Privacy Policy

PartyPot is operated by Advisory Apps Sdn Bhd, a private limited company based in Kuala Lumpur, Malaysia and founded in 2012. In this Policy, "we", "us", and "our" mean Advisory Apps Sdn Bhd.

PartyPot is a free digital banker and virtual ledger for in-person game nights. It helps friends track scores, virtual chips, and who owes whom — without any real money moving through the app. PartyPot is not a gambling platform, a payment service, or a financial institution.

For any privacy-related question or request you can contact us at hello@partypotapp.com.

This Privacy Policy applies to:

• the PartyPot website at partypotapp.com; and
• the PartyPot mobile application for iOS and Android.

It does not apply to third-party websites, apps, or services that we link to. When we link to a third party (for example an App Store listing), that party's own privacy policy governs their processing of your data.

Account data

When you create an account we collect your email address, display name, and — if you use email sign-in — a securely hashed password. If you sign in with Apple, Google, or Facebook, we receive a provider-issued identifier and (depending on your provider settings) your email and display name. We never receive your provider password.

Game session data

When you create or join a room, we store the game name, player names, balances, transactions, and timestamps you enter. This data is synced to Google Firebase Firestore so you can access your sessions across devices and recover them if you reinstall the app.

Device & technical data

We collect device model, operating system version, PartyPot app version, IP address, and crash diagnostics via Google Firebase Crashlytics. This data helps us investigate bugs and prevent abuse.

Advertising identifiers

With your permission, we collect advertising identifiers (IDFA on iOS, AAID on Android) to serve and measure ads via Google AdMob and Meta Audience Network. On iOS, you are asked to approve or deny tracking via Apple's App Tracking Transparency prompt; if you deny, advertising identifiers are not collected.

Push notification tokens

If you enable notifications, we collect a Firebase Cloud Messaging (FCM) token so we can deliver push notifications. You can disable notifications at any time in your device settings.

Purchase records

If you buy a paid feature or subscription, we receive a transaction identifier from the Apple App Store or Google Play. We do not see your payment card number — the store handles payment.

Camera access

PartyPot can scan a QR code to let you join a room quickly. Camera access is requested only when you tap the "Scan QR" button. No image or video is stored or transmitted — the scanned content is a short join code processed on-device.

Website visitors

On partypotapp.com we use Google Analytics 4, the Meta Pixel, and Google Ads conversion tracking to measure traffic and advertising. If you submit the contact form, we receive your message, email, and any other details you provide. If you sign up for our newsletter, we collect your email address to send you updates.

We use your data to:

• create and operate your account and sync your sessions across devices;
• diagnose crashes and improve the product;
• prevent fraud, abuse, and violations of our Terms of Use;
• deliver transactional messages (account emails, purchase receipts) and, where you've opted in, newsletters and product updates;
• serve and measure ads (only where advertising identifiers are available — see §3);
• comply with legal obligations and respond to lawful requests;
• enforce our Terms of Use and defend legal claims.

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases for processing your personal data:

• Contract — to create your account, sync your sessions, and provide the paid features you purchase.
• Legitimate interests — to keep the service secure, prevent abuse, measure aggregate analytics, and defend legal claims, where these interests are not overridden by your rights.
• Consent — for marketing emails, non-essential cookies, and advertising-identifier tracking. You can withdraw consent at any time.
• Legal obligation — to respond to lawful requests from authorities and comply with tax, accounting, or regulatory requirements.

We share personal data with a small number of vendors who process it on our behalf under written agreements. These vendors are not permitted to use your data for their own purposes.

• Google LLC (USA) — Firebase Auth, Firebase Firestore, Firebase Analytics, Firebase Crashlytics, Firebase Cloud Messaging, Google AdMob, Google Analytics 4, Google Ads, and Google Sign-In. See Google's privacy policy.
• Apple Inc. (USA) — Sign in with Apple and App Store in-app purchases. See Apple's privacy policy.
• Meta Platforms, Inc. (USA) — Facebook Login, Meta Pixel, and Meta Audience Network. See Meta's privacy policy.
• Email service provider — newsletter emails are stored securely and may be processed by an email service provider such as Mailchimp. When we migrate to a specific provider we will update this policy.

