Privacy Policy
This policy explains what personal data IC7 Game collects, why we collect it, who we share it with, how long we keep it, how we protect it, and what you can ask us to do with it. It is written in plain English rather than legal boilerplate, because a privacy policy nobody can read is not a privacy policy, it is a formality.
It applies to the ic7x.xyz website, the IC7 Game Android application, and our support channels on Telegram. Please read it in full. If anything in it is unclear, ask us and we will explain it properly.
01 Introduction and Scope
IC7 Game ("IC7", "we", "us", "our") operates the website at ic7x.xyz and promotes the IC7 Game skill-gaming application for players in India. We are the party responsible for the personal data we collect through this website and through our support channels, and this policy sets out how we handle it.
We have tried to be specific rather than vague. Where a policy would normally say "we may collect certain information", we have listed the information. Where it would normally say "we may share data with partners", we have named the categories of partner and explained what they do with it. That is a deliberate choice, and it is the standard we intend to be held to.
This policy covers three surfaces. The first is the ic7x.xyz website itself, including the game pages, the download page and the contact page. The second is the IC7 Game Android application, once you have installed it and created an account. The third is our support and community presence on Telegram. Different amounts of data are involved in each: simply reading this website involves very little, while holding a funded account with a withdrawal history necessarily involves a good deal more.
One point deserves emphasis at the outset because it shapes everything that follows. Download links on this website direct you to a third-party partner platform. Once you leave ic7x.xyz through one of those links, the partner's own privacy policy governs what happens to your data, not ours. Section 06 explains this in full, and we would rather you understood it now than discovered it later.
By using this website or the IC7 Game application, you confirm that you are at least 18 years old and that you accept the practices described in this policy. If you do not accept them, please do not use the platform.
02 The Data We Collect
We collect five categories of personal data. Not every category applies to every person: a visitor who browses a few game pages and leaves generates only technical and usage data, while a registered player who deposits and withdraws generates all five.
Account data
When you register for a player account, we collect the mobile number you register with, the one-time password verification result associated with it, the display name you choose, your confirmation that you are 18 or older, and the state of residence you declare. If you proceed to a withdrawal, identity verification adds further data: your legal name, your date of birth, an identity document you upload, and the bank account or UPI identifier the payout will be sent to. We do not ask for your identity documents at registration, only at the point where they actually matter.
Device and technical data
This is collected automatically whenever you interact with the site or the application. It includes your IP address, the approximate geographic region derived from that address, your device model and operating system version, your browser type and version, your screen resolution, your language and time-zone settings, the referring page that brought you to us, and a randomly generated device or session identifier that lets us recognise the same device across a visit. This data is generated by the ordinary operation of the internet and we could not run a functioning service without receiving some of it.
Transaction data
For registered players, this includes the amount, date, time and status of every deposit and every withdrawal request, the payment method used, the last four digits or masked identifier of the UPI ID or bank account involved, your current and historical balance, bonus credits and their playthrough progress, and any manual review flags applied to a payout. We do not store your full card details, your UPI PIN, your bank password or any other payment credential. Those are handled by regulated payment processors and never reach us.
Usage and gameplay data
Which pages of this site you view and for how long, which games you open, the games you play in the application, the stake amounts and round outcomes, the length and frequency of your sessions, the features you use, and the clicks you make on download buttons and outbound links. Session and stake pattern data is not only a product-analytics input, it is also what allows us to notice a player whose behaviour suggests they should be offered the responsible gaming tools described in our responsible gaming policy.
Support communications
When you contact us on Telegram, we hold the content of the conversation, your Telegram username or handle, and any screenshots, transaction references or documents you send us. We keep these so that a later query about the same issue does not require you to explain the whole thing again, and so that we have a record of what was agreed.
03 How We Collect It
Data reaches us in three ways, and it is worth distinguishing between them because your degree of control differs in each case.
