Privacy Policy

Effective date: 13 May 2026

This policy explains how Mino Qadha — owned and operated by Mega Solutions and Technology Co., Commercial Registry No. 476385, Kuwait — collects, uses, and shares data from users of our website (qadha.cloud) and mobile app (Android, with iOS to follow), and what your rights are with respect to that data.

1. Data we collect

• Account information: display name, email address, phone number (if you sign up with phone), and profile picture if you choose to upload one.
• SSO identifiers: when you sign in with Google or Discord we receive only a unique provider ID (sub) and a verified email address — we never see your password for those services.
• Mobile push token (FCM device token): a technical token that lets us deliver a push notification to your device. It contains no personal data and can be revoked instantly from the app's settings.
• IP address and connection metadata: we log your request IP alongside a session identifier for security and abuse-prevention purposes, for a limited period.
• Purchase and points history: your points balance, purchases made via our external store (ca-kw.com — operated by the same company), and transaction history. Card details are processed by the payment gateway and never stored on our side.
• Match history: games you played, win/loss outcome, timestamp, used to populate your match history page and global leaderboards.
• Essential cookies: a connect.sid cookie keeps you signed in. We do not currently use third-party advertising-tracking cookies.

2. How we use your data

• Operate your account and let you create rooms, join rooms, and play with others.
• Send game and room-invite notifications via VAPID (browser) and FCM (mobile).
• Prevent abuse, detect cheating, and protect the platform.
• Communicate with you about your account or material service updates.
• Improve platform performance based on aggregate usage patterns (not tied to your identity).

3. Sharing with third parties

We do not sell your personal data to anyone. We share limited data only with specific operational service providers under confidentiality agreements:

• Google (Firebase / FCM): mobile push tokens pass through Google's services to deliver the notification to your device.
• Google (OAuth) / Discord: only at sign-in moment, to exchange the unique identifier and verified email.
• ca-kw.com store (WooCommerce): to process purchases. Operated by us under the same legal entity.
• Government authorities: only when compelled by a valid legal order.

4. Data retention and account deletion

We keep your account data for as long as the account is active. You can request deletion at any time from the profile page → Delete account. Upon request:

• Your account is deactivated immediately and your data disappears from public boards.
• A 30-day countdown begins during which you can cancel the request by signing back in.
• After the period elapses, personal data is permanently deleted. Financial transaction records are retained in anonymised form for accounting and legal purposes only.

5. Children

The platform is intended for users aged 13 and over. We do not knowingly collect data from children under that age. If we learn that an account belongs to a child under the permitted age, we delete the data immediately. Parents and guardians may contact us at the email below to request deletion.

6. Security

• All website and app traffic is encrypted over HTTPS / WSS.
• Locally stored passwords (for non-OAuth accounts) are hashed with bcrypt.
• Sessions use a cookie with httpOnly + secure + sameSite=lax flags.
• Internal controls restrict database access to the operations team only.

That said, no method of electronic transmission or storage is 100% secure — we apply commercially reasonable safeguards but cannot guarantee absolute security.

7. Your rights

• Access the data we hold about you.
• Request correction if it is inaccurate.
• Request deletion from the profile page or by contacting us directly.
• Withdraw consent for mobile push notifications at any time from the app's settings.

8. International data transfers

Our servers run in data centres that may be located outside Kuwait. By using the platform you consent to the transfers necessary to operate the service.

9. Updates to this policy

We may update this policy from time to time. The effective date at the top of the page will reflect each update, and we will notify you of material changes by email or an in-app notification.

10. Contact us

For any privacy-related question or request:
Email: privacy@qadha.cloud
Address: Mega Solutions and Technology Co., Kuwait, CR 476385