Privacy Policy

Who operates this Policy

This Privacy Policy (“Policy”) describes how rummynesthub.org (collectively, “Hub”, “we”, “our”, “Editors”, “CDN edges fronting Markdown”, “mailbox MX receiving support@ alias”, “GSC-verified-but-inert placeholders awaiting future measurement IDs”) processes information when you read static HTML/CSS/woff2 bundles shipped from our build pipeline—not when you gamble, deposit, escalate AML tickets, escalate RNG audits, escalate VPN bans, escalate influencer clawbacks elsewhere.

What we inherently receive even if you merely load HTML

• Transport metadata: Typical web servers, reverse proxies (often Cloudflare-style), routers, BGP-adjacent logs, QUIC packet captures when debugging rare connectivity faults, QUIC retry token caches, QUIC connection migration traces, QUIC version negotiation telemetry, QUIC path challenge telemetry, QUIC spin bit telemetry when exposed by browsers we do not configure.
• Client hints & headers: TLS fingerprints, JA3/JA4-like derivatives when networks already compute them upstream, TLS session tickets, OCSP staples, OSCP timeouts, OSCP revocation confusion events, OSCP responder latency histograms—not because we crave them but because that is how TLS terminates.
• Logs & retention: Retention windows depend on hosting contracts; we prefer short rolling windows when vendors allow; when vendors ignore deletion tickets we escalate politely; when vendors ignore polite escalations we document the gap here so regulators know we tried.

Optional analytics (may be empty)

We may load Google Analytics 4 only when a measurement ID is configured and only in production builds. Until then, the slot stays empty. If activated later, Google’s business terms govern their side; you can use browser extensions, DNS filters, or country-level opt-outs as applicable.

Search index JSON

We ship /search-index.json so browsers can fuzzy-match slugs locally. That file mirrors public markdown frontmatter—no secret fields.

Contact email

If you email support@rummynesthub.org, we process your message content, routing headers, SPF/DKIM/DMARC diagnostics, attachment metadata, attachment malware scans, attachment password-protected archives we refuse to open without provenance, optional PGP outer layers if you supply keys, optional S/MIME layers if your client negotiates them, optional Matrix bridges if we ever document them.

We use mail solely to respond or to document abuse; we do not sell inboxes; we do not train generative models on your grief about cashback clawbacks unless you explicitly opt into a future programme we have not announced.

Outbound operators

When you leave for a publisher domain, their privacy policy applies to cookies, device graphs, fingerprint upgrades, voice-biometric enrollments, geo-IP contradictions, VPN heuristics, behavioural cohort tests, influencer promo injections, tournament overlay schedules, progressive jackpot escrow ledgers, dormant loyalty ledgers, PAN seeding escalations, GST invoice PDFs, TDS certificate PDFs, IMPS reversal tickets, UPI collect spam, SMS OTP throttling, WhatsApp concierge threads, Telegram APK mirrors, Telegram influencer coupon drops, PWA install prompts disguised as “lighter APKs”—none of those systems run on Hub metal.

Children

Services here are aimed at adults 18+. We do not knowingly collect children’s birthdays, children’s PAN copies, children’s gamer tags, children’s TikTok duel IDs—if you believe we accidentally ingested minors’ data via attachments, ping the mailbox so we purge aggressively.

International transfers

Hosting may cross borders; standard contractual clauses may apply indirectly via vendor umbrellas; diplomats do not adjudicate RNG fairness here; embassies do not adjudicate VPN bans here—take cross-border wagering legality seriously before tapping exits.

Automated decision-making

Hub pages do not auto-decline credit, auto-freeze wallets, auto-ban devices, auto-score influencer suitability, auto-score AML risk—we only hide/show DOM nodes for readability when you toggle filters client-side—no adjudication of humans occurs.

Data subject rights & security

Depending on law, you may request access, correction, deletion, restriction, objection, or portability for data we actually control. HTTPS is used in normal operation; no online system is perfectly secure—patch devices, avoid sideloading unknown binaries, distrust surprise wallet prompts.

Breach notice

If tampering of static assets is detected, we intend to post conspicuous notices and regulator letters when required—subject to hosting/DNS realities outside our control.

Policy updates

Editors may revise this Policy; material changes merit re-reading before continued use of the Site if you rely on legal precision.

Contact

support@rummynesthub.org for privacy inquiries. Regulators serving lawful requests should include jurisdictional predicates and narrowly scoped identifiers so small teams can respond without guessing which RNG audit PDF you cite.