Data you give us directly. This is the material you actively type or upload: your mobile number at registration, your chosen display name, your verification documents, the message you send our support team, the state you declare as your residence. You control this data completely, in the sense that you can decline to provide it. The consequence of declining, in most cases, is that the associated feature does not work. We cannot process a withdrawal to an account we have not verified.
Data collected automatically. Your IP address, device details, page views and the outcome of the games you play are recorded as a by-product of using the service. You cannot opt out of the essential parts of this, because they are what makes the service run: a server that does not receive your IP address cannot send you a page. You can, however, control the non-essential parts through your cookie choices and your device settings, and section 05 explains how.
Data from third parties. Our payment processors confirm to us whether a deposit succeeded or failed and return a masked reference for the instrument used. Our game providers report the outcome of rounds played on their software. Our analytics provider returns aggregated figures about how the site is used. Where we receive data from a third party, we receive only what we need, and we do not buy personal data from data brokers or advertising exchanges under any circumstances.
04 Why We Use Your Data and Our Lawful Basis
Under Indian data protection law, personal data must be processed for a lawful purpose and generally with your consent, or where a legally recognised legitimate use applies. The table below sets out each purpose we process data for, the categories involved, and the basis on which we do it. We do not process your data for purposes outside this table.
| Purpose | Data used | Basis |
|---|---|---|
| Creating and running your account | Account data, device data | Performance of our agreement with you, and your consent given at registration |
| Processing deposits and withdrawals | Transaction data, verification data | Performance of our agreement with you, and compliance with financial and anti-fraud obligations |
| Verifying your age and state of residence | Account data, identity documents, IP-derived location | Legal obligation and legitimate use in preventing unlawful access |
| Detecting fraud, collusion and multiple accounts | Device data, transaction data, gameplay data | Legitimate use in protecting the platform and its honest players |
| Providing support | Support communications, account data | Your consent, and performance of our agreement with you |
| Improving the site and the app | Usage data, aggregated analytics | Your consent to analytics cookies, withdrawable at any time |
| Responsible gaming interventions | Session data, stake and deposit patterns | Legitimate use in protecting player welfare |
| Sending promotional messages | Account data, contact handle | Your explicit consent, withdrawable at any time |
| Measuring affiliate referrals | Click data, referral identifier | Your consent to marketing cookies, and our legitimate use in operating the business |
Two of these deserve a word of explanation. Fraud detection is the reason we look at device data alongside transaction data: a single device holding several accounts that stake against each other is a pattern that only becomes visible when the two are read together, and multiple accounts are prohibited under our terms precisely because of what they are usually used for. Responsible gaming is the reason we look at session length and deposit frequency. We would rather notice a player in difficulty and offer them the tools than claim afterwards that we had no way of knowing.
We do not sell your personal data. We do not rent it, trade it, or make it available to advertising networks for profiling. There is no version of this policy under which that changes without you being told, clearly, in advance.
05 Cookies and Similar Technologies
A cookie is a small text file that a website asks your browser to store, so that the site can recognise your browser on a later request. We also use technologies that behave like cookies without technically being cookies: local storage, session storage, and small tracking pixels embedded in pages. Where this section says "cookies", it means all of them.
Cookies are not inherently sinister. Some of them are the only reason a website can remember that you dismissed a banner thirty seconds ago. The distinction that matters is between cookies that are necessary for the site to function and cookies that exist to measure or market to you, and we treat those two groups very differently.
