Effective date: 16 July 2026. Last updated: 16 July 2026.
Scope of This Policy
This Privacy Policy explains how towerrushplay.app collects, uses, retains, shares and protects information when you use this independent, information-only website about the Galaxsys game Tower Rush. We are not a casino, do not take deposits or process withdrawals, and we do not need your UPI PIN, card CVV, passwords or one-time passwords. The table below shows what this policy does and does not cover.
| Website interaction | Is it covered? |
|---|---|
| Visiting a page | Yes |
| Contact form | Yes |
| Cookie preferences | Yes |
| Reply to an enquiry | Yes |
| Outbound link until you leave | Yes |
| Data on a third-party site after you leave | No |
| Data held by Galaxsys | No |
| Data held by a casino or payment service | No |
| A copycat site | No |
Data-Protection Framework in India
The Digital Personal Data Protection Act, 2023 (the DPDP Act) was enacted on 11 August 2023. A phased commencement notification dated 13 November 2025 began bringing its provisions into force, and the substantive obligations in Sections 3 to 17 are expected to commence around 18 months after that date. The Act establishes the Data Protection Board of India and is built on principles including transparency, purpose limitation, data minimisation, accuracy, security and deletion when data is no longer needed. We aim to reflect those principles in this policy, but this page is general information, not legal advice.
Information You Provide Voluntarily
When you use our contact form or email us, you may provide your name, email address, a subject, your message and sometimes a URL you are asking about. Please share only what is needed, and do not send passwords, one-time passwords, UPI PINs, card CVVs or full identity documents, because we do not need them and cannot secure them on your behalf. If we ever enable a newsletter, we collect your email address only when you choose to subscribe. Any feedback you send is used to respond to you and to improve the site.
Information Collected Automatically
Like most websites, our hosting and security systems automatically record technical information when you visit, including your IP address, the date and time, the URL requested, your browser type, your operating system and device, the referring page, and your language and time-zone settings, along with security events. This gives an approximate region at most; we do not collect precise GPS location. Usage and analytics information is collected only if you consent, and we may record outbound-link events to understand which references are useful.
Cookies and Similar Technologies
We use a small number of cookies and similar technologies, and you control the optional ones. The categories below are explained in full, with durations and controls, in our Cookie Policy.
| Category | Typical purpose | Consent approach |
|---|---|---|
| Strictly necessary | Security, delivery and preference | Applied where necessary |
| Functional | Optional display or language | Consent where required |
| Analytics | Aggregate usage | Disabled until you consent |
| Outbound measurement | Link performance | Consent where non-essential |
| Advertising | Personalised promotion | Not used without a lawful basis and consent |
How We Use Personal Information
We use the limited information we handle only for the purposes below. We do not use your information to place bets, set gambling limits on your behalf, predict game outcomes, or sell or rent data to casinos or gambling operators.
| Purpose | Data commonly involved |
|---|---|
| Deliver pages | IP, time, browser |
| Maintain security | Logs, IP |
| Diagnose problems | URL, device, error |
| Respond to enquiries | Name, email, message |
| Correct content | Report, source, URL |
| Remember privacy choices | Consent identifier |
| Measure performance | Analytics events |
| Manage subscriptions | Email, consent |
| Meet legal obligations | Necessary information |
| Establish or defend rights | Communications, logs |
Consent and Service or Security Necessity
We handle personal information on the lawful bases available to us. For core site delivery and security, we rely on what is necessary to provide the service you request and to keep the site safe from abuse. For optional activities such as analytics and any non-essential cookies, we rely on your consent, which you can withdraw at any time. Withdrawing consent does not affect processing that already took place while your consent was valid.
Google Analytics and Measurement Services
Where we use a measurement service such as Google Analytics, we do so only after you have given consent, and we do not send it the contents of the contact form. Google Analytics offers user and event data-retention windows of 2 or 14 months, and we configure retention at no more than 14 months. You can withdraw consent at any time to stop further collection, and you can also use the browser and cookie controls described in our Cookie Policy.
Sharing and Disclosure
We do not sell your personal information. We share limited information only with service providers who help us run the site, and only to the extent they need it, as summarised below.
| Provider category | Typical access |
|---|---|
| Website host | Requests, IPs, logs |
| CDN or security provider | Network events, threat indicators |
| Email provider | Contact messages |
| Consent-management tool | Cookie choices |
| Analytics | Consent-based usage |
| Backup provider | Encrypted records |
| Professional adviser | Information for legal or security needs |
We may also disclose information where the law requires it, to respond to a valid legal request, or to protect the safety, rights or property of visitors, the public or the site. If the site or its assets are ever transferred as part of a reorganisation, this policy will continue to apply to the information involved.
