Yalla Club & Play Games
Privacy Policy
1. Who we are
Yalla Club & Play Games is a social board-and-card games platform published by Majlis Games. The Majlis Games team is the data controller for personal data processed through the app.
Contact for privacy enquiries: support@majlisgame.com (see Support & Contact for the full contact matrix).
2. What data we collect and why
| Category | Examples | Why we collect it | Source |
|---|---|---|---|
| Account identity | Firebase Auth UID, email address, display name, optional profile photo | Sign you in; show your name and avatar to other players | You (sign-up) |
| Communications content | DM messages, room chat, friend requests, reports | Deliver messages; allow you to report abuse | You (composing) |
| Voice usage metadata | Total voice-minutes per month (aggregated), per-session join/leave timestamps | Bill our voice provider; detect outages; rate-limit abuse | App + voice provider |
| Game activity | Games played, scores, wins/losses, leaderboard rank, achievements, daily-task progress | Power matchmaking, leaderboards, achievements, season rewards | App |
| Purchases | App Store / Play Billing receipt ID, product ID, transaction time, amount granted | Validate purchase; grant goods; support refunds | Apple / Google + your purchase |
| Cosmetic inventory | Avatar frames, dice skins, room themes, numeric IDs owned and equipped | Render your profile and rooms with your equipped cosmetics | App + IAP grants |
| Push token | FCM token (iOS / Android) | Deliver push notifications you've enabled | App + Apple / Google |
| Device-level diagnostics | Crash logs (Firebase Crashlytics), error reports, App Check token shape | Diagnose bugs; reject fraudulent purchase attempts | App |
| Moderation records | Reports you file, reports filed against you, mute/kick/ban actions | Moderate the community; produce audit trail for appeals | App users + moderators |
We do not collect:
- Contacts / phonebook
- Precise GPS location
- IDFA / Android Advertising ID (we do not run ads today; our iOS build does not include the ATT prompt because no SDK we ship collects an IDFA — see tracking disclosure)
- Health, financial-account, biometric, racial/ethnic, religious, political, sexual-orientation, or genetic data
3. Voice chat
- Your voice is not recorded. Voice conversations stream live through our voice provider (Agora / LiveKit, depending on the product surface) and are never saved on our servers. We have no recording, no transcript, no audio log. The only way a voice conversation could leave the moment it happened is if another user records their own device — something we can't prevent with any app.
- Mic permission is requested only when you first tap into a voice room. You can revoke it later in your phone's Settings.
- Background behaviour. When you minimise the app or receive a phone call, your microphone is automatically muted and your seat shows as inactive. Your mic restores to its previous state when you return.
4. Text chat and direct messages
- Room chat messages are visible to everyone in that room. Older messages are automatically deleted after 30 days. Pinned messages (set by a room host) are kept for as long as the room exists.
- Direct messages (DMs) are private to the two participants. Our server rules enforce this — no other user can read your DM thread. DMs older than 90 days are automatically deleted.
- Blocking a user stops new DMs immediately but does not delete past messages.
5. Friends, block list, reports, moderation
- Friendships are kept as long as you stay friends; visible only to you and your friend.
- Declined / rejected friend requests older than 30 days are automatically deleted.
- Block list is visible only to you; the person you blocked is not notified. Blocking automatically removes any existing friendship in both directions.
- Reports are rate-limited to 5 per 24 hours per user. Reports are kept for 180 days for moderation review, after which they are deleted regardless of outcome.
- Moderation actions: room hosts and moderators can mute, kick, or ban participants. A kicked user cannot rejoin the same room for 1 hour, and (since v1.5) cannot rejoin any room hosted or moderated by the same user for 1 hour (cross-room cooldown).
- An account accumulating 10 or more non-dismissed reports may be temporarily suspended pending manual review.
6. Purchases (In-App Purchases and Subscriptions)
- All purchases are processed by Apple App Store (iOS) or Google Play Billing (Android). We never see your credit-card number — only the receipt that confirms your purchase succeeded.