| Category | What it does | Typical duration | Can you refuse it? |
|---|---|---|---|
| Essential | Keeps your session alive, remembers your cookie choices, protects forms against cross-site request forgery, applies basic load balancing and security controls. | Session, up to 12 months for the consent record | No. Without these the site cannot function, and they carry no marketing purpose. |
| Functional | Remembers preferences you have set: language, whether you have dismissed a notice, your position in a game list, and similar conveniences. | Up to 12 months | Yes. Refusing them means the site forgets your preferences between visits. |
| Analytics | Counts page views, measures how far down a page people scroll, records which games are opened and where visitors leave. Reported to us in aggregate, not per person. | Up to 24 months | Yes. Refusing them has no effect on how the site works for you. |
| Marketing | Attributes a download or a registration to the campaign or affiliate link that produced it, and prevents the same promotional message being shown to you repeatedly. | Up to 12 months | Yes. Refusing them has no effect on how the site works for you. |
You can withdraw or change your cookie consent at any time. Every mainstream browser also lets you block or delete cookies wholesale through its settings, and on Android you can reset your advertising identifier or opt out of personalisation entirely from the system privacy menu. If you block essential cookies through your browser, parts of this site will stop working, and that is a limitation of the technology rather than a punishment.
Some browsers send a "Do Not Track" or global privacy control signal. There is no settled standard for how a site should respond to these, so we will not overstate what we do: we treat a global opt-out signal as a refusal of analytics and marketing cookies where our consent tooling is able to read it.
06 Third-Party Services and Affiliate Disclosure
This is the most important section of this policy, and we have deliberately not buried it at the bottom.
IC7 Game operates as an affiliate. The download buttons on this website do not deliver a file from our own servers. They send you to a third-party partner platform, currently reached through the link https://urlr.io/ic7, and that partner operates the application, holds your player account, processes your deposits and withdrawals, and runs the games. If you register and play, we may receive a commission from that partner in respect of your referral. This does not change what you pay, it does not affect the odds or the returns published on the game pages, and it does not entitle us to a share of anything you win or lose.
The consequence for your privacy is direct and you should understand it clearly. Once you follow a download link and leave ic7x.xyz, you are on the partner's platform, and the partner's own privacy policy governs what happens to your data from that point. They decide what they collect, how they use it, how long they keep it and who they share it with. We do not control those decisions, we do not have access to their internal systems, and we cannot answer for practices that are not ours. Read their policy before you register with them. It is a different document from this one and it may say different things.
What we do receive from the partner is limited and, as far as we are aware, does not identify you individually to us: aggregate referral counts, anonymised or pseudonymised conversion data, and commission statements. We do not receive your identity documents, your bank details, your password, or a record of every round you play on their platform.
Besides the affiliate partner, we rely on a small number of service providers to run this website:
- A web hosting and content-delivery provider, which necessarily processes your IP address and request headers in order to serve you pages.
- A font provider, which serves the typefaces this site uses and may receive your IP address as part of that request.
- An analytics provider, which receives usage data if you have consented to analytics cookies.
- A link-shortening and attribution service, which records the click when you use a download button.
- Telegram, which hosts our support and community channels and operates under its own privacy policy entirely independently of us.
Each of these processes data only for the purpose we have engaged it for. None of them is permitted to use your data for its own marketing, and none of them receives data we have not described in this policy.
07 Data Sharing and Disclosure
We share personal data in four situations, and in no others.
With service providers acting on our instructions. Hosting, analytics, payment processing, game supply and attribution, as described in section 06. These providers process data on our behalf, for our purposes, under contract. They are not free to do as they like with it.
With the affiliate partner platform. When you click a download link, the click itself is passed to the partner along with the referral identifier that tells them the visit came from us. Anything you subsequently give them, you give them directly.
Where the law requires it. If we receive a lawful and properly issued order from a court, a regulator, a tax authority or a law-enforcement agency with jurisdiction over us, we will comply with it. We will disclose only what the order actually requires, and where we are legally permitted to tell you that a disclosure has been made, we will.
In a corporate transaction. If the business is sold, merged or restructured, personal data may transfer to the acquiring entity as part of the assets. Any acquirer would be bound by the commitments in this policy in respect of data collected under it, and we would notify you of the change.
Beyond these four, we do not disclose your data. In particular, we do not sell it, we do not share it with data brokers, we do not supply it to advertising networks for profiling, and we do not pass it to other gaming operators.
