Logo
App Logo

Privacy Policy

At Zishes, your privacy is important to us. This Privacy Policy (“Policy”) explains what personal data we collect, how we use it, how we protect it, and your rights. It applies to all users, sellers, winners, and visitors of the Zishes platform globally.

1) Data We Collect

  • Account Data: Name, username, email, phone, address, age/date of birth, KYC documentation (ID, utility bill, tax ID where required).
  • Transaction Data: Payment details (processed securely by PSPs like Stripe/Razorpay), coin/membership purchases, prize wins, seller payouts, invoices.
  • Gameplay Data: Competition entries, scores, leaderboards, logs, session IDs, anti-cheat telemetry.
  • Device & Technical Data: IP, browser/app type, device ID, operating system, crash logs, cookie identifiers, approximate location.
  • Communications: Support requests, chat, dispute evidence, appeals, reports of misconduct.

2) How We Collect Data

  • Directly from you (when registering, playing, selling, or contacting support).
  • Automatically (cookies, SDKs, telemetry, anti-cheat, analytics).
  • From third parties (payment processors, KYC providers, fraud detection tools, courier tracking).

3) How We Use Data

  • Provide and operate competitions, memberships, and payouts.
  • Verify identity (KYC/AML compliance), prevent fraud, enforce fair play.
  • Process payments, seller settlements, refunds, and accounting obligations.
  • Improve services through analytics, bug fixing, and user experience optimization.
  • Send service notifications, competition results, policy updates, and marketing (where consented).

4) Legal Bases for Processing

  • Contract necessity: to deliver competitions, memberships, payouts.
  • Legal obligation: KYC, AML, tax reporting, accounting, consumer protection.
  • Legitimate interests: fraud prevention, platform security, service improvement.
  • Consent: marketing communications, cookies, some analytics.

5) How We Share Data

  • Payment providers: Stripe, Razorpay, or other PSPs to process transactions securely.
  • KYC/AML providers: Identity verification, sanctions screening.
  • Logistics providers: Couriers/shippers for prize delivery (address/contact shared).
  • Vendors & analytics providers: Anti-cheat tools, crash logging, fraud detection.
  • Legal/government authorities: Where required by law, court order, or fraud/crime investigation.

6) Data Retention

We retain personal data only as long as necessary for the purposes described. For example:

  • KYC/AML records: up to 5–7 years (legal requirement).
  • Transaction & tax records: 7 years minimum.
  • Gameplay logs/anti-cheat telemetry: typically 12–24 months unless under investigation.
  • Marketing preferences: until you withdraw consent or delete your account.

7) Security Measures

We apply industry-standard measures: TLS encryption in transit, encryption at rest for sensitive fields, restricted access, logging, anomaly detection, and vendor due diligence. No system is 100% secure, but we continuously improve our safeguards.

8) International Transfers

Zishes operates globally. Where data is transferred outside your region (e.g., EU/UK to UAE or India), we use safeguards like EU Standard Contractual Clauses (SCCs), UK Addendum, and PDPL/DPDP compliant measures.

9) Children

Zishes is for adults aged 18+ (or local age of majority). We do not knowingly collect data from children. If we discover an underage account, it will be terminated, and data deleted.

10) Your Rights

  • Access your data and request a copy.
  • Correct inaccuracies.
  • Delete your account and personal data (subject to legal holds).
  • Restrict or object to processing in certain cases.
  • Withdraw consent (e.g., marketing or cookies) at any time without affecting prior lawful processing.
  • Portability — request transfer of your data in structured format.

To exercise these rights, email privacy@zishes.com. We respond within required legal timeframes (usually 30 days).

11) Region-Specific Addenda

  • EU/UK GDPR: Right to lodge complaints with local data protection authority (ICO in UK, DPA in EU).
  • India DPDP Act 2023: Data Principals may exercise consent withdrawal and grievance redressal through our appointed Data Protection Officer.
  • UAE PDPL: Users may request erasure, correction, and object to certain processing.
  • US (CPRA/CCPA): Residents may request opt-out of sale/sharing of personal info and use the Global Privacy Control (GPC) signal.

12) Changes to This Policy

We may update this Policy as laws or practices evolve. Material updates will be highlighted in-app and on our website. Continued use after an update constitutes acceptance.

13) Contact Us

Questions? Contact our Data Protection Officer at privacy@zishes.com or compliance@zishes.com.

Effective date: [Insert Date]

← Back to Home