Privacy Policy
Last updated: June 23, 2026 · v5.0.0
Pito does not track you. Without an account, no data ever leaves your device.
1. Data Controller
Pito is the data controller responsible for protecting and managing your data. You can reach the operator of
Pito at the contact below.
Contact: pito@pito.games
This Privacy Policy is governed by the same laws as our Terms of Service (the Kurdistan
Region and federal Iraq) and forms part of those Terms.
2. Information Stored Locally
The following data is stored only on your device and is never sent to any server unless you create an account:
Game statistics:
- Games played, wins, current streak, best streak, win rate
- Game history (words and results)
- Solitaire bankroll (cumulative Klondike Vegas score, may be positive or negative)
Game economy:
- Stars, coins, and suns (Helo currency)
- Hint usage history
- Purchased items (themes, skins, boosters)
Settings:
- Audio and haptic feedback preferences
- Interface language
- Selected theme color
Important: Without an account, no data leaves your device. Uninstalling the app permanently
deletes all local data.
3. Account Data (Optional)
If you choose to create an account using Google or Apple Sign-In, the following is stored on our servers:
- Full name and email from your sign-in provider (Google/Apple)
- Username (if you choose one)
- Instagram username (if you choose to add one — displayed publicly on your profile)
- Profile picture (if you upload one, compressed to 400x400)
- Game statistics (scores, stars, coins, streaks, Solitaire bankroll)
- Per-game online ELO ratings (Tawla, Okey, Domino, Aznif) and match history
- Purchased items (themes, colors)
This data is stored on Supabase (EU servers) with full encryption. No one can see your email.
Only your username, profile picture, scores, and ratings are visible on leaderboards.
4. Online Multiplayer Data (Tawla, Okey, Domino & Aznif)
When you play Tawla, Okey, Domino, or Aznif online, the following additional data is collected and stored on our servers:
- ELO Rating: A per-game numerical skill rating calculated from your wins and losses, publicly visible
on leaderboards
- Match History: Game results (win/loss/draw), opponent ID, game duration, and timestamps
- Matchmaking Queue Data: Your user ID and rating are temporarily stored in a matchmaking queue
while searching for an opponent; this data is deleted once a match is found or you cancel
- Real-Time Game State: Dice rolls, moves, doubling cube actions, tile plays, card plays, and emoji reactions are
transmitted between players during a match via our self-hosted WebSocket game servers. Game state is transient and not permanently
stored after the match ends; server logs are retained for fair-play and debugging only and contain no personal data beyond your user ID
- Game Invites: When you share an invite link, only a game ID is included in the URL. No
personal information is embedded in invite links
All online data requires a Pito account. Without an account, you cannot play online and no online data is
collected.
5. Voice Chat (Tawla, Okey, Domino & Aznif)
Tawla, Okey, Domino, and Aznif online matches include an optional voice chat feature. Voice chat is not activated
automatically — you must tap the microphone button during a match to connect.
- Microphone Access: The app requests microphone permission only when you tap the mic button
for the first time. You can deny or revoke this permission at any time in your device settings
- Audio Transmission: Voice audio is streamed in real-time between you and your opponents using
a self-hosted LiveKit server. Audio is transmitted via the LiveKit server and is never recorded, stored, or
logged
- No Recordings: We do not record, save, or process any voice audio. Once the match ends or
you disconnect, the audio stream stops completely
- Background Audio: If you briefly switch to another app during a match, voice chat stays
connected so you can continue talking when you return
Voice chat requires a Pito account and an active online match (Tawla, Okey, Domino, or Aznif). No voice data is collected, stored, or
shared with any third party.
6. Text Chat Data
When you use in-app chat (one-to-one and group conversations), the following data is collected and stored on our servers:
- Messages: Text messages sent between you and your friends are stored on Supabase servers
- Read Receipts: We track whether a message has been read by the recipient
- Mute Preferences: Your choice to mute a conversation is stored with your account
- Pinned Messages: Which messages you have pinned is stored with your account
- Conversation Wallpaper: If you set a shared chat wallpaper, your choice is stored with the conversation
Disappearing messages: If you enable disappearing messages for a conversation, message content is hidden from both participants after the timer expires (the timer starts when the recipient reads the message) and the underlying records are purged on a recurring server-side cleanup. Once content has expired it is no longer returned to either user. Because messages can be screenshotted or copied by the other person before they expire, disappearing messages reduce — but cannot guarantee — that content is gone everywhere.
Chat is only available between friends (mutual connection required). Messages are not visible to other users or shared with third parties.