08 How Long We Keep Your Data
We keep personal data only for as long as there is a reason to keep it. When the reason expires, the data is deleted or irreversibly anonymised. Because the reasons differ by category, so do the periods.
| Data category | Retention period | Why |
|---|---|---|
| Account data | For the life of the account, then up to 12 months | Allows an account to be restored if closure was a mistake, and closes out any pending disputes |
| Verification documents | Up to 5 years after account closure | Financial and anti-fraud record-keeping obligations |
| Transaction records | Up to 8 years | Tax, accounting and audit requirements applicable in India |
| Support conversations | Up to 24 months from the last message | Continuity of support and evidence of what was agreed |
| Website analytics | Up to 24 months, aggregated thereafter | Year-on-year comparison; individual-level data is not needed beyond this |
| Marketing and consent records | Until consent is withdrawn, plus 12 months | Proof that a message was sent with permission |
| Self-exclusion records | Retained for the period of exclusion, and afterwards | A self-exclusion that we deleted on request would be no exclusion at all |
The last row is the one that most often surprises people, so we will state it plainly. If you self-exclude and later ask us to delete all record of it, we will decline. Honouring the deletion would mean forgetting that you had asked to be kept out, which would defeat the entire purpose of asking. The record is kept, and it is used for nothing else.
Where a longer period is required by a law that applies to us, or where data is needed for a live legal claim, we will keep it for as long as that requirement lasts and no longer.
09 How We Protect Your Data
Every connection to this website and to the application is encrypted in transit using TLS 1.2 or higher. Data at rest, including verification documents and transaction records, is stored encrypted. Passwords, where the platform uses them, are stored as salted hashes rather than as recoverable text, which means that even we cannot read them.
Access to personal data internally is granted on a need-to-know basis. A support agent answering a question about a withdrawal can see the status of that withdrawal; they cannot see your uploaded identity document unless the query requires it, and access to verification material is logged. Administrative access requires multi-factor authentication. We keep audit trails of who accessed what, and we review them.
Payment credentials never reach us at all. Deposits are handled by regulated payment processors, and the sensitive parts of a payment instrument, your PIN, your CVV, your banking password, are entered on their systems and not on ours. This is not primarily a convenience; it is a deliberate reduction in the amount of dangerous data we hold, because data you do not hold cannot be stolen from you.
No system is perfectly secure and any company that tells you otherwise is either mistaken or lying. What we can commit to is that if we become aware of a breach that is likely to affect you, we will notify the relevant Indian authority as required and we will tell you directly, promptly, and in terms that make clear what happened and what you should do about it. We will not minimise it and we will not wait to see whether anybody notices.
You also have a part in this, and it matters more than people assume. Use a strong and unique passcode. Do not share your account. Never respond to anybody who asks you for an OTP, and remember that we will never ask you for one. Only ever download the application from a link on this site or from our official Telegram channel, because repackaged gaming applications distributed through third-party mirrors are a genuinely common vector for credential theft.
10 Your Rights and How to Exercise Them
Indian data protection law gives you meaningful rights over the personal data we hold about you. These are not favours we grant, and you do not need to justify asking.
- Access. You may ask us for a summary of the personal data we hold about you, the purposes we are processing it for, and the categories of party we have shared it with.
- Correction. If data we hold about you is inaccurate, incomplete or out of date, you may ask us to correct or complete it. We would rather hold the right information than the wrong information.
- Deletion or erasure. You may ask us to delete personal data we no longer have a lawful reason to keep. Where a retention obligation described in section 08 applies, we will explain which one and how long it runs, rather than simply refusing.
- Objection and restriction. You may object to processing that relies on our legitimate use, and ask us to restrict processing while an objection or an accuracy dispute is being resolved.
- Withdrawal of consent. Where processing rests on your consent, including analytics, marketing cookies and promotional messages, you may withdraw that consent at any time. It is as easy to withdraw as it was to give, and doing so does not make earlier processing unlawful.
- Grievance redressal. You may raise a complaint with us and receive a substantive answer. If you are not satisfied with our response, you may escalate the matter to the appropriate authority in India.
