Privacy Policy — 3 Patti Bounty Portal
1. Who This Privacy Policy Covers
This Privacy Policy describes how the editorial team behind 3pattibounty.com (the “Portal”) handles personal data collected through the website. The Portal is an editorial download and information site for the third-party Pakistani Android application commonly known as “3 Patti Bounty”, and it publishes Dragon Tiger strategy guides, mission walkthroughs, and Easypaisa / JazzCash withdrawal tutorials for Pakistani Bounty Hunters.
This policy applies only to data collected through the Portal at 3pattibounty.com. The 3 Patti Bounty Android app collects its own data inside the application itself; that data is handled by the App operator, not by this Portal, and is governed by the App's own in-app privacy notice. Read this policy together with our Terms of Use and Responsible Gaming page to understand the full agreement.
Important — the Portal vs the App
When you tap the “Claim Bounty” download button on this Portal, the APK install transfers you into a third-party App. From that point on the App collects its own data (account credentials, CNIC, JazzCash / Easypaisa details, gameplay history, mission completion records, real-money balance, in-App device identifiers) under its own privacy notice. The Portal does not see, store, or transmit any of that App-side data. If your concern is about App-side data (a withdrawal that exposed personal details, a mission record dispute, a real-money balance leak), please raise it with the App's customer-support channel; only the App operator can investigate App-side incidents.
2. What the Portal Collects When You Visit
The Portal is intentionally light on data collection. The following categories cover everything the Portal touches when a Pakistani Bounty Hunter reads a Dragon Tiger guide, opens the bonus page, or downloads the APK:
2.1 · Server access logs (auto-collected)
Every HTTP request to 3pattibounty.com is recorded by the Portal's hosting provider in a standard server access log. Each log line contains the requesting IP address, the timestamp, the URL path requested, the HTTP status code, the user-agent string of your browser, and the referring URL where applicable. These access logs are retained for 90 days and are used for security analysis (rate-limiting abusive crawlers, detecting Claim-Bounty endpoint abuse), debugging, and aggregate readership statistics for the editorial team's planning of the Dragon Tiger blog cadence.
2.2 · Cloudflare edge data
The Portal uses Cloudflare as an edge CDN and DDoS-protection layer. Cloudflare records similar request metadata under its own privacy policy, processes traffic to enforce rate limits on the Claim-Bounty download endpoint, and provides aggregate analytics back to the editorial team. Cloudflare is contractually bound under its own GDPR / DPA-equivalent commitments, even though the Portal's primary audience is Pakistan rather than the EU.
2.3 · Anonymous analytics
If the Portal runs analytics (for example to count Dragon Tiger blog readers or measure which mission-walkthrough articles are most read), it does so using privacy-preserving server-side counting that does not place a tracking cookie on your browser and does not link reading behaviour to any identifier. We do not run third-party advertising trackers, fingerprinting scripts, or session-replay tools on this Portal.
2.4 · Email correspondence you initiate
If you email [email protected], [email protected], or any other Portal email channel listed on the Contact page, your message and any attachments are stored in the Portal's inbox for the lifetime of the correspondence plus a retention window described in section 4 below. We process this email so the editorial team can answer your question, route a listing-removal request, or log a complaint into our editorial review file.
2.5 · What the Portal does NOT collect
- The Portal does not ask for, store, or transmit any CNIC, passport number, or government-issued identifier.
- The Portal does not collect JazzCash PINs, Easypaisa PINs, bank account credentials, or any payment-card data. None of those are entered on the Portal; they are entered inside the App, which has its own privacy notice.
- The Portal does not place advertising tracking cookies, social-network re-targeting pixels, or third-party fingerprinting scripts on your browser.
- The Portal does not record an in-App real-money balance, mission completion record, or Dragon Tiger session log. Those are exclusively the App operator's domain.
