Privacy Policy
What an editorial guide site at 3pattikhaadi.com actually stores — and what we do not. The Editorial Site Data Boundary, in plain English. Effective 11 May 2026.
Quick Facts
- Data controller
- Pakistan Card-Game Guide (the editorial team) —
3pattikhaadi.com
- What we hold
- Newsletter email (optional, opt-in) · Web analytics (GA4, IP-anonymized) · Reader email correspondence with editorial
- What we do not hold
- CNIC · KYC selfies · Balances · Transaction ledgers · Gameplay logs · Anything operator-side, ever
- Selling data
- We do not sell reader data — period
- Privacy Officer
- [email protected] · 7-business-day response
- Framework cited
- PECA 2016 · GDPR-equivalent voluntary safeguards for cross-border
1. The Editorial Site Data Boundary
This is the single most important section of this Privacy Policy for any reader who has read a Card Khaadi review on this site.
The Editorial Site Data Boundary. Pakistan Card-Game Guide is an independent editorial publication. We do not operate any card-game app. We do not hold any reader's CNIC, KYC selfie, deposit ledger, withdrawal record, or in-app gameplay log. We have no read-access into Card Khaadi, Teen Patti Gold, 3 Patti Blue, Tiger Club, or any other operator's player accounts. The data the operators hold is governed entirely by the operators' own privacy policies — not by ours. If you have a CNIC question or a KYC question or a balance question on Card Khaadi, please write to Card Khaadi's compliance channel; if it is on Teen Patti Gold, please write to that operator's compliance channel; and so on for every app we cover.
The data the editorial guide site holds is small, bounded, and described below.
2. What Pakistan Card-Game Guide Stores
Newsletter email (optional, opt-in). If you sign up to our quarterly newsletter, we store your email address and the date you subscribed. We do not store your name (we do not ask for it), your CNIC, or any other identifier. Unsubscribe is one click, in every newsletter.
Editorial correspondence. If you email us at
[email protected] or any of our other mailboxes, we keep the email and the reply for 14 months — long enough to track a follow-up correspondence, no longer. Then it is deleted.
Web analytics (GA4). Standard Google Analytics 4 in IP-anonymized mode, with a 14-month retention window. We measure page views, time on page, traffic sources, and approximate visitor city — not individual identity. The GA4 cookie is honoured by your browser; "Do Not Track" disables it.
Server logs. The Cloudflare CDN that serves the site keeps standard server logs (request URL, IP, timestamp, response code) for 7 days, used for abuse detection. We do not run any retargeting or third-party advertising trackers — the page weight stays light on a Pakistani 4G connection on purpose.
3. What Pakistan Card-Game Guide Does Not Store
Not stored. CNIC photos. KYC selfies (we do not run KYC, period). Player balances on any reviewed app. Deposit or withdrawal ledgers. Gameplay logs of any kind. Browsing history outside this site. Location below city level. Phone contact list. Microphone audio. Camera video. SMS contents. Family-member identifiers. Health or biometric data. None of this is held by us — none of this is even possible for us to hold, because we are an editorial site, not an Operator.
If you read a review of Card Khaadi on our site and you are worried about what data Card Khaadi (the operator) holds about you, please consult Card Khaadi's own privacy policy. We link to it on the Card Khaadi review page. The same applies to Teen Patti Gold, 3 Patti Blue, and every other operator we cover.
4. Lawful Basis for What We Do Hold
| Data type | Lawful basis |
|---|
| Newsletter email | Reader consent (opt-in form, with double-confirm email) |
| Editorial correspondence | Necessary for delivering the editorial service the reader has initiated |
| GA4 analytics | Legitimate interest in measuring site reach, with browser-side opt-out honoured |
| Server logs | Legitimate interest in abuse prevention, retained 7 days |
None of these categories are held for "future product use" speculatively. If we cannot point to a current operational reason, we delete.
5. Cookies and Web Trackers
The site uses a small set of first-party cookies for session and preference storage, plus the GA4 measurement cookie. That is the full list. We do not use:
- Third-party advertising cookies (no AdSense, no Taboola, no Outbrain).
- Retargeting pixels (no Facebook pixel, no LinkedIn, no Twitter conversion).
- Session-recording tools (no Hotjar, no FullStory).
- Cross-site behavioural trackers of any kind.
The page weight stays light on purpose — a Karachi or Lahore reader on a 4G evening connection should not have to wait for advertising scripts to load before reading a Card Khaadi review.
6. Cross-Border Data Transfer
The newsletter is hosted on a US-based email-marketing provider with EU-grade encryption at rest and TLS in transit. The web side and GA4 transit Cloudflare edges, which for Pakistani readers typically resolve to Karachi or Lahore points-of-presence and onward to Singapore for non-cached content. Email correspondence with our four mailboxes ending in @3pattikhaadi.com is hosted on a US-based email provider.
Pakistan does not yet have a unified data-protection statute equivalent to the EU's GDPR. Until such a statute passes, we voluntarily apply GDPR-equivalent transfer safeguards (Standard Contractual Clauses) for any provider whose servers sit outside Pakistan.
7. Newsletter Specifics
The quarterly editorial newsletter is opt-in only. We confirm a subscription with a double-opt-in email — meaning the email is not added to our list until you click the confirmation link in the first email we send. This stops other people from signing your email address up.
Unsubscribe is in the footer of every newsletter. One click. No "are you sure" loop. The unsubscribe is honoured immediately, the email is removed from our list within 24 hours, and we do not send a "we are sad to see you go" message afterwards.
8. Retention Windows
| Data type | Retention |
|---|
| Newsletter email (active) | Until you unsubscribe |
| Newsletter email (after unsubscribe) | 30 days then deleted (we keep a hash for the same window to prevent accidental re-add) |
| Editorial correspondence | 14 months from the last reply |
| GA4 analytics | 14 months (Google's setting; we cannot extend) |
| Cloudflare server logs | 7 days |
"Deleted" means cryptographically erased — not soft-deleted, not flagged.
9. Reader Rights
Under PECA 2016 consumer-protection rules and our voluntary GDPR-style framework, every reader has these six rights. Honoured free of charge, with one written reply within 7 business days.
- Right to know what we hold. Email [email protected] from the address you registered with the newsletter — we send a structured export within 7 business days.
- Right to correct any inaccurate field. The newsletter list has only an email address — to correct an email, unsubscribe and re-subscribe with the correct one.
- Right to delete — unsubscribe link in every newsletter, or email the Privacy Officer.
- Right to restrict — you may opt out of GA4 by your browser's "Do Not Track" header (we honour it).
- Right to portability — receive your data in a machine-readable format. Same email channel as right 1.
- Right to object — to any processing you find unjustified. Privacy Officer reviews and responds within 7 business days; if denied, the reasons are written.
10. Security Practices
Practical, not theatrical. The site sits behind Cloudflare with TLS 1.3. The newsletter list is held by the email-marketing provider with their published security posture (we do not host the list ourselves). Editorial correspondence sits on the email provider's standard-security tier with two-factor authentication enforced on every editorial mailbox.
We have not had a reader-data breach since launch in 2024 — and we will publish the fact, with the affected count and what we did, within 7 days of any future breach.
11. Updates and Privacy Officer Contact
Material changes to this Privacy Policy (anything that affects what we collect, why, or for how long) are announced 14 days in advance on the blog. Cosmetic edits are made silently and the "Last reviewed" date is updated.
Last reviewed: 11 May 2026 · Page maintainer: Privacy Officer, Pakistan Card-Game Guide · 6-month review cadence · Approx. 2,200 words.
