Privacy Policy

This Privacy Policy explains how Kraisoft Limited ("Kraisoft", "we", "us", or "our") collects, uses, stores, shares, and protects personal information when you use TheSolitaire.com, TheMahjong.com, and any related websites, accounts, games, community features, communications, and services (together, the "Services").

We aim to collect and use only the personal information reasonably necessary to operate, secure, support, and improve the Services, provide account and gameplay features, comply with law, and support analytics or advertising where permitted.

Please read this Privacy Policy carefully. By using the Services, you acknowledge this Privacy Policy and our Terms of Use.

Who we are

Scope of this Privacy Policy

This Privacy Policy applies to personal information we collect when you:

• create, access, or use an account;
• play games or use related site features;
• edit a public or private profile;
• contact us for support;
• communicate with us by email or through the Services;
• use community or social features;
• interact with cookies, analytics, security tools, or similar technologies on our Services.

This Privacy Policy does not apply to third-party websites, apps, advertising networks, payment pages, or services that we do not control.

In this Privacy Policy, "personal information" or "personal data" means information that identifies you, or that can reasonably be linked to you, including account identifiers, online identifiers, profile information, gameplay records, technical data, cookies, device information, and security records.

Unified accounts across our sites

We may operate a shared or linked account system across TheSolitaire.com and TheMahjong.com.

This means that when you create or use an account on one site, we may create, link, or synchronise a corresponding account on the other site using core account identifiers such as your username, email address, account ID, or similar login credentials.

Your profile is shared across all sites that use the same account. This may include your display profile, biography, and similar optional profile information. Changes you make to your profile may apply across those sites, unless a site clearly states that a particular setting is managed separately.

Personal information we collect

Depending on how you use the Services, we may collect the following categories of personal information.

How we collect personal information

We collect personal information:

• directly from you;
• automatically when you use the Services;
• from cookies and similar technologies;
• from service providers that support hosting, security, analytics, moderation, or communications;
• from linked or affiliated service features if accounts or game records are connected across our sites.

How we use personal information

We may use personal information to:

• create and manage accounts;
• authenticate users and keep accounts secure;
• provide gameplay, profile, and community features;
• save settings, scores, and preferences;
• operate, maintain, debug, and improve the Services;
• detect, prevent, investigate, and respond to fraud, abuse, spam, cheating, or security incidents;
• moderate content and enforce our Terms of Use;
• respond to support requests and other communications;
• comply with legal obligations;
• establish, exercise, or defend legal claims;
• where permitted, understand usage trends and measure the effectiveness of content, features, or advertising.

If we send promotional or marketing emails, we will do so in accordance with applicable law and will provide any required unsubscribe mechanism. You may opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us. Service-related communications, such as account notices, security messages, password reset emails, legal notices, and important service updates, are not marketing communications.

Legal bases for EEA and UK users

If the GDPR or UK GDPR applies to our processing, we rely on one or more of the following legal bases:

• Contract: where processing is necessary to provide the Services you requested.
• Legitimate interests: including operating, securing, moderating, improving, and defending the Services.
• Consent: where required, including for certain cookies and similar technologies.
• Legal obligation: where we must comply with law, regulation, court order, or lawful request.

We generally rely on contract to create and operate your account, authenticate you, provide gameplay features, save scores or settings, and provide account-linked services.

We generally rely on legitimate interests to secure the Services, prevent fraud, detect abuse or cheating, moderate content, respond to support requests, improve the Services, and protect our rights and the rights of users.

We rely on consent where required, including for certain cookies, advertising technologies, or optional marketing communications.

We rely on legal obligation where we need to comply with applicable law, court orders, lawful requests, tax, regulatory, or record-keeping obligations.

Cookies and similar technologies

We use cookies and similar technologies for purposes such as:

• keeping you signed in;
• remembering language or account preferences;
• securing sessions;
• measuring usage and performance;
• debugging and preventing abuse;
• where enabled, supporting advertising, content measurement, or related analytics.