We may also disclose data where required by law, court order, or to protect the rights, property, or safety of Advisory Apps, our users, or others.

We are based in Malaysia and several of our processors store and process data in the United States and other countries. When personal data from the EEA, UK, or other regions with data-export rules is transferred outside those regions, we rely on the Standard Contractual Clauses published by the European Commission (and the UK International Data Transfer Addendum where applicable), together with the additional safeguards provided by our vendors.

• Active accounts — we keep your account data for as long as your account is active.
• Deleted accounts — we purge primary records within 30 days of deletion. Backups are cycled out within a further 60 days, for a maximum total of 90 days.
• Analytics data — aggregated and anonymised after 14 months.
• Crash logs — retained for 90 days.
• Transaction records for purchases — retained as long as required by applicable tax and accounting law.

Rights available to everyone

Regardless of where you live, you can:

• access the personal data we hold about you;
• correct inaccurate data;
• delete your account and associated data;
• export a copy of your data (portability);
• withdraw consent you previously gave.

GDPR & UK GDPR (EEA / UK residents)

In addition, you have the right to:

• object to processing based on our legitimate interests;
• restrict processing in certain circumstances;
• lodge a complaint with your local data-protection authority.

CCPA / CPRA (California residents)

California residents have the right to:

• know what personal information we collect and how we use it;
• request deletion or correction of your personal information;
• opt out of the "sharing" of personal information for cross-context behavioural advertising;
• be free from discrimination for exercising these rights;
• designate an authorised agent to submit requests on your behalf.

See the Cookies & tracking technologies section for opt-out instructions for advertising partners.

PDPA (Malaysia)

Under Malaysia's Personal Data Protection Act 2010 you have rights of access and correction, and you can withdraw your consent to our processing at any time.

How to exercise your rights

Email us at hello@partypotapp.com from the email address associated with your PartyPot account. We will respond within the timeframes required by applicable law (generally 30 days under GDPR and 45 days under CCPA).

On the website, we use cookies and similar technologies for:

• Analytics — Google Analytics 4.
• Advertising & conversion measurement — Meta Pixel, Google Ads conversion pixel.

In the app, Google AdMob and Meta Audience Network SDKs use advertising identifiers (IDFA on iOS, AAID on Android) subject to your permissions. On iOS, the App Tracking Transparency prompt governs whether these SDKs can access the IDFA; denying the prompt prevents identifier-based tracking.

We are implementing a consent-management platform to give users in regions that require prior consent (such as the EEA and UK) granular control over cookies and tracking. In the meantime you can opt out via your browser's cookie settings, your device's advertising controls (Settings → Privacy → Tracking on iOS; Settings → Google → Ads on Android), Google's Ads Settings, and Meta's Ads Preferences.

PartyPot is not directed to anyone under 17, and we do not knowingly collect personal data from anyone under 17. If you are a parent or guardian and you believe your child has provided us with personal data, contact us at hello@partypotapp.com and we will delete it.

We use reasonable technical and organisational safeguards to protect your data, including TLS encryption in transit and encryption at rest via Firebase. We restrict internal access to personal data to staff who need it for their role.

No system is 100% secure. If we ever become aware of a security incident that materially affects your data, we will notify you in line with applicable law.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page will reflect the most recent revision. For material changes we will provide additional notice (for example, an in-app notice or an email to account holders).

Privacy & general inquiries: hello@partypotapp.com

Mailing: Advisory Apps Sdn Bhd, Kuala Lumpur, Malaysia.

EU/UK representative: We are in the process of appointing an EU/UK representative under GDPR Article 27 and the UK GDPR. In the meantime, EU and UK users may contact us directly at hello@partypotapp.com.

California "Do Not Sell or Share My Personal Information": to opt out of cross-context behavioural advertising, adjust your device-level advertising controls and the Google Ads Settings / Meta Ads Preferences links in the Cookies section above, or email us and we will process your request.