DRAFT — placeholder copy. Replace with lawyer-reviewed policy before public launch.

Privacy Policy

Last updated: 2026-06-01

1. What we collect

  • Account: email, hashed password, date of birth, country, age confirmation, ToS acceptance timestamp.
  • Wallet & gameplay: wallet balance, ledger entries (every credit/debit), games played, hands, actions taken.
  • Technical: IP address, user-agent, request timestamps. Used for security (rate limiting, audit logs).
  • Product analytics: in-app events (signup, login, game start/end) via PostHog. Cookieless — no tracking cookie is dropped.
  • Errors: stack traces and request context via Sentry when something crashes.

2. What we do NOT collect

  • Real-name, address, phone, payment, or government-ID data — the product has no real-money flow that would require KYC.
  • Browser fingerprints.
  • Data from third parties about you.

3. How we use it

  • Provide the service (you signed up, here are your chips and games).
  • Operate it (rate limiting, fraud/abuse prevention, debugging crashes).
  • Improve it (aggregate product metrics like D1/D7 retention).
  • Comms (verification emails, password resets, beta updates).

4. Legal basis (GDPR / UK GDPR)

  • Contract — providing the service you signed up for.
  • Legitimate interests — security, fraud prevention, product analytics.
  • Consent — for any non-essential communication you opt in to.

5. Sharing

We share data with processors required to run the service:

  • Vercel (hosting), Neon (Postgres), Upstash (Redis)
  • Resend (transactional email)
  • Sentry (error tracking), PostHog (product analytics)
  • Cloudflare (CAPTCHA, DDoS protection)

We do not sell or rent your data.

6. Retention

Account data is retained while your account is active and for 30 days after closure (audit/security). Ledger entries are retained for 7 years per common financial-records norms. Analytics events are retained per the processor's default (PostHog: 7 years).

7. Your rights

Under GDPR / UK GDPR / similar laws you can request: access, correction, deletion, portability, restriction, and objection. Email [email protected].

8. Children

The service is not directed at users under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, email us and we will delete the account.

9. Changes

We may update this policy. Material changes will be communicated via the app or email.

Home · Terms