Privacy Policy | Pokertally

1. Introduction

Pokertally ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service"). We are based in Finland and comply with the EU General Data Protection Regulation (GDPR) and Finnish data protection law.

2. Information We Collect

Account Information

When you create an account, we collect:

Email address
Username

Session Data

To provide our poker tracking features, we collect information you enter about your sessions:

Buy-in and cashout amounts
Session duration and dates
Game type and stakes

Technical Information

We automatically collect certain technical information to ensure app stability and improve user experience:

Device type, model, and operating system version
App version and build number
General usage patterns (anonymized)

Analytics and Crash Reporting

We use third-party services to help us understand how you use Pokertally and to improve app stability. We are committed to transparency about these services and your control over them.

Firebase Crashlytics (Crash Reporting - Opt-in)

We use Firebase Crashlytics to identify and fix app crashes. Crash reporting is opt-in only — you must explicitly consent before any crash data is collected.

Consent Process:

Upon first app launch, we display a clear consent request
You can choose to enable or decline crash reporting
Either choice is presented without default pre-selection

Managing Your Preference:

Enable or disable crash reporting anytime in Settings → Privacy
Changes take effect immediately

What Data is Collected When Enabled:

Crash logs and stack traces
Device state at time of crash (memory usage, device orientation)
Device identifiers (installation UUID)
App state before the crash
No personal information (email, session data) is included in crash reports

If You Decline: The app functions normally; we simply cannot identify crashes affecting you.

Data Processing: Crash data is processed by Google LLC under EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs). Data is stored for 90 days maximum. For more information, see Firebase Privacy Policy.

TelemetryDeck (Privacy-First Analytics)

We use TelemetryDeck, a privacy-first analytics service designed to collect only anonymized data. Personal data is never sent to TelemetryDeck.

What TelemetryDeck Receives:

Which screens are viewed and which features are used
Device type and OS version (without unique identifiers)
Anonymized session identifiers that rotate regularly
Rounded timestamps (to prevent fingerprinting)

Key Privacy Features:

No IP addresses, cookies, or persistent identifiers collected
Anonymized user ID generated locally on your device
TelemetryDeck cannot link events back to individual users
Data hosted in the EU and encrypted in transit/at rest

For more information, see TelemetryDeck Privacy Policy.

Subscription Management

RevenueCat

We use RevenueCat to manage Pro subscriptions and in-app purchases. RevenueCat helps us track your subscription status and provide you with premium features.

RevenueCat may collect:

Subscription status (active, expired, trial, etc.)
Purchase history and transaction identifiers
App User ID (linked to your Pokertally account)
Device and platform information

Important: RevenueCat does not have access to your payment card details or billing information. All payment processing is handled securely by Apple (App Store) or Google (Play Store). For more information, see RevenueCat Privacy Policy.

2A. Lawful Basis for Data Processing

Under GDPR Article 6, we process your personal data based on the following lawful bases:

Contract Basis (Article 6(1)(b))

Processing necessary to provide the Service you requested:

Account Information (email, username) — to create and maintain your account
Session Data (buy-ins, cashouts, game history) — core functionality of the Service
Subscription Data (RevenueCat) — to process Pro subscriptions and provide premium features

Legitimate Interest (Article 6(1)(f))

Processing necessary for our legitimate interests, balanced against your rights:

Technical Information — to maintain app stability and fix bugs affecting specific devices
Analytics (TelemetryDeck) — to understand usage patterns and improve UX (data is anonymized)

Safeguard: We collect only the minimum necessary data and you can request restriction of this processing.

Consent (Article 6(1)(a))

Crash Reporting (Firebase Crashlytics) — opt-in only; you can withdraw consent anytime in Settings

3. How We Use Your Information

We use your information in accordance with the lawful bases described in Section 2A:

Service Provision (Contract Basis)

Provide, maintain, and improve the Service
Calculate and display your poker statistics and analytics
Sync your data across devices
Respond to your inquiries and support requests
Process Pro subscriptions and in-app purchases

Service Improvement (Legitimate Interest)

Analyze usage patterns to improve app features
Identify and fix technical bugs and stability issues
Understand which features are most valuable to users
Prevent fraud, abuse, or unauthorized access

Legal Compliance

Comply with legal obligations (accounting records, tax law)
Respond to valid legal requests from authorities

4. Data Storage and Security

Your data is stored securely using industry-standard encryption. We use Supabase as our backend infrastructure, which provides enterprise-grade security including encryption at rest and in transit. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you without undue delay (within 72 hours where feasible) in accordance with GDPR Article 33. We will inform you of the nature of the breach, likely consequences, and measures taken to address it.

4A. International Data Transfers

We take appropriate safeguards when transferring your data internationally.

Where Your Data is Stored

Supabase (Account & Session Data): Stored in Frankfurt, Germany (EU data center)
Firebase Crashlytics: May be transferred to Google infrastructure in the US
TelemetryDeck: Hosted in the EU

Transfer Safeguards

When data is transferred outside the EU/EEA, we ensure protection through:

EU-US Data Privacy Framework (adequacy decision)
Standard Contractual Clauses (SCCs) with all processors
Encryption of data in transit and at rest

Data Processing Agreements

We have Data Processing Agreements in place with Supabase, Firebase, RevenueCat, and TelemetryDeck that include GDPR compliance obligations. For copies of these agreements, contact us at support@pokertally.app.

5. Data Sharing

We do not sell your personal information. We may share your information only in these circumstances:

With your consent: When you explicitly share game sessions or statistics with other users
Service providers: With trusted third parties who assist us in operating the Service
Legal requirements: If required by law or to protect our rights

6. Your Rights and Choices

You have the right to:

Access and download your data
Correct inaccurate information
Delete your account and associated data
Opt out of non-essential communications
Control crash reporting: Enable or disable Crashlytics in app settings
Understand our analytics: TelemetryDeck uses only anonymized data and does not track you personally

To exercise these rights, you can use the settings within the app or contact us directly. Crash reporting preferences can be changed at any time through Settings → Privacy.

7. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, in accordance with GDPR Article 5(1)(e).

Retention Periods by Data Type

Account Information & Session Data: Retained while your account is active. Deleted immediately upon account deletion; residual copies in encrypted backups purged within 30 days.
Technical Information: Retained for 6 months maximum, then automatically deleted.
Analytics Data (TelemetryDeck): Retained for 12 months maximum. This is anonymized data.
Crash Reports (Firebase): Retained for 90 days maximum, then automatically deleted.
Subscription/Payment Data (RevenueCat): Retained for 7 years to comply with Finnish Accounting Act. Not deleted upon account deletion due to legal obligation.

Deletion Requests

If you request deletion of your data (GDPR Article 17), we process this immediately for all accessible data. Encrypted backups containing your data are purged as they expire naturally (within 30 days).

8. Children's Privacy

The Service is intended only for users aged 18 and older. We do not knowingly collect personal information from individuals under 18.

Age Verification

Upon account creation, users must confirm they are 18 or older (declaration-based verification). We rely on users to provide accurate age information. Providing false age information constitutes a breach of our Terms of Service.

If You Are Under 18

Please do not create an account or use Pokertally. If you are under 18 and have already created an account, delete it immediately and notify us at support@pokertally.app.

If We Discover Children's Data

If we become aware that a user is under 18, we will immediately suspend the account and delete all personal data within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy in the app and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your GDPR rights, please contact us at: support@pokertally.app

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu) at tietosuoja.fi.