If you are in the EEA or UK, we will seek consent for non-essential cookies and similar technologies before using them.

You can also manage cookies through your browser settings, although blocking some cookies may affect how the Services function.

We may use third-party analytics, advertising, security, and content measurement providers. These providers may collect or receive information such as IP address, device identifiers, browser type, pages viewed, gameplay or site interactions, cookie identifiers, and interactions with advertisements.

Some cookies or similar technologies are necessary for login, security, preferences, and account features. If you block them, some parts of the Services may not work correctly.

Where required by law, we will provide consent tools, opt-out tools, or other privacy choices for non-essential cookies, advertising, analytics, or similar technologies.

Public profiles and user content

Some information may be visible to other users or to the public if you choose to make it available through profile or community features. This may include, for example:

• username or display name;
• avatar;
• biography;
• country flag or region;
• gameplay statistics, rankings, or achievements;
• posts, comments, or other content you choose to publish.

You should not post information in public areas that you do not want others to see, copy, or use.

Sharing of personal information

We may share personal information with:

• hosting and infrastructure providers;
• cloud storage providers;
• security, fraud-prevention, and moderation vendors;
• analytics and diagnostics providers;
• customer support and communication providers;
• professional advisers, auditors, insurers, and legal counsel;
• regulators, courts, law enforcement, or public authorities where required or reasonably necessary;
• affiliated entities involved in operating linked site features;
• our EU Representative, where necessary for regulatory or data protection matters.

We do not disclose personal information to third parties except as described in this Privacy Policy, with your consent, or as required or permitted by law.

Where we use service providers that process personal information for us, we take reasonable steps to require them to use personal information only for authorised purposes and to protect it with appropriate privacy and security safeguards.

We do not intentionally request sensitive personal information, such as information about health, race or ethnicity, religious beliefs, political opinions, sexual orientation, or similar information. Please do not include sensitive personal information in your profile, biography, support messages, or other communications unless necessary. If you voluntarily provide sensitive personal information, we may process it only as permitted by applicable law, including to respond to your request, moderate content, protect users, comply with legal obligations, or enforce our Terms of Use.

International storage and transfers

Kraisoft Limited is based in New Zealand, but some or all of the Services may be hosted, stored, processed, or supported in the United States or other countries.
As a result, your personal information may be transferred to, stored in, or processed in jurisdictions that have privacy laws different from those in your own country.

Where required by applicable law, we take reasonable steps designed to ensure that personal information transferred outside New Zealand or outside your jurisdiction remains appropriately protected. These steps may include contractual safeguards, vendor due diligence, access controls, and other recognised transfer mechanisms.

If GDPR or UK GDPR applies and personal data is transferred outside the EEA or UK, we will use a lawful transfer mechanism as required by applicable law, such as Standard Contractual Clauses or another recognised safeguard where applicable.

Where New Zealand Information Privacy Principle 12 applies, we will take reasonable steps to satisfy ourselves that overseas recipients are subject to privacy safeguards comparable to the Privacy Act 2020, or that another permitted basis for overseas disclosure applies.

Data retention

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

• maintaining active accounts;
• operating gameplay and profile features;
• responding to support requests;
• ensuring service security and integrity;
• preventing abuse and fraud;
• complying with legal, tax, regulatory, and record-keeping obligations;
• resolving disputes and enforcing our agreements.

Retention periods vary by data type and purpose. When information is no longer required, we will delete, anonymise, or de-identify it unless we are legally required or permitted to retain it.

Security and anti-abuse records, such as recent login IP addresses, device or browser information, session records, and similar records used to protect the integrity of the Services, are generally retained for up to 90 days, unless a longer period is reasonably necessary for security, fraud prevention, abuse investigation, legal compliance, dispute resolution, backup integrity, or protection of the Services.

If you request account deletion through a deletion tool we provide, deletion may be delayed for a short period, such as 10 days, so that you can cancel the request if it was made by mistake or without authorisation.

Children's privacy

The Services are general-audience services and are not directed to children under 13. Children under 13 must not create an account or provide personal information through the Services.

