Legal

Privacy Policy

CAI Global Solutions Nepal — Last updated May 2025

1. Introduction

CAI Global Solutions Nepal ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights under applicable law.

This policy is governed by the Right to Privacy Act 2075 (Nepal Privacy Act) and applies to all services offered through our website and digital platforms. Last updated: May 2025.

2. Data We Collect

Account Information: Full name, email address, phone number, and password hash when you register.

Billing Data: Billing address and payment instrument details (processed by Stripe; we do not store raw card numbers).

Order Records: Products purchased, transaction IDs, invoice history, and delivery details.

Usage Data: IP address, browser type, pages visited, session duration, referral source, and click paths.

Communications: Support tickets, chat transcripts, and email correspondence you initiate with us.

Player IDs: In-game identifiers provided by you for gaming top-up orders.

3. How We Use Your Data

Service Delivery: Processing orders, activating subscriptions, and fulfilling digital goods.

Account Management: Creating and maintaining your user account and authentication.

Billing and Invoicing: Generating receipts, processing refunds, and managing payment disputes.

Customer Support: Responding to inquiries, resolving disputes, and providing technical assistance.

Security: Detecting fraud, preventing unauthorised access, and enforcing our policies.

Analytics: Understanding aggregate usage patterns to improve our platform (anonymised where possible).

Legal Compliance: Meeting obligations under Nepali law, including tax, commercial, and consumer protection requirements.

Marketing: Sending promotional communications only where you have opted in; you may unsubscribe at any time.

4. Data Sharing

We do not sell your personal data. We share data only with the following categories of recipients under strict data processing agreements:

Stripe Inc.: Payment processing. Stripe is PCI DSS Level 1 certified.

Vercel Inc.: Cloud hosting and edge delivery of our web application.

Neon Inc.: Managed PostgreSQL database hosting.

Resend Inc.: Transactional and marketing email delivery.

Legal Authorities: Government or law enforcement bodies where required by a valid court order or applicable Nepali law.

All third-party processors are contractually bound to use your data only for the purposes described above.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, subject to the following minimum periods:

Account Data: Retained for the lifetime of your account plus 1 year after deletion request.

Transaction Records: Retained for 7 years to comply with Nepali tax and commercial law requirements.

Support Tickets: Retained for 2 years from resolution.

Usage / Analytics Logs: Anonymised after 90 days; raw logs deleted after 12 months.

6. Your Rights (Nepal Privacy Act 2075)

Under the Right to Privacy Act 2075 (Nepal), you have the following rights with respect to your personal data:

Right of Access: Request a copy of all personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete personal data.

Right to Deletion: Request erasure of your personal data, subject to our legal retention obligations.

Right to Data Portability: Receive your data in a structured, machine-readable format.

Right to Restriction: Request that we limit processing of your data in certain circumstances.

Right to Object: Object to processing based on legitimate interests or for direct marketing.

To exercise any of these rights, contact our Data Protection Officer at caiglobasolutions@gmail.com. We will respond within 30 days.

7. Cookies

We use cookies and similar tracking technologies as described in our Cookie Policy. Strictly necessary cookies cannot be disabled as they are required for the platform to function. Analytics and marketing cookies are optional and can be managed via our cookie consent banner or your browser settings.

8. Security

We implement industry-standard technical and organisational measures to protect your personal data, including TLS 1.2+ encryption in transit, AES-256 encryption at rest for sensitive fields, role-based access controls, regular security audits, and employee data handling training.

Despite these measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials.

9. International Transfers

Some of our sub-processors (Vercel, Stripe, Neon, Resend) operate servers outside Nepal. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to maintain a level of data protection consistent with Nepali law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website at least 14 days before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

11. Contact — Data Protection Officer

Email: caiglobasolutions@gmail.com

Subject Line: Privacy Request — [your full name]

Response Time: Within 30 calendar days of receipt

Regulator: If your concern is not resolved, you may lodge a complaint with the relevant authority under the Right to Privacy Act 2075 (Nepal).