Privacy Policy

1. Data Controller

Pito is developed by Rozhyar Ali Kamal. We are the data controller responsible for protecting and managing all user data.

Contact: rozhyar.ali@outlook.com

2. Information Stored Locally

The following data is stored only on your device and is never sent to any server unless you create an account:

Game statistics:

• Games played, wins, current streak, best streak, win rate
• Game history (words and results)

Game economy:

• Stars, coins, and suns (Helo currency)
• Hint usage history
• Purchased items (themes, skins, boosters)

Settings:

• Audio and haptic feedback preferences
• Interface language
• Selected theme color

Important: Without an account, no data leaves your device. Uninstalling the app permanently deletes all local data.

3. Account Data (Optional)

If you choose to create an account using Google or Apple Sign-In, the following is stored on our servers:

• Full name and email from your sign-in provider (Google/Apple)
• Username (if you choose one)
• Instagram username (if you choose to add one — displayed publicly on your profile)
• Profile picture (if you upload one, compressed to 400x400)
• Game statistics (scores, stars, coins, streaks)
• Purchased items (themes, colors)

This data is stored on Supabase (EU servers) with full encryption. No one can see your email. Only your username and scores are visible on leaderboards.

4. Online Multiplayer Data (Tawla & Okey)

When you play Tawla or Okey online, the following additional data is collected and stored on our servers:

• ELO Rating: A numerical skill rating calculated from your wins and losses, publicly visible on leaderboards
• Match History: Game results (win/loss/draw), opponent ID, game duration, and timestamps
• Matchmaking Queue Data: Your user ID and rating are temporarily stored in a matchmaking queue while searching for an opponent; this data is deleted once a match is found or you cancel
• Real-Time Game State: Dice rolls, moves, doubling cube actions, tile plays, and emoji reactions are transmitted between players during a match via Supabase Realtime. This data is transient and not permanently stored after the match ends
• Game Invites: When you share an invite link, only a game ID is included in the URL. No personal information is embedded in invite links

All online data requires a Pito account. Without an account, you cannot play online and no online data is collected.

5. Voice Chat (Tawla & Okey)

Tawla and Okey online matches include an optional voice chat feature. Voice chat is not activated automatically — you must tap the microphone button during a match to connect.

• Microphone Access: The app requests microphone permission only when you tap the mic button for the first time. You can deny or revoke this permission at any time in your device settings
• Audio Transmission: Voice audio is streamed in real-time between you and your opponent using a self-hosted LiveKit server. Audio is transmitted peer-to-peer and is never recorded, stored, or logged
• No Recordings: We do not record, save, or process any voice audio. Once the match ends or you disconnect, the audio stream stops completely
• Background Audio: If you briefly switch to another app during a match, voice chat stays connected so you can continue talking when you return

Voice chat requires a Pito account and an active online Tawla or Okey match. No voice data is collected, stored, or shared with any third party.

6. Text Chat Data

When you use in-app chat, the following data is collected and stored on our servers:

• Messages: Text messages sent between you and your friends are stored on Supabase servers
• Read Receipts: We track whether a message has been read by the recipient
• Mute Preferences: Your choice to mute a conversation is stored with your account
• Pinned Messages: Which messages you have pinned is stored with your account

Chat is only available between friends (mutual connection required). Messages are not visible to other users or shared with third parties.

7. Purpose of Data Use

Primary: Providing game services, saving progress, enabling features (hints, store), preserving settings, displaying game history.

Technical: Improving game performance, fixing bugs, preventing data loss.

Educational: Supporting Kurdish language learning and promoting Kurdish culture.

We never use your data for advertising, selling, or sharing with third parties.

8. Third-Party Services

We never sell your data or use it for advertising.

• Supabase - Account storage, stats, leaderboards, profile picture hosting, Tawla and Okey online matchmaking, ELO ratings, and real-time game communication (EU servers)
• Google Sign-In - Authentication (name and email only)
• Apple Sign-In - Authentication (name and email only)
• LiveKit (self-hosted) - Real-time voice chat during Tawla and Okey matches. Audio is streamed directly between players and is never recorded or stored. The server is self-hosted and does not share any data with third parties

Without an account, no data is sent to any third party. There is no ad tracking and no data selling.

With an account, we collect anonymized usage analytics (such as which games are played and session duration) to improve the app experience. No personally identifiable information is included in analytics. You can opt out of analytics collection in the app settings.

9. Cookies and Tracking

Pito does not use any cookies or tracking technologies:

• No cookies are set or read
• No web trackers or third-party analytics services
• No IP addresses collected
• No location data recorded
• No advertising identifiers created
• First-party anonymous usage analytics (opt-out available)

10. Content Updates

Pito may download updated game content (word lists, impostor words, bomb prompts) from secure servers. These downloads:

• Use HTTPS only
• Transmit no personal information
• Are optional and fall back to local content if offline
• Include no third-party tracking

11. Leaderboards

If you have an account, your scores, Tawla ELO rating, and Okey ELO rating are publicly visible on leaderboards. Only your username, scores, and ratings are shown. No other personal data is displayed.

12. Profile Pictures

You can upload a profile picture from your camera or gallery. The image is compressed (400x400) and stored on Supabase Storage. Your photo is only visible on leaderboards and your profile. You can delete or change it anytime. Deleting your account permanently removes the photo.

13. Data Security

• Data encryption in transit and at rest
• Access controls and authentication
• Regular security audits
• Firewall protection
• Automated backups

14. Data Retention

Local data (on device): Stored until you uninstall the app.

Server data (if you have an account): Stored until you delete your account. When you delete your account, all server data is permanently removed.

15. Your Rights

• Access: View your data
• Rectification: Correct inaccurate information
• Erasure: Delete your data (via account deletion in Settings)
• Restriction: Limit processing
• Portability: Receive your data
• Objection: Object to processing

16. Account Deletion

You can delete all your data by deleting your account in the app's Settings. When you delete your account, all data is permanently removed from our servers and cannot be recovered. This includes your profile, game statistics, Tawla ELO rating, Okey ELO rating, match history, and any uploaded profile pictures.

17. Children's Privacy

Pito is rated 4+ and suitable for all ages. We do not knowingly collect personal information from children under 13 without parental consent. If we learn we have collected data from a child without proper consent, we will delete it immediately. Parents can contact us with any questions.

18. Changes to This Policy

When we make significant changes, we will notify you through the app and by email (if available). Continued use after changes means you accept the updated policy.

19. Contact

Email: rozhyar.ali@outlook.com

We respond to all privacy inquiries within 72 hours.
Supported languages: Kurdish (Sorani), Arabic, English