LetsTandav

Legal

Privacy Policy

Effective Date: 18 June 2026  ·  Last Updated: 18 June 2026

1. Introduction

LetsTandav ("we", "our", or "us") operates the platform at letstandav.com — an esports tournament and scrim management service for BGMI, PUBG Mobile, and COD Mobile players in India. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights under applicable Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

By creating an account or using our platform you agree to the practices described in this policy. If you do not agree, please do not use the service.

2. Information We Collect

Account Information

When you register we collect your email address, display name, and a securely hashed password (we never store or transmit your plaintext password). You may optionally add your in-game name (IGN) and player UID for the games you play.

Contact & Identity

Phone numbers, when provided, are stored in a one-way hashed format — we cannot reverse the hash to read the original number. We do not collect government-issued ID documents for regular player accounts.

Transaction Data

We record wallet top-up amounts, match entry-fee debits, and prize credits in our database. We do not store card numbers, UPI IDs, or any raw payment credentials — these are handled exclusively by our payment processor (Razorpay India Pvt. Ltd.) under their own PCI-DSS compliance.

Usage Data

Server logs capture IP address, browser/device type, pages visited, and timestamps for security, debugging, and fraud prevention. We do not sell or share this data for advertising.

Uploaded Content

Profile avatars, organisation logos, and match banners you upload are stored on Supabase Storage (hosted in the EU-West region). Do not upload images that include sensitive personal information.

3. How We Use Your Information

  • To create and manage your account and authenticate you securely.
  • To process wallet top-ups, entry-fee payments, and prize disbursements.
  • To display public leaderboards and team profiles (only the data you choose to make public).
  • To send transactional notifications (match slot confirmations, room ID releases, results).
  • To investigate fraud, rule violations, or security incidents.
  • To comply with legal obligations under Indian law.

We do not use your personal data for targeted advertising, and we do not sell your data to third parties.

4. Third-Party Services

We rely on the following sub-processors. Each operates under its own privacy policy:

ProviderPurposeData Shared
Razorpay India Pvt. Ltd.Payment processing & wallet top-upAmount, order ID; no card/UPI data stored by us
Supabase Inc.Database & file storageAll structured user data & uploaded files
Upstash Inc.Rate limiting & session cacheAnonymised request metadata, session tokens
MSG91 (Walkover Web Solutions)OTP delivery (future feature)Phone number for OTP dispatch only

5. Cookies & Local Storage

We use httpOnly session cookies for authentication — these cannot be accessed by JavaScript and help prevent session-hijacking. We also use browser localStorage to remember your colour-theme preference. We do not use advertising cookies or cross-site tracking.

6. Data Retention

Account data is retained for as long as your account is active. If you request account deletion your personal data (email, IGN, hashed phone) is purged within 30 days. Transaction records (amounts, dates, order IDs) are retained for 7 years to comply with financial record-keeping requirements under Indian law. Server logs are retained for 90 days.

7. Security

We implement industry-standard protections: TLS encryption in transit, AES-256-GCM encryption for sensitive fields at rest, argon2id password hashing, rate limiting on all sensitive endpoints, and an append-only audit log for all privileged actions. No system is perfectly secure; we will notify affected users promptly in the event of a confirmed breach.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated personal data.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the appropriate authority under the Digital Personal Data Protection Act, 2023.

To exercise any of these rights, email us at contact@letstandav.com with the subject line "Privacy Request". We will respond within 30 days.

9. Children

Our platform is intended for users aged 18 and above. Users aged 13–17 may participate only with verifiable parental or guardian consent. We do not knowingly collect personal data from children under 13. If we become aware that data was collected from a child under 13 without consent, we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified via email or an in-app banner at least 7 days before they take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related queries, write to: contact@letstandav.com
This policy is governed by the laws of India. Any disputes shall be subject to the jurisdiction of the courts of Maharashtra, India.