Download APK

Privacy

How COME handles your data

Plain-English summary of what we collect, why, who we share it with, and what we don't do.

Last updated: 29 June 2026. This page is the public summary. The binding document lives inside the COME App under Settings → Legal → Privacy Policy and includes the same content below plus the formal clauses required by the DPDP Act, 2023.

We try to write privacy policies like a human, not like a law firm. If something below is unclear, message us through in-app Help and we'll rewrite it.

What we collect

The data we actually hold about you

Identity (KYC): your full name, date of birth, PAN number, the PAN card image you upload, a bank-account proof document, and the live selfie you take during signup. We need all of this to comply with Indian anti-money-laundering law and to file TDS correctly.

Contact: your mobile number (used as your login). That's it — we don't ask for an email address and we don't want one.

Payments: deposit and withdrawal history, including the UPI ID, bank account number, IFSC, or USDT wallet address you used. We don't store your full debit card number, CVV, or netbanking password — those go directly to our payment partners and never touch our servers.

Gameplay: which games you play, when you play, bet sizes, outcomes, bonuses claimed. This drives leaderboards, fairness audits, and the responsible-gaming tools in Settings.

Device: device model, Android version, IP address, and crash logs. Used for fraud detection and to fix bugs.

Why we need it

The reasons we use your data

Most of what we collect is forced on us by Indian law — the DPDP Act, 2023, the Income Tax Act (for TDS on winnings), PMLA (anti-money-laundering rules), and the 2023 Online Gaming Act framework. We're allowed to use the data only for the purposes the law defines. We don't sell it. We don't share it for marketing.

A small amount of aggregate, anonymised data — things like "47% of users prefer Aviator on weekday evenings" — informs product decisions. That data can't be traced back to any individual.

Who we share with

Third parties that see your data

Four categories, and only these:

  • Payment partners — RBI-regulated entities that process UPI, IMPS, NEFT, debit cards, and netbanking transactions. They see the data needed to move money; we see the confirmation.
  • Self-Regulatory Body — registered under the 2023 Online Gaming Act. They see aggregate, not individual, data, except during specific compliance audits.
  • Income Tax Department — TDS filings on winnings above ₹10,000 a year. By law.
  • Law enforcement — only on receipt of a valid legal order. We've never received one for an individual user, but the policy exists.

We do not share with advertisers, data brokers, social media platforms, or "affiliate networks."

Your rights

What you can ask us to do

Under the DPDP Act, 2023, you have the right to:

  • Access — ask what we hold about you. We respond within 30 days.
  • Correction — fix wrong data. Most fields (name, PAN, bank details) are locked once verified for fraud-prevention reasons, but you can request a correction through in-app Help.
  • Erasure — request account deletion. KYC documents and transaction history are retained for 5-8 years as required by AML and tax law, even after account closure. Gameplay history is anonymised.
  • Grievance — escalate to our Data Protection Officer via in-app Help if our response doesn't resolve your concern.

Security

How we protect the data we hold

256-bit TLS for everything in transit. AES-256 for KYC documents at rest. PAN numbers are tokenised in our database — even our engineers can't read them in plain text. Access to PII is logged, gated by role, and reviewed quarterly.

We run annual third-party security audits and a private bug-bounty program. If you find a real vulnerability, report it through in-app Help and we'll respond within 72 hours.

Children

Under-18 users

COME is for adults 18 and older. We don't knowingly collect data from minors. PAN-based KYC includes date-of- birth verification; under-18 accounts are suspended immediately and any balance forfeited. If you believe a minor has created an account, message us through in-app Help and we'll close it and delete the data we're legally allowed to delete.

Changes

When this policy changes

When we update this page, the "Last updated" date at the top moves. Material changes — anything that expands what we collect or who we share with — get a 30-day notice inside the app before they take effect.

This is the public-facing summary. The formal, legally binding version is inside the app under Settings → Legal → Privacy Policy and includes clauses required by the DPDP Act, 2023 and the Information Technology (Reasonable Security Practices) Rules, 2011.