3. Why the Portal Collects What It Collects
Each category above is collected only for the corresponding narrow purpose:
- Access logs — security (detecting abusive scrapers of the Dragon Tiger blog library, rate-limiting bot floods against the Claim-Bounty endpoint), debugging Portal outages, and aggregate readership statistics that inform what we write next.
- Cloudflare edge data — same purposes as access logs, plus DDoS mitigation at the network edge before traffic ever reaches the Portal's origin server.
- Anonymous analytics — the editorial team uses aggregate page-view counts to decide whether a Dragon Tiger 1-3-2-6 essay is being read often enough to deserve a follow-up post, or whether the mission walkthroughs need a refresh.
- Email correspondence — answering your question; routing a listing-removal request through the SLA in Terms section 12; logging an App-side complaint into the editorial review file used to decide whether the App stays linked from the Portal.
4. How Long the Portal Keeps Data
Retention is short and category-specific:
- Server access logs: 90 days, then permanently deleted.
- Cloudflare edge logs: per Cloudflare's own retention defaults (typically 7-30 days for free / standard tier).
- Anonymous aggregate analytics: indefinitely retained because they contain no identifier, only counts.
- Email correspondence (general support): 12 months after the last reply in the thread, then permanently deleted.
- Email correspondence (listing-removal requests, regulator notices, dispute escalations): 36 months, because these classes of correspondence may need to be reproduced for an upstream brand owner or a Pakistani regulator under a future enquiry.
- Editorial review file (App-side complaints): 24 months in aggregated form (without retaining your email address beyond 12 months), so the editorial team can spot patterns over time without storing personal identifiers any longer than necessary.
5. Third Parties the Portal Shares Data With
The Portal does not sell data. Limited information is shared with three classes of third party, only for the narrow purpose each one serves:
- Hosting provider — the company that runs the Portal's origin server necessarily processes the same access logs described above, under its own data-processing agreement. Logs do not leave the hosting provider's infrastructure for any other purpose.
- Cloudflare — the edge CDN already described, processes the same request metadata at the network edge.
- Law enforcement or a Pakistani regulator — where a lawful instruction (a subpoena, a PTA takedown notice with a regulator-issued legal basis, an FBR consumer-protection request) requires the disclosure of specific logged data. The Portal honours lawful instructions and notifies the affected party where lawfully permitted to do so.
Specifically: the Portal does not share data with the App's operator. The App operator never receives Portal-side reader information, even when a reader installs the App via the Claim-Bounty download link.
6. Your Rights — Access, Correction, Deletion
How to exercise your rights
Email [email protected] with the subject line “Privacy request — [access / correction / deletion]”. Describe what data you believe the Portal holds and what you want done with it.
The Portal processes Privacy requests within 30 calendar days. Where the request requires verification (so the Portal does not delete someone else's email correspondence on your behalf), the 30-day clock starts after verification is complete.
You may request the following from the Portal:
- Access — a copy of the email correspondence on file from your email address, plus any aggregated note in the editorial review file that originated from your messages.
- Correction — if a fact in correspondence-derived editorial notes is wrong, request a correction with supporting evidence.
- Deletion — deletion of your email correspondence on file (subject to the 36-month retention period for listing-removal / regulator correspondence, which we may need to retain for legal reasons even where deletion is requested).
- Objection — you may object to specific processing (for example, aggregate inclusion of your complaint in the editorial review file). Where the objection is reasonable, the Portal will exclude your data from that processing.
Because the Portal does not place tracking cookies and does not store CNIC / payment data, there is no “cookie preference manager” or “payment-data export” to surface here — the Portal simply does not hold those data classes.
7. Cookies & Local Storage
The Portal uses cookies and browser local storage minimally:
- Functional cookies that remember UI preferences (for example, whether you have dismissed the 18+ banner this session) live for the current browser session only and contain no identifier.
- Cloudflare may set a security cookie to enforce edge rate-limiting; this cookie is set by Cloudflare under its own privacy policy and exists to protect the Portal from abuse, not to track readers across sessions.