- Nomination. Indian law allows you to nominate another individual to exercise your rights on your behalf in the event of death or incapacity. If you wish to do so, contact us and we will explain the process.
How to exercise them. Message our support team on Telegram at t.me/ravihere0 and tell us which right you are exercising and what you want us to do. We will verify that the request genuinely comes from the account holder, because a data access request is exactly what an impersonator would send, and that verification protects you rather than us. We aim to respond substantively within thirty days. If a request is unusually complex and we need longer, we will tell you why and give you a date.
We will not charge you for exercising a right, we will not retaliate against an account that exercises one, and we will not attempt to talk you out of it. If we have to refuse a request, we will tell you exactly which retention obligation or legal requirement compels the refusal.
11 Age Restriction and Data About Minors
IC7 Game is strictly for adults aged 18 and over. This website and the application are not directed at children, we do not market to children, and we do not knowingly collect personal data from anybody under 18. Age is confirmed at registration, and it is confirmed again at the point of identity verification, when a date of birth on an official document either supports the declaration or contradicts it.
Indian data protection law treats the personal data of children with particular care and restricts processing that is likely to have a detrimental effect on a child's wellbeing, as well as tracking and targeted advertising directed at children. We take the simplest possible route to compliance with that: we do not accept minors at all.
If we discover that we hold personal data belonging to a person under 18, we act immediately. The account is suspended so that no further data is generated. The account is then closed. All personal data associated with it is deleted, except for the minimum record required to prevent the same person re-registering and to satisfy any legal obligation that applies to the underlying transactions. Any balance is returned to the original source of the deposit, not paid out as winnings, because a minor cannot lawfully hold a player account and therefore cannot lawfully profit from one.
If you are a parent or guardian and you believe a child in your care has registered an account or provided us with personal data, contact us on Telegram immediately. We will act on it as a priority, we will not require you to prove anything unreasonable, and we will not argue with you.
12 State Restrictions and Location Data
Online skill gaming is regulated at state level in India as well as nationally, and several states have their own rules. IC7 Game is not available to residents of the following states:
| Restricted state | Status |
|---|---|
| Andhra Pradesh | Registration and play not permitted |
| Assam | Registration and play not permitted |
| Odisha | Registration and play not permitted |
| Telangana | Registration and play not permitted |
| Nagaland | Registration and play not permitted |
| Sikkim | Registration and play not permitted |
Enforcing this requires us to form a view about where you are, which means processing location-related data. We do so in the least intrusive way we reasonably can. We derive an approximate region from your IP address, which is coarse and tells us a state rather than a street. We record the state of residence you declare at registration. Where identity verification takes place, the address on the document is checked against that declaration.
We do not collect precise GPS location from the website. We do not need it, we do not ask for it, and we do not want to hold it. The location data we process is used for one purpose, which is determining eligibility, and for the related purpose of detecting attempts to evade the restriction. It is not used to build a profile of your movements and it is not shared for advertising.
Using a VPN, a proxy, a false address or somebody else's details to circumvent a state restriction is a breach of our terms. It will result in the account being closed and the balance forfeited, and no exception is available from support. We mention it here rather than only in the terms because people are far more likely to read a privacy policy than a contract, and this is worth knowing before you spend money.
13 International Data Transfers
IC7 Game serves players in India, and we prefer to keep data processing within India where we practically can. Some of it necessarily happens elsewhere, and we would rather say so than leave the impression that everything stays inside the country.
Content-delivery networks cache pages and images on servers around the world so that a page loads quickly wherever you open it. Analytics and font providers may process requests outside India. Game software may be supplied by studios with infrastructure in Europe or elsewhere. Telegram, which hosts our support channels, operates its own global infrastructure that is entirely outside our control.
Where personal data is transferred outside India, we take reasonable steps to ensure it remains protected: we contract with providers who commit to appropriate security and confidentiality standards, we transfer only the minimum needed for the specific purpose, and we do not transfer data to any country to which such transfers are restricted by the Government of India. Indian law permits cross-border transfer to countries not specifically restricted, and we operate within that framework.