7. Voice Messages & Snaps in Chat
In addition to text, chat supports optional voice messages and view-once photo "snaps":
- Voice Messages: Short audio clips you record and send are uploaded to Supabase Storage (encrypted at rest) so the recipient can play them. Some voice messages are "listen-once" and are removed after the recipient has played them
- Snaps (view-once media): Photos sent as snaps are stored only until they have been viewed; once all intended recipients have viewed a snap, a server-side reaper permanently deletes it
- This media is exchanged only between friends (or members of a group you belong to) and is never shared with third parties or used for advertising
This is separate from real-time in-game voice chat (Section 5), which is never recorded or stored.
8. In-App Purchases & Payments
Pito offers optional in-app purchases, including Pito Coins (an in-app premium currency), Pito Plus (a paid membership), and cosmetic items. Purchases are processed entirely by the Apple App Store or Google Play using your existing store account.
- We never see your payment details: card numbers, bank information, and billing addresses are handled by Apple and Google. Pito does not receive, store, or have access to this information
- Purchase verification: after a purchase, we verify the store receipt with Apple/Google to confirm it is genuine, and we store a transaction record (such as a product identifier, store transaction ID, and timestamp) tied to your account to prevent fraud and to deliver what you bought
- Entitlements: we record what you are entitled to (for example, an active Pito Plus membership and its expiry) so your benefits work across your devices
- Pito Coins balance & ledger: we keep your Pito Coins balance and a ledger of how coins were earned, purchased, gifted, spent, or redeemed, so the in-app economy is accurate and disputes can be resolved
- Gifts and gift codes: if you send a gift or redeem a voucher/gift code, we record the related transaction so the recipient receives the item and codes cannot be reused
Refunds, subscription management, and cancellations are handled through your Apple App Store or Google Play account, subject to those stores' policies.
9. Push Notifications
If you allow notifications, we use them to alert you about things like game invites, your turn in an online match, chat messages, gifts, and important account updates.
- Push notifications are delivered through Firebase Cloud Messaging using a device push token. The token identifies your device for delivery only and is not used to track you across other apps or services
- You can turn notifications off at any time in your device settings; doing so does not affect your ability to use the App
- We do not include sensitive personal data in notification payloads beyond what is needed to take you to the relevant screen
10. Analytics & Crash Diagnostics
For accounts, we collect anonymized, aggregated usage analytics (for example, which games are played and session duration) to understand how the App is used and to improve it. No personally identifiable information is included in analytics, and analytics are not used for advertising. You can opt out of analytics collection in the app settings.
We may also collect basic crash and diagnostic information (such as error messages, device model, and OS version) to find and fix bugs. This diagnostic data does not identify you personally and is used solely to keep the App stable and reliable.
11. Profile & Cosmetic Data
Your account profile includes optional personalization that is stored with your account, and some of it is shown publicly to other players:
- Profile basics: your username, optional profile picture, optional Instagram handle, and online status
- Cosmetics: any cosmetic items you own or have equipped — such as avatar frames, name styles/colors, profile-card backgrounds, a "verified" badge, and other unlockables — are stored with your account and displayed alongside your profile in games, leaderboards, and chat
- Verification status: if you have an active Pito Plus membership or verified status, the related badge and benefits are reflected on your profile until that status lapses
Cosmetic ownership is recorded so your items persist across your devices. This data contains no payment information and is removed when you delete your account.
12. Purpose of Data Use
Primary: Providing game services, saving progress, enabling features (hints, store),
preserving settings, displaying game history.
Technical: Improving game performance, fixing bugs, preventing data loss.
Educational: Supporting Kurdish language learning and promoting Kurdish culture.
We never use your data for advertising, selling, or sharing with third parties.
13. Legal Basis for Processing
We process your personal data only where we have a legal basis to do so, consistent with the right to privacy
under Article 17 of the Constitution of Iraq (2005) and, for data hosted in the EU, the lawful bases of the EU
General Data Protection Regulation (GDPR, Article 6):
- Consent: when you agree, for example by creating an account or setting a profile picture
- Contract: to provide the Services you request under our Terms
- Legitimate interests: to operate, secure, and improve the App and prevent abuse, balanced
against your rights
- Legal obligation / vital interests: to comply with law and to prevent fraud, cheating, and
harm
You may withdraw consent at any time by deleting your account or the relevant data.
14. Third-Party Services
We never sell your data or use it for advertising.
- Apple App Store / Google Play - Payment processing for in-app purchases. They handle all payment details; Pito never receives your card or banking information and only receives a receipt to verify the purchase
- Supabase - Account storage, stats, leaderboards, profile picture and disappearing-media hosting (encrypted at rest), Tawla/Okey/Domino/Aznif matchmaking, per-game ELO ratings, chat, purchase/entitlement records and Pito Coins ledger, and anonymous analytics (EU servers)
- Google Sign-In - Authentication (name and email only)
- Apple Sign-In - Authentication (name and email only)
- Firebase Cloud Messaging - Push notifications (device token only; no personal data)
- Oracle Cloud (self-hosted game servers) - Real-time game state, moves, and dice/tile/card plays during online Tawla/Okey/Domino/Aznif matches. Server logs are retained for fair-play and debugging only and contain no personal data beyond your user ID
- LiveKit (self-hosted) - Real-time voice chat during online matches (Tawla, Okey, Domino, Aznif). Audio is streamed through the LiveKit server and is never recorded or stored. The server is self-hosted and does not share any data
with third parties
Without an account, no data is sent to any third party. There is no ad tracking and no data selling.
