Privacy Policy

Effective April 28, 2026

Digu Fotha ("the app", "we") is a scoring app for the Maldivian card game Digu Fotha. This policy explains what personal information we collect, how we use it, and the choices you have. The same policy applies to the website at www.digufothaa.com and to the Android app of the same name.

Information we collect

• Account: username, a hashed PIN (we never store the raw PIN), phone number used for one-time-password sign-in, and an optional email address you can add for account recovery.
• Profile: an optional profile photo you upload, and the atoll and island you select when registering. Atoll and island are coarse, user-provided location text — not GPS or device location.
• Gameplay: the games you create or join, the rounds you score, the players in your crowds, and your game history.
• Chat: messages you send in crowd chats, including the time they were sent and the crowd they belong to.
• Diagnostics: when the app encounters an error, we collect a crash report so we can fix bugs. Crash reports do not contain your PIN, your password, or your chat content.
• Cookies: a single session cookie called df_sid keeps you signed in. It is HTTP-only and secure, and it expires 30 days after your last sign-in.

How we use this information

• To create and operate your account.
• To run the game scoring features and show your history.
• To deliver chat messages within your crowds.
• To send you a one-time code by SMS when you sign in, and a recovery email if you ask to reset your account.
• To detect and fix bugs and abuse. Repeated reports against an account may lead to its restriction or removal.

Service providers we use

We rely on the following processors. Each receives only the data needed to provide its service:

• DigitalOcean — application hosting, Postgres database, and object storage (your profile photo).
• Pusher — real-time delivery of chat messages.
• Twilio — SMS one-time-password delivery.
• Resend — recovery email delivery.
• Sentry — error and crash diagnostics.
• Google — administrator sign-in (admin accounts only; not used by regular players).

Data retention and deletion

We keep your data while your account is active. You can ask us to delete your account and the personal data tied to it by emailing [email protected]. We will respond within 30 days. Some chat messages may be retained in archival backups for a short period after deletion.

Reports, blocking, and moderation

You can report a chat message or block another player from inside the app. Reports go to our moderation queue. We may remove content or restrict accounts that violate our community standards. To contact moderation directly, email [email protected].

Children

Digu Fotha is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, please contact us and we will delete it.

Your choices

• You can update your username, phone number, profile photo, atoll, and island from the profile screen.
• You can sign out at any time, which clears the session cookie on your device.
• You can request access to or deletion of your data by emailing [email protected].

Changes to this policy

We may update this policy from time to time. The effective date at the top of this page reflects the latest version. Significant changes will be announced inside the app.

Contact

Questions about this policy or your data? [email protected].