- The Portal does not set advertising tracking cookies, social-network retargeting cookies, or third-party fingerprinting cookies.
You can disable cookies in your browser settings. Disabling the Cloudflare security cookie may cause edge rate-limiting to challenge your requests more often (you may see CAPTCHA pages); disabling the functional UI cookie means the 18+ banner re-appears each session.
8. Age Eligibility (18+)
3 Patti Bounty content is intended for readers aged 18 years and above. The Portal does not knowingly collect data from minors. If we discover that an email correspondent identifying themselves as a minor has reached us, we will delete the correspondence immediately and ask any parent or guardian who has reached out on a minor's behalf to take the matter up with the App operator's underage-account team. Some Pakistani provinces require a higher minimum age (for example 21) for casino-style content; where local law sets a higher threshold, the higher threshold applies to you.
9. Pakistan Regulatory Alignment (PECA 2016 and Related)
3pattibounty.com operates from a Pakistan-facing editorial base and recognises the obligations imposed by the Prevention of Electronic Crimes Act 2016 (PECA 2016) and the consumer-protection guidance issued by relevant federal bodies. Specifically about data handling, the Portal aligns to PECA 2016 in three practical ways:
- Lawful processing. The Portal restricts itself to the data categories described in section 2 above; it does not process classes of data outside those categories.
- Lawful retention. Retention periods in section 4 are designed to be the minimum needed for the corresponding purpose, not the maximum the law would permit.
- Lawful disclosure. The Portal discloses logged data to law enforcement only on a properly grounded legal instruction, and notifies the affected party where lawfully permitted to do so.
If the PTA, FBR, or a provincial consumer-protection authority issues a takedown notice, data-handling instruction, or compliance request, the Portal follows lawful instructions and updates this privacy policy if the change affects what the Portal collects, why it collects it, or how long it is retained.
10. Cross-Border Data Transfers
The Portal's hosting infrastructure and Cloudflare's edge POPs may process Portal request data in jurisdictions outside Pakistan. Where data is processed outside Pakistan, it remains under the contractual data-protection commitments of the relevant hosting provider or Cloudflare DPA. The Portal does not transfer your email correspondence outside the inbox infrastructure used by the editorial team for normal correspondence handling.
11. Security Practices
The Portal applies the following practices to protect the data described above:
- All Portal traffic is served over HTTPS / TLS 1.3, including the Claim-Bounty download endpoint where the APK file is delivered.
- The Portal's origin server runs on a host with current security patches and is fronted by Cloudflare's edge WAF.
- Access to the email inbox holding correspondence is limited to the small editorial team and is protected with multi-factor authentication.
- The Portal does not write reader email addresses or message bodies into the editorial review file in identifiable form beyond the 12-month window described in section 4.
- The Portal monitors for unauthorised access to the email inbox; in the event of a confirmed security incident affecting Portal-side data, the Portal commits to notifying affected correspondents within 72 hours of confirmation, with a public note in the changelog where the incident is significant.
12. Changes to This Privacy Policy
The Portal updates this Privacy Policy whenever the data categories collected, the retention periods, or the third-party sharing list materially changes. The “Last updated” date at the top of this page reflects the most recent material revision. Minor editorial improvements (typographical, formatting, link maintenance) do not trigger a date change. Significant revisions are also noted in the Portal's public changelog, with a brief summary of what changed and when.
13. How to Reach the Privacy Function
For Privacy-Policy questions specifically, email [email protected] with a subject line that names the section involved — for example “Privacy section 6 — deletion request” or “Privacy section 9 — PECA alignment query”. The editorial team aims to acknowledge privacy emails within 2 working days and to substantively reply within the 30-day window in section 6.
For all other Portal-side contact (editorial corrections, listing-removal requests, App-side complaint logging), see the routing on the Contact page.
This Privacy Policy, our Terms of Use, and our Responsible Gaming page together describe the agreement between you and the Portal. Read all three before claiming any bounty.