firebase (Google LLC), Microsoft Clarity.
  • European Union / EEA — Cloudflare edge nodes (may vary by region).

By using the Service and consenting to this Policy, you explicitly consent to such transfers. Where required by the DPDP Act, we ensure that adequate safeguards (standard contractual clauses or equivalent) are in place with each processor before transferring your data.

10. Grievance Officer

In accordance with the DPDP Act, 2023, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer:

  • Name: Yash Patel
  • Email: grievance@gamerflick.in
  • Response time: Within 30 days of receipt of a complaint.

11. Governing Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. Any disputes arising from this Policy shall be resolved in accordance with Section 13 of our Terms of Service.

12. Changes & Notification

We may update this Privacy Policy from time to time. Material changes — including new categories of data collected, new processors, or changes to your rights — will be communicated via in-app notification or email at least 7 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.