FunCards

Privacy Policy

FunCards (Online Hokm) — operated by the FunCards development team

Last updated: May 27, 2026

Our pledge: All information you provide to FunCards is kept secure with us. We will never misuse it, and we will never share it with any third party, except where disclosure is legally required by order of a competent judicial authority.

Contents:
  1. 1. Introduction
  2. 2. Information we collect
  3. 3. Information we do NOT collect
  4. 4. Why we collect this information
  5. 5. Sharing with third parties
  6. 6. In-app purchases
  7. 7. Security and data protection
  8. 8. Data retention and account deletion
  9. 9. Your rights
  10. 10. Minors
  11. 11. Changes to this policy
  12. 12. Contact

1. Introduction

FunCards is an online four-player Hokm card game. Its developer is committed to protecting the privacy of every user. This document transparently explains what information we collect during signup and use of the app, for what purposes, how we protect it, and what rights you have over your own data.

By signing up and entering your mobile number, you confirm that you have read this policy in full and accept it. If you do not agree with any part of this policy, please do not sign up or use the app.

2. Information we collect

Data collected by FunCards falls into three categories: information required for login, optional profile information, and technical data collected automatically during normal use.

2.1 Authentication information (required)

DataDescription
Mobile number Your phone number in international format (e.g. +989121234567), used to send a one-time verification code (OTP) via SMS. This number is your primary account identifier.
SMS OTP A 6-digit code sent to verify ownership of your mobile number. The code is valid for 120 seconds and is deleted after verification.
Display name The name shown to other players in-game. You can change it; no legal name is required.

2.2 Optional profile information

DataDescription
Email Only collected if you choose to upgrade a guest account or use password recovery. Email is never visible to other users.
Password For email-based accounts only. Your password is never stored in plaintext — only an Argon2id hash is retained.
Avatar image An image you optionally upload to be shown on your profile.
Short bio Optional text (up to 200 characters) shown on your public profile.
Language and country Defaults to Persian / Iran; configurable from settings.

2.3 Technical and behavioral data (automatic)

DataDescription
IP address Logged on login to enforce rate limits, detect suspicious activity, and protect your account.
Device info Platform (iOS / Android), app version, and User-Agent string — used for support and bug diagnosis.
Push notification token Your APNs (Apple) or FCM (Google) device token, used to deliver in-app notifications such as turn reminders and game-end alerts. Notifications can be disabled in settings.
Session token A hashed version of your login token, kept to maintain your sign-in state. You can manage active sessions from settings.
Match history Match outcomes, in-room actions, win/loss stats, rating and rank — used for your profile, leaderboards, and dispute review.
Coin transactions History of in-game coin grants and spends (rewards, entry fees, purchases). Note: game coins are an in-app currency only, with no cash value.
In-game chat Chat is restricted to a curated set of pre-defined phrases, stickers, and emojis. FunCards has no free-text chat.

3. Information we do NOT collect

For full transparency, FunCards explicitly does not collect or store any of the following:

  • National ID number
  • Exact date of birth or civil-registry data
  • Postal or residential address
  • Bank, card, or account information
  • Phone contacts, photo gallery, or device files (other than an avatar you choose to upload)
  • Precise location (GPS)
  • Messages, call logs, or data from other apps on your device

4. Why we collect this information

  • Authentication and account security: mobile number and OTP ensure only you can access your account.
  • Service delivery: profile, display name, avatar, rankings, match records.
  • Notifications: turn reminders, end-of-game alerts, important announcements.
  • Anti-abuse: IP/device data for rate limits, multi-account detection, and transaction safety.
  • Technical support: diagnosing bugs and resolving in-game disputes.
  • Legal compliance: responding to lawful requests from competent authorities.

5. Sharing with third parties

Your personal data is not sold, rented, or shared with any advertiser, individual, or organization for commercial purposes. The only limited exceptions are:

  • Kavenegar: to deliver the OTP SMS, only your phone number and the code are sent. Kavenegar is a licensed SMS provider in Iran.
  • App store / payment provider: all payments are handled entirely by the app store you installed FunCards from. We only query the purchase token to validate the transaction. No bank, card, or payment data is ever stored by FunCards.
  • Apple and Google (push services): only the device token (no personal data) is sent to APNs or FCM for notification delivery.
  • Iran-hosted infrastructure: FunCards servers and object storage are hosted inside Iran (ArvanCloud). Data does not leave the country.
  • Legal authorities: we cooperate only to the extent required by lawful orders from a competent judicial authority.

6. In-app purchases

All in-app purchases are processed exclusively through the official payment gateway of the app store you installed FunCards from. When purchasing a coin pack:

  • Your payment details (card number, PIN, CVV2) are received and processed directly by that app store — never by FunCards.
  • FunCards only receives a purchase token, which is validated against that store's server to credit your in-game coin balance.
  • In-game coins are purely an entertainment currency, not redeemable for real money. FunCards does not offer betting or gambling services.

7. Security and data protection

  • All client-server communication is encrypted with HTTPS / TLS.
  • Passwords (for email accounts) are hashed with industry-standard Argon2id and never stored in plaintext.
  • Session tokens are stored as hashes.
  • Database access is restricted to authorized personnel and hosted in Iran-resident cloud infrastructure.
  • Failed-login and request-rate monitoring detects brute-force attempts.
  • While no online system is perfectly secure, we commit to following current best-practice security standards.

8. Data retention and account deletion

  • Account information is retained while your account is active or as required by law.
  • The SMS OTP is deleted upon verification or after its 120-second expiry.
  • You can request account deletion via in-app settings or by emailing support@funcards.ir.
  • After a deletion request, your display name and personal profile fields are anonymized or deleted within at most 30 days.
  • Financial transaction history may be retained in anonymized form for the legally required accounting / tax period, with no link back to your identity.

9. Your rights

At any time you have the right to:

  • Access your account data from inside the app.
  • Edit or remove profile fields (display name, avatar, bio).
  • Request full account deletion.
  • Request an export of your personal data.
  • Disable SMS, email, or push notifications from settings.
  • Contact us with any concerns about how your data is processed.

10. Minors

FunCards is designed for users aged 12 and above. We do not knowingly collect data from children below this age. If we become aware that an account was created by a child below the minimum age, that account will be removed. Parents may contact us to request deletion of a minor's account.

11. Changes to this policy

We may update this policy from time to time. For material changes we will notify you via the app or by email. The "Last updated" date at the top of this page reflects the current revision. Continued use of the app after an update constitutes acceptance of the updated policy.

12. Contact

For any question, deletion request, or privacy concern, please reach out:

We aim to respond to all requests within 7 business days.

Thank you for trusting FunCards. Protecting your privacy is and will remain one of our top priorities.