Privacy Policy

Last updated: 7 September 2025

Scope. This Policy applies to the Top Stroke Sports Android application and our informational website. It explains what data we collect, how we use it, who we share it with, where we store it, and your choices.

Regulatory framework. We comply with India’s Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). We are aligning to India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and will update this page as rules and notifications take effect.

Plain-language note. We’ve added extensive detail for transparency. Some features may not apply to you today; where that’s the case, we explain what would happen if they’re introduced later.

1) Definitions

  • Company / Top Stroke / we / us: Top Stroke Sports Media Private Limited.
  • Services: The Top Stroke Android app and our website.
  • User / you: Any person who accesses or uses the Services.
  • Personal Data: Information that can reasonably identify a person (for example, email address, device identifiers). Under SPDI Rules, Sensitive Personal Data (SPDI) includes passwords, financial data, health data, biometric identifiers, etc.
  • Processor / Service Provider: A third party processing data on our behalf per our instructions.
  • Data Fiduciary (DPDP): Equivalent to a data controller—an entity that determines the purpose and means of processing personal data.

Terms used but not defined here have the meanings given in our Terms of Service.

2) What we are (and are not)

Fan engagement only. Top Stroke is an entertainment and fan-engagement platform. We use virtual, in-app items (for example, “Strokes” and “Centurions”) that are non-redeemable, non-transferable, and have no cash value. Features such as Top Picks are for entertainment only and do not provide real-money gaming or cash-out.

We do not offer gambling, betting, or wagering services. Any skill-based activities are for entertainment/engagement and do not involve money stakes.

3) Scope & applicability

  • This Policy applies when you install or use the Android app, visit our website, or interact with us (for example, support emails).
  • It does not apply to third-party websites or services linked from our Services. Their policies govern their practices.

4) Information we collect

We collect information you provide directly, information collected automatically when you use the Services, and information from service providers that integrate with our app (for example, analytics SDKs).

Category Examples Purpose Lawful basis (DPDP) Retention (typical)
Account Information Email address; password (hashed); display name; phone number if provided; profile image if uploaded; attestation that you are 18+ for restricted features. Create/manage account; authentication; user support; service communications. Consent; performance of service requested by you. Life of account + up to 12 months after deletion (limited backups may persist longer—see Section 12).
Usage & Device Data App version; device/OS model; unique app instance ID; crash logs; performance metrics; IP address; coarse location inferred from IP. Operate, secure, and improve Services; fraud/abuse prevention; diagnostics. Certain legitimate uses under the DPDP Act (e.g., fraud/security), and consent where required for analytics. Raw logs typically 90–180 days; aggregated analytics retained longer.
In-App Activity Participation in polls/Top Picks; earned/spent virtual items; anti-abuse events; leaderboard position. Provide core features; award virtual items; ensure fair play; detect abuse. Performance of service; certain legitimate uses for security/anti-abuse under the DPDP Act. Life of account; may be anonymized for statistics.
Communications Emails/support requests; push notification tokens. Respond to queries; send important service notices (for example, security alerts). Performance of service; legal obligation where applicable. As needed to resolve the request; certain records retained for legal/audit obligations.

We do not collect government IDs, financial account numbers, payment card details, biometric data, medical records, or precise GPS location. If we add paid features or new data categories, we will update this Policy before collecting them.

5) Sources of data

  • Directly from you (for example, sign-up, profile edits, messages to support).
  • Automatically via your device/app (for example, logs, diagnostics, performance, IP address).
  • From service providers that integrate with our app (for example, Firebase SDKs).

6) How we use information

  • Operate, maintain, and improve our Services and features.
  • Authenticate users, secure accounts, and prevent spam, fraud, or abuse.
  • Provide leaderboards, Top Picks participation, and virtual item balances.
  • Communicate with you about service updates, security, and support.
  • Generate aggregated/anonymized insights to understand usage patterns.

Where permitted by India’s Digital Personal Data Protection Act, 2023, we may process personal data for certain legitimate uses such as the prevention, detection and investigation of fraud or security incidents, and the establishment or defense of legal claims. We apply appropriate safeguards and minimize such processing.

6A) User-Generated Content & Community Safety

Comments, reactions, usernames, and similar content you submit may be visible to other users. Do not share personal or sensitive information in public areas. We may remove or restrict content that violates our Terms or applicable law and retain related records to detect abuse, ensure safety, and comply with legal obligations.

7) Cookies, SDKs & similar technologies

Website cookies. Our website may use essential and analytics cookies to operate and understand site usage. You can control cookies via your browser. Disabling cookies may affect some features.

In-app SDKs. The Android app does not use browser cookies. It uses mobile SDKs to generate device identifiers for diagnostics/analytics. You can limit analytics in-app (Settings → Privacy) where available or via device settings.