If you would like to know where a particular category of your data is processed, ask us on Telegram and we will tell you what we know.
14 Indian Regulatory Framework
This policy is written against the framework of Indian law, and it is worth explaining, in general terms, what that framework consists of. What follows is a description, not legal advice, and it does not create any guarantee or warranty. If you need to know how the law applies to your own circumstances, speak to a qualified Indian lawyer.
The Digital Personal Data Protection Act, 2023
The DPDP Act is India's principal statute governing the processing of digital personal data. In broad terms, it establishes that personal data may be processed only for a lawful purpose, and generally only with the clear and informed consent of the person it relates to, or where a legitimate use recognised by the Act applies. It requires that the notice given to a person be plain, specific and understandable, that consent be as easy to withdraw as it was to give, and that only the data actually necessary for the stated purpose be collected.
It places duties on the organisation processing the data: to keep it accurate, to secure it with reasonable safeguards, to erase it when the purpose is served or consent is withdrawn unless a legal obligation requires otherwise, and to notify both the regulator and affected individuals in the event of a personal data breach. It gives individuals rights of access, correction, erasure, grievance redressal and nomination, and it requires organisations to provide a means of exercising them. It contains specific protections for the data of children, restricting tracking and targeted advertising directed at them.
Our practices are built to align with these principles, and the earlier sections of this policy are the concrete expression of them: section 04 sets out our purposes and bases, section 08 sets out our retention limits, section 09 sets out our safeguards, and section 10 sets out your rights and the route to exercising them.
The Information Technology Act, 2000
The IT Act is the older statute that provides the legal foundation for electronic records, electronic contracts and cyber offences in India, and it continues to apply alongside the DPDP Act. Its associated rules impose obligations on organisations handling sensitive personal data, including the maintenance of reasonable security practices and procedures, and it provides for liability where a failure to do so causes wrongful loss. It also underpins the intermediary rules that govern how online platforms operate in India, and it gives government authorities defined powers in relation to electronic information.
Between them, these two statutes are why this policy is structured as it is: why we tell you what we collect and why, why we ask for consent rather than assume it, why we hold security measures we can describe, and why you can require us to correct or delete what we hold. We have described them in general terms deliberately. We are not going to cite specific section numbers at you as though that were the same thing as compliance, and we are not going to make legal guarantees about how a court would interpret them.
15 Changes to This Policy
We will update this policy when our practices change, when we add or replace a service provider, or when the law changes. The date at the top of this page always reflects the most recent revision, and it is the fastest way to check whether anything has moved.
For minor changes, such as clarifying wording or correcting a broken link, we will simply publish the revised policy and update the date. For material changes, meaning changes to what we collect, what we use it for, who we share it with, or how long we keep it, we will do more: we will publish a notice on the site, we will announce it on our Telegram channel, and where the change requires your consent we will ask for it rather than assume it from your silence.
We will not make a material change retroactive. Data collected under an earlier version of this policy will continue to be handled according to the commitments in force when it was collected, unless you agree otherwise. If you are not comfortable with a change, you are free to stop using the platform and to ask us to close your account and delete your data, subject only to the retention obligations set out in section 08.
16 How to Contact Us
Support runs on Telegram, because that is where Indian players already are and because a real person replying in a few minutes is worth more than a ticket number and a promise of 48 hours. There is no phone tree and no automated first response.
- Privacy questions, data requests and complaints: t.me/ravihere0
- Community channel: t.me/yn_games
- Website: ic7x.xyz · see also our contact page
When you write to us about your data, tell us what you want and we will get to the point without a script. If you are exercising a right under section 10, say so, and be ready to confirm that the request is genuinely yours. If you are unhappy with how we have handled something, say that too, and escalate it if our answer does not satisfy you. You retain the right to take a complaint to the appropriate authority in India, and nothing in this policy limits that.