If you are in a jurisdiction where a higher age applies to the processing of personal information without parent or guardian consent, you must not provide personal information through the Services unless the required consent has been obtained.

If we become aware that an account has been created by a child under 13, or that we have collected personal information from a child under 13 in a way that requires parental consent or otherwise does not comply with applicable law, we may take appropriate steps, including suspending or deleting the account, restricting access to the Services, and deleting the relevant personal information where required.

If you are in a jurisdiction where a higher age applies to the processing of personal information without parent or guardian consent, you must not provide personal information through the Services unless the required consent has been obtained.

If you are a parent or guardian and believe that a child has created an account or provided us with personal information in breach of applicable law, please contact us at [email protected].

Your privacy rights

Depending on where you live and which law applies, you may have the right to:

• request access to personal information we hold about you;
• request correction of inaccurate personal information;
• request deletion of some or all of your personal information;
• request restriction of processing in certain situations;
• object to certain processing based on legitimate interests;
• withdraw consent where processing relies on consent;
• request a portable copy of certain personal information;
• complain to a privacy or data protection regulator.

If you are in New Zealand, you may request access to personal information we hold about you and request correction of that information under the Privacy Act 2020. If you are not satisfied with our response, you may complain to the New Zealand Office of the Privacy Commissioner.

If you have an account, you may be able to access additional privacy tools and account-data information when logged in, including tools or information about editing profile information, downloading certain account data, deletion requests, registration records, and anti-fraud login records.

To exercise your rights, email [email protected]. We may ask for reasonable information to verify identity before acting on a request.

California and other US state privacy disclosures

To the extent California or other applicable US state privacy laws apply, we may collect categories of personal information such as identifiers, internet or electronic activity information, approximate geolocation inferred from IP address, user-generated content, and inferences derived from service use.

We use such information for purposes including account management, operating the Services, security, moderation, analytics, customer support, legal compliance, and service improvement.

We do not sell personal information for money. However, if we use third-party advertising or analytics technologies in a way that applicable law treats as "selling," "sharing," or "targeted advertising," we will provide any notices and opt-out rights required by law.

Where applicable law gives you the right to know, access, correct, delete, or opt out of certain disclosures or uses, you may exercise those rights by contacting us at [email protected] or by using any privacy settings or opt-out tools we make available.

Where required, we will provide a "Your Privacy Choices" or "Do Not Sell or Share My Personal Information" link or equivalent opt-out mechanism. Where required by applicable law, we will also recognise legally required opt-out preference signals, such as Global Privacy Control, for the browser or device sending the signal.

Security

We use reasonable administrative, technical, and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure.

However, no system is completely secure, and we cannot guarantee absolute security.

If we become aware of a privacy breach that has caused, or is likely to cause, serious harm, we will assess the breach and notify affected individuals and the New Zealand Office of the Privacy Commissioner where required by the Privacy Act 2020.

Account closure and deletion

You may request deletion of your account and associated personal information by contacting us or by using any deletion tools we make available.

When an account is deleted:

• account and profile information may be deleted;
• gameplay records may be deleted or anonymised;
• some public content may be retained in anonymised or de-identified form where legally permitted;
• limited data may be retained for security, fraud prevention, legal compliance, dispute resolution, or backup integrity.

Deleting your account may remove access to gameplay history, settings, and other account-linked features.

Links to third-party services

The Services may contain links to third-party websites, content, or services. We are not responsible for the privacy practices or content of third parties. You should review their privacy policies separately.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on the Services and, where appropriate, provide additional notice.

The "Last updated" date at the top indicates when this Privacy Policy was most revised.

Contact us and complaints

If you have questions, complaints, or privacy requests, contact:

If you are in New Zealand and believe your privacy rights have been infringed, you may complain to the Office of the Privacy Commissioner.

If you are in the EEA, you may lodge a complaint with the data protection authority in the country of your habitual residence, your place of work, or the place of the alleged infringement.