Privacy Policy — Diceonaut (Android app)

Last updated: 27 June 2026 · Version: 2.0 · Effective date: the date this version is published

This Privacy Policy explains what personal data the Diceonaut Android application ("the App") collects, why, who it is shared with, how long it is kept, and the rights you have. The App is published by Atashi Technologies Private Limited ("Diceonaut", "we", "us"). It mirrors our website policy at https://diceonaut.com/privacy and adds Android-specific detail. Diceonaut is a free, casual social game — not a real-money game: you cannot deposit real money into gameplay, you cannot win real money, and the in-game play currency cannot be bought or cashed out.

1. Who we are

We design to the stricter of India's Digital Personal Data Protection Act, 2023 + DPDP Rules 2025 and the EU/UK GDPR.

2. Data the App collects

You can play local single-device games without an account. If you sign in / play online, we collect:

We do NOT collect: precise location/GPS, contacts, photos, microphone, or camera; special-category data; and we do not sell your personal data.

3. Permissions the App uses

4. Why we use your data

To create/run your account; run matches, rankings, rewards and social features; keep the service safe (anti-abuse/anti-cheat); and — with your consent — product analytics. Legal bases: performance of contract, legitimate interests (security), and your consent (analytics; future advertising) under GDPR Art. 6 / DPDP Act §6–§7.

5. In-game currencies and purchases (Android)

6. Advertising and AI opponents (bots)

7. Who we share data with

Hosting (Hetzner), CDN/TLS/bot-protection (Cloudflare), identity (Keycloak, self-hosted), web fonts (Google Fonts — receives your IP), and — when enabled — advertising (Google AdMob). Analytics is self-hosted (not shared). We disclose data when required by law, to enforce our Terms, or in a business transfer. We do not sell your data.

8. International transfers

Servers run via Hetzner (European data-centre infrastructure). Some providers (Google) process data abroad (incl. the US). For EU/UK users we rely on appropriate safeguards (Standard Contractual Clauses / adequacy).

9. Children and age

You must be 13+ (or have parent/guardian permission). For India, the DPDP Act treats under-18s as children and (from 13 May 2027) requires verifiable parental consent and no behavioural tracking/targeted ads at children; we are building toward this and keep advertising/behavioural tracking off in the meantime.

10. Retention, your rights, and deletion

11. Security & breach notice

TLS/HTTPS in transit; passwords stored only as hashes by the identity service; access controls; anti-abuse protections. If a breach affects you, we notify you and the relevant regulator without undue delay, in plain language (DPDP Rules 2025 / GDPR Art. 33–34).

12. Changes & contact

We update this policy when practices change (and update the Play data-safety form to match). Questions or grievances: [email protected] — Atashi Technologies Private Limited (Diceonaut), Kolkata, West Bengal, India. Governing law: India; courts at Kolkata, West Bengal, subject to your mandatory consumer rights.