SDK / Cookie What it does Data points Retention / Control
Firebase Analytics Aggregated usage analytics; feature adoption; funnels. App instance ID; events; device info; IP (transient). Aggregated; opt-out via in-app or device settings where available.
Firebase Crashlytics Crash diagnostics and stability reporting. Stack traces; device/OS; app version; crash context. Diagnostic logs 90–180 days typical.
Firebase Performance Network/app performance metrics. Latency; device/OS; app version; performance traces. Aggregated metrics; limited raw retention.
Firebase Cloud Messaging Push notifications delivery. Push token; device info. Token valid while you enable notifications.
MSG91 (OTP) One-time passwords for login/verification when phone login is used. Phone number; message metadata. Operational logs per provider policy.

We currently do not display third-party advertising in the app. If this changes in the future, we will update this Policy and provide appropriate choices, including an opt-out where applicable.

8) Sharing and processors

We do not sell your personal information. We share it only with:

  • Service providers (processors) who help us operate the Services: cloud hosting (for example, AWS), analytics/crash/performance (for example, Firebase), OTP messaging (for example, MSG91), email and push messaging providers, and customer support tools.
  • Affiliates for internal administration, subject to this Policy.
  • Law & safety when required by applicable law or to protect our users, our rights, or the security of the Services.
  • Business transfers in connection with a reorganization, merger, or sale of assets, where permitted by law.

9) International transfers & storage

We primarily host data on cloud infrastructure that includes regions in India (for example, AWS Asia Pacific—Mumbai). Some processing may occur in other jurisdictions where our service providers operate. Where data is processed outside India, we take appropriate measures (contractual and technical) to protect it.

We implement contractual commitments and technical safeguards for cross-border processing and will comply with any Government of India notifications that restrict cross-border transfers.

10) Security

  • Encryption in transit (HTTPS/TLS) and at rest where supported by our providers.
  • Access controls and least-privilege principles; role-based access.
  • Network firewalls and segregation for critical services.
  • Regular reviews of permissions, secrets management, and key rotation.
  • Vulnerability management and patching cadence aligned with severity.
  • Employee confidentiality commitments and security awareness training.

If we become aware of a data incident impacting your information, we will take reasonable steps to notify affected users and relevant authorities, consistent with applicable law.

11) Data accuracy & minimization

We collect only what we need to provide the Services. You are responsible for ensuring your account information remains accurate and up to date.

12) Retention

We retain personal information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods are listed below.

Data category Typical retention Notes
Account information Life of account + up to 12 months after deletion Backups may retain limited residual copies for a bounded period.
Usage & device logs 90–180 days Aggregated analytics may be retained longer without identifiers.
In-app activity records Life of account May be anonymized for statistics and anti-abuse.
Support communications Until resolution + legal/audit requirements Records may be kept to evidence compliance.

When data is no longer needed, we delete or anonymize it. Due to backup/archival systems, residual copies may persist for a limited time before being purged.

13) Your choices & controls

  • Access & correction: Access/update certain account information in the app or by contacting us.
  • Deletion: Request account deletion in the app (Delete Account) or by emailing us. We will delete your personal data subject to legal and legitimate retention needs.
  • Consent withdrawal: Where we rely on consent (for example, analytics), you may withdraw it via in-app settings (where available) or by contacting us.
  • Notifications: Control push notifications in device settings and in-app where available.

14) Your rights (DPDP readiness)

When the DPDP Act is fully effective, users in India will have additional rights, which we plan to support, including:

  • Right to obtain information about processing and a summary of personal data processed.
  • Right to correction, completion, and erasure.
  • Right to grievance redressal and review of certain automated decisions.
  • Right to nominate an alternate contact to exercise rights in certain circumstances.

How to exercise your rights: Use in-app controls (where available) or email contact@topstrokesports.com with the subject “Data Rights Request”. We may request information to verify your identity. We aim to respond within 30 days, subject to permitted extensions. If you disagree with our response, you may escalate to our Grievance Officer (details below) and, when available, use a designated Consent Manager under the DPDP framework.

Consent withdrawal: If you withdraw consent for optional processing (e.g., analytics), some features may function in a limited way.

15) Children & age limits

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from persons under 18. By creating an account, you represent that you are 18+. If we learn that a person under 18 has provided personal information, we will delete it. We do not offer targeted advertising to children or knowingly profile children.

16) Feature availability by location

To comply with applicable laws and platform policies, some features may be enabled or disabled by jurisdiction. We may use IP-based coarse location solely to determine applicable feature availability and to prevent abuse.

17) Data incident response

  • We assess suspected incidents promptly to determine scope and impact.
  • We take containment and remediation actions, and review controls to prevent recurrence.
  • Where required by law, we notify affected users and/or authorities in a reasonable time frame.

18) Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will post the updated Policy here and, where appropriate, provide additional notice (for example, in-app notice or email). The “Last updated” date at the top reflects the most recent changes.

19) Contact & Grievance Redressal

If you have questions about this Policy or our data practices, please contact us:

Email: contact@topstrokesports.com

Grievance Officer: Aditya Kumar Singh
Email: contact@topstrokesports.com
Address: Top Stroke Sports Media Private Limited, [SARSWATI NIWAS RAM GOVIND SINGH PATH ,KANKARBAGH, Lohia Nagar, Sampatchak, Patna- 800020, Bihar, India]

As per the SPDI Rules, the Grievance Officer will acknowledge and resolve grievances within 30 days of receipt.