Third-Party Websites
When you follow an outbound link, you leave towerrushplay.app and the destination site handles your data under its own policies. Be especially careful with any site or message that makes the requests below, which are common signs of fraud.
| Request | Why it is concerning |
|---|---|
| UPI PIN or banking password | Not required to try a demo |
| OTP | Enables account takeover |
| Card CVV | Unrelated to practice play |
| Remote device access | Exposes your accounts |
| Unknown APK | May carry malware |
| Payment for a predictor | A random result cannot be guaranteed |
| Full identity document in chat | Insecure or unnecessary |
Data Retention
We keep information only as long as we need it for the purpose it was collected, or as the law requires. The standard periods below are guidance and may vary where a specific legal or security need applies.
| Data category | Standard retention |
|---|---|
| Uncomplicated contact enquiry | Up to 12 months after the last reply |
| Ongoing complaint or legal matter | Until resolution plus the limitation period |
| Privacy request record | Up to 3 years |
| Routine server logs | Up to 90 days |
| Security-investigation logs | Until the investigation concludes |
| Cookie-consent record | Consent period plus up to 12 months |
| Google Analytics event data | Up to 14 months if enabled |
| Newsletter subscription | Until you unsubscribe |
| Suppression record | Minimum needed to honour your opt-out |
| Outbound-link measurement | Up to 12 months |
| Backups | Within about 90 days |
Data Security
We use reasonable technical and organisational measures to protect information, including TLS encryption in transit, access controls, multi-factor authentication for administrative access, software updates and backups. No website can guarantee absolute security, so we cannot promise that a determined attack will never succeed. You can help protect yourself as well.
- Never share a password, OTP, UPI PIN or card CVV with anyone, including anyone claiming to represent us.
- Send us only the details needed to answer your question.
- Use a strong, unique password and up-to-date antivirus software on your device.
- Avoid installing unofficial APK files or predictor apps that request unusual permissions.
- Report anything suspicious through our contact page so we can look into it.
Your Privacy Choices and Rights
Subject to applicable law, you may ask to access the information we hold about you, to correct or update it, to erase it, to withdraw consent for optional processing, to raise a grievance, and to nominate another person to exercise your rights in the event of death or incapacity. We aim to acknowledge a request within 7 business days and to respond within 30 calendar days, and we will tell you if more time is genuinely needed. To protect you, we may verify your identity using the information already linked to your request rather than asking for a full identity document.
How to Submit a Privacy Request
You can make a privacy request through our contact page using the subject line Privacy Request. To help us respond, please include your name, a reply email address, the type of request, the relevant date or page, and a short explanation of what you would like us to do. We do not charge a fee for a reasonable request.
Children's Privacy
This site is intended only for adults aged 18 years or older, and it is not directed at children. The DPDP Act defines a child as anyone under 18 years of age, and we do not knowingly collect their personal data. If you believe a child has provided information through the site, please tell us through our contact page so we can remove it.
International Processing
Some service providers we use may process information on servers located outside India. Where that happens, we take reasonable steps so that the information continues to be protected in line with this policy and applicable law, including the framework set by the DPDP Act. We do not transfer personal data to any jurisdiction that is restricted for such transfers under Indian law.
Do Not Track and Browser Signals
Some browsers can send Do Not Track or global privacy signals. There is no single agreed standard for how websites must respond to them, but where our consent tools recognise such a signal we aim to honour it. You can also manage optional cookies at any time through our cookie banner and your browser settings.
Automated Decisions and Profiling
We do not make decisions that produce legal or similarly significant effects about you through solely automated processing, and we do not carry out profiling of that kind. Any analytics we use is aggregate and is not used to evaluate or make judgements about individuals.
Data Breach or Suspicious Activity
If you believe your data has been exposed, or you notice suspicious activity connected to the site, please tell us through our contact page so that we can investigate. When you report an issue, please redact sensitive details such as full card numbers, passwords or OTPs. Where the law requires it, we will notify the Data Protection Board of India and the individuals affected by a reportable personal-data breach.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the site, our practices or the law. The version on this page is the current one, and the effective date at the top shows when it was last revised. Your continued use of the site after an update means you accept the revised policy, so we recommend checking this page periodically.
Contact and Grievance Information
For any privacy question, request or grievance, please use our contact page, and we will route it to the person responsible for handling data matters. When you write to us, include only what is needed to understand your request. Never include a password, one-time password, UPI PIN, card CVV or full identity document in your message.
18+ only. Tower Rush is a game of chance, not income. India helpline KIRAN (24x7): 1800-599-0019. Set limits and never chase losses.