- We grant goods (coins, diamonds, cosmetics, premium IDs, VIP benefits) after validating the receipt on our servers (Apple's StoreKit 2 JWS validator or Google's Play Developer API).
- Subscriptions (currently VIP Knight Monthly and VIP Baron Monthly) renew automatically until cancelled. You can manage subscriptions in your device's Settings → Apple ID → Subscriptions (iOS) or Google Play → Subscriptions (Android).
- Refunds are issued by Apple or Google and reflected in our records via the platform's server-side notifications.
7. Push notifications
- Push notifications are sent only when you opt in. You can disable them at any time in the app's Settings or in your phone's Settings.
- Categories: friend requests, direct messages, battle invites, tournament announcements, VIP renewal reminders. Each category is individually toggleable in app settings.
8. Children
This app is rated 12+ (Apple) / Teen (IARC). It is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have collected data from a child under 13 without verified parental consent, we will delete that data.
9. Data sharing
We do not sell your personal data. We share it with:
| Third party | Purpose | Data shared |
|---|---|---|
| Apple (App Store, StoreKit, APNs) | Purchase processing; push delivery | Receipt; APNs token |
| Google (Play Billing, Firebase, FCM) | Purchase processing; backend; push delivery; analytics minimum | UID, receipt, FCM token, crash logs |
| Agora.io | Voice chat transport (room voice) | Ephemeral session token + voice stream (not stored) |
| LiveKit | Voice chat transport (in-game voice for some games) | Ephemeral session token + voice stream (not stored) |
| Nakama (self-hosted on Majlis Games infra) | Game-state server; identity store | UID, display name, game state |
We do not integrate any advertising SDK in the current production build. If we add AdMob in a future release, this policy will be updated and an in-app consent flow will be added for EU users before the SDK is initialised.
10. Where data is stored
Account, message, and game data live in Firebase / Google Cloud data centres (region: us-central1). Voice streams are transported through the voice provider's regional edge servers. Some data may be processed temporarily in other regions for backup or technical support.
If you are in the EU / UK, you have the rights described in section 11. We rely on Google's Standard Contractual Clauses for any data transferred outside the EEA.
11. Your rights
Depending on where you live, you have some or all of the following rights:
- Access: see what data we hold about you.
- Correction: ask us to correct inaccurate data.
- Deletion: ask us to delete your account and personal data (see Delete your account and Data deletion request).
- Portability: ask us to send you a machine-readable copy of the data you've contributed.
- Object / withdraw consent: opt out of optional processing (push notifications, optional analytics).
To exercise any of these rights, contact support@majlisgame.com or use the in-app Settings → Delete account flow. We respond within 30 days.
12. What we never do
- We never record or transcribe voice chat.
- We never read your DMs except in response to a verified report (a moderator may review the reported message and the few messages around it).
- We never share your friend list or block list with other users.
- We never sell any of this data.
13. Security
- Authentication via Firebase Auth (Apple Sign-In, Google Sign-In, email/password).
- Server-side authorisation on every privileged action (admin shell, wallet adjustments, voice token mint).
- iOS Admin Privacy Shield: when the in-app admin console is open, screenshots and the iOS app-switcher preview are blanked.
- Android FLAG_SECURE: same on Android.
- Receipt validation server-side for every purchase (no client trust); StoreKit 2 JWS verification with both production and sandbox issuers.
- App Check is partially deployed; some endpoints still accept unattested calls while an iOS App Check token-decode issue is investigated. This is documented as an active security gap. No purchase grants without server-side receipt validation regardless.
14. Changes to this policy
We will update this page when material changes happen (new data collection, new third party, new feature). The "Last updated" date at the top reflects the most recent change. Continued use of the app after a change means you accept the updated policy.
15. Contact
- Email: support@majlisgame.com
- In-app: Settings → Support
- Postal mail: see Support & Contact for the operator address.