With an account, we collect anonymized usage analytics (such as which games are played and session duration) to improve the app experience. No personally identifiable information is included in analytics. You can opt out of analytics collection in the app settings.
15. International Data Transfers
If you have an account, your data is stored on Supabase servers in the European Union (EU). This means your
data is processed and stored outside Iraq. Those servers apply high data-protection standards (including
standards consistent with the EU GDPR). By using the App, you consent to this transfer and processing.
16. Cookies and Tracking
Pito does not use any cookies or tracking technologies:
- No cookies are set or read
- No web trackers or third-party analytics services
- No IP addresses collected
- No location data recorded
- No advertising identifiers created
- First-party anonymous usage analytics (opt-out available)
17. Content Updates
Pito may download updated game content (word lists, impostor words, bomb prompts) from secure servers. These
downloads:
- Use HTTPS only
- Transmit no personal information
- Are optional and fall back to local content if offline
- Include no third-party tracking
18. Leaderboards
If you have an account, your casual game scores and per-game online ELO ratings (Tawla, Okey, Domino, Aznif) are publicly visible on leaderboards. Only your
username, profile picture, scores, and ratings are shown. No other personal data is displayed.
19. Profile Pictures
You can upload a profile picture from your camera or gallery. The image is compressed (400x400) and stored on
Supabase Storage.
- Your profile picture is public: it is shown to other users of the App on leaderboards,
your profile, chat, and online games
- Other users can see it and — like any image on a screen — may screenshot or copy it, which we cannot
prevent
- Only upload a picture you are comfortable being public; if you do not want your photo to be public, do not
set it as your profile picture
- You can delete or change it anytime
- Deleting your account permanently removes the photo
20. Public Information & Others' Conduct
Some information is public by design and is shown to other users: your username, profile picture, Instagram
handle (if you add one), online status, scores, and ratings.
- Once information is public, it may be viewed, copied, screenshotted, or re-shared by others — both inside
and outside the App
- We cannot control how others use your Public Information, and we are not responsible for the conduct of
other users
- If someone misuses your information or photos, report it to pito@pito.games and we will review and, where appropriate, act
21. Data Security
- Data encryption in transit and at rest
- Access controls and authentication
- Regular security audits
- Firewall protection
- Automated backups
However, no method of transmission or storage over the internet is completely secure. While we work hard to
protect your data, we cannot guarantee absolute security, and you provide information at your own risk. If a
data breach affects your personal data, we will take reasonable steps to address it and notify you or the
competent authorities where required by law.
22. Data Retention
Local data (on device): Stored until you uninstall the app.
Server data (if you have an account): Stored until you delete your account. When you delete
your account, all server data is permanently removed.
23. Your Rights
- Access: View your data
- Rectification: Correct inaccurate information
- Erasure: Delete your data (via account deletion in Settings)
- Restriction: Limit processing
- Portability: Receive your data
- Objection: Object to processing
24. Account & Data Deletion
You can delete all your data by deleting your account in the app's Settings, or by submitting a request at pito.games/delete-account. When you delete your account, all
data is permanently removed from our servers and cannot be recovered. This includes your profile, game
statistics, Solitaire bankroll, per-game ELO ratings (Tawla, Okey, Domino, Aznif), match history, chat history, voice messages, snaps, disappearing-media uploads, purchase and entitlement records, your Pito Coins balance and ledger, cosmetic ownership, and any uploaded profile pictures.
If you cannot sign in, email us at pito@pito.games from the address linked
to your account and we will process your deletion request.
25. Minimum Age & Children's Privacy
Pito is rated 4+ and the core games are suitable for all ages. However, account-based features (such as online
multiplayer, chat, voice, public profiles, and in-app purchases) are intended for users 13 years of age
or older, or the minimum age required in your country. A parent or guardian should supervise younger
children and manage any purchases.
We do not knowingly collect personal information from children
under 13 without parental consent. If we learn we have collected data from a child without proper consent, we
will delete it immediately.
If you are a parent or guardian and believe your child has set a profile picture or provided personal
information, contact us at pito@pito.games and we will remove it.
26. Changes to This Policy
When we make significant changes, we will notify you through the app and by email (if available). Continued use
after changes means you accept the updated policy.
27. Contact
Email: pito@pito.games
We respond to all privacy inquiries within 72 hours.
Supported languages: Kurdish (Sorani), Arabic, English