Privacy Policy

Effective date: 30 April 2026

This Privacy Policy describes how Play Rummy Lane (https://playrummylane.com, we, us, our) handles information collected or processed in connection with our static informational website and related editorial correspondence.

1. Who we are

Play Rummy Lane publishes editorial summaries about mobile rummy-style apps.

Contact email: support@playrummylane.com

2. Scope

This Policy applies when you browse our pages, preload assets delivered from our origins, optionally email us, optionally reference search indexes exported at deploy time (/search-index.json), activate banners that intentionally open vacancy dialogs urging partners to complete routing, interact with carousel controls, activate navigation drawers, initiate searches against static JSON payloads, observe structured data surfaced to search engines—but does not supersede downstream privacy notices at destination operators, storefronts, ad networks embedded off-site once you navigate away.

3. Categories of personal data—usually minimal

Pure browsing of statically served HTML ordinarily generates few enduring personal data points retained by Play Rummy Lane directly. Even so:

3.1 Server, CDN, and security logs

Infrastructure providers routinely process technical metadata such as IP addresses (often truncated/anonymised at aggregators), timestamps, requested URLs, TLS parameters, referrer headers browsers supply, coarse device hints from user-agent strings, HTTP status codes, response sizes (when logged), heuristic bot scores—solely as needed for uptime, invoicing reconciliation, anomaly detection, lawful incident response.

Retention follows each vendor’s documented lifecycle and applicable law—we choose providers willing to minimise storage windows consistent with SOC-style controls whenever feasible.

Aggregated dashboards may summarise traffic totals without intending to reconstruct individual journeys beyond security necessity.

3.2 Search performed on-device using static indexes

Unless we later migrate to networked search APIs—which would trigger supplemental notices—queries you type largely remain constrained to client-side loops against JSON we already published. Exceptions include accidental submission through browser phishing UX you installed—beyond our remediation.

3.3 Emails you send

If you contact support@playrummylane.com, we process:

• Your email address(es) observed in headers
• Message bodies and voluntarily attached PDFs/screenshots/redacted IDs only if strictly necessary—we prefer minimal sensitive attachments
• Any routing metadata SMTP hops embed

Purposes:

• Operational reply
• Investigating inaccuracies, legal/regulatory escalation, reputational remediation
• Defending lawful positions if correspondence becomes evidentiary

Retention:

• Held while pertinent, then trimmed consistent with housekeeping except where lawful holds apply.

3.4 Measurement scripts currently inactive placeholders

Layouts may anticipate Google Analytics 4 wiring with Measurement ID empty—therefore inactive at publish time documented here—if enabled later pursuant to granular consent overlays (where statutes demand), Google’s policies govern additional disclosures we will materially expand before activation.

3.5 Data we endeavour not to collect on-site proactively

Absent voluntary email—we do not operate transactional accounts gated by credentials here; we do not maintain centralised wagering ledgers here keyed to biometric templates; we do not run social comment backends requiring persisted handles here.

Downstream wallets / KYC selfies appear only after outbound navigation.

4. Legal bases—framework-dependent shorthand

EEA/UK-style analyses (if traffic triggers):

• Legitimate interests in operating an editorial site, cybersecurity, lawful defence, archival proportionate correspondence.
• Consent occasionally if you volunteered optional marketing beyond minimal reply—prefer not—we rarely desire marketing lists anyway.

Other regions—apply parallel statutory scaffolding your counsel recognises.

5. Cookies and comparable technologies

Necessary infrastructure cookies/security challenges occasionally appear unpredictably via edge vendor mitigations—we do not rely on intrusive first-party behavioural ad canvases atop static pages at this baseline.

Readers may tighten browser hygiene to reject non-essential classes.

6. Disclosure categories

Hosting/CDN/registrar/SOC subcontractors may access technical logs narrowly. Authorities may demand lawful disclosures post due diligence and jurisdictional permissibility—we resist overbroad requests where counsel feasible.

Sale of personal information (CPRA optics): presently no marketplace auction of dossiers—we don’t monetise cross-context behavioural dossiers keyed to hashed emails here absent future plainly disclosed arrangement.

EEA onward transfers leverage Standard Contractual Clauses or successors when infrastructure spans regions lacking adequacy rulings—you may inquire for mechanism summaries once volume merits formal SAR mailbox automation.

7. Automated decision-making with legal/similar effects

None on-platform.

8. Children’s privacy

Site not oriented to minors under thresholds like 13/16 absent guardian orchestration—we delete inadvertent juvenile correspondence upon detection lacking verifiable parental direction.

Never supply child data unsolicited.

9. Sensitive categories

Avoid emailing exhaustive government-ID imagery—if unavoidable, watermark, minimise fields, encrypt using mutual agreement (PGP rollout if volume demands)—ask first.

10. Security

HTTPS in transit reduces casual interception—still verify destination TLS post navigation. Operational staff aim for MFA/backups/registry locks—absolute invulnerability unrealistic—report compromises promptly.

11. Rights requests

Depending on geography you may summon access/deletion/portability/objection/restriction/with authorised-agent pathways—contact support@playrummylane.com; authenticate proportionately (prevent impersonation phishing).

Respond timelines vary by statute—commercially diligent efforts apply.

Appeal escalation where mandated.

12. Automated scanning / phishing cross-over

Readers phished after leaving—direct complaints to pertinent operators—we cannot reverse downstream account takeovers magically.

13. Responsible gaming intersection

Operators may ingest intense personal data validating sources of wealth—consult their DPIA—notwithstanding our lightweight snapshot.

14. Updates

Material changes bump effective dates and potentially highlight notable deltas succinctly atop—continued browsing after conspicuous posting signals acknowledgement unless statutes demand express clickwrap.