Privacy Policy

Effective: May 1, 2026

1. Who we are

This Privacy Policy describes how the PokerBox application (“PokerBox”, “we”, “us”) collects, uses, and shares information when you use our mobile application and related services (the “Service”). Questions can be sent to [email protected].

2. Information we collect

  • Account information you provide when you create an account: email address, name, and (optionally) profile photo. If you sign in with Apple or Google, we receive the basic profile information that Apple or Google sends.
  • Content you create in the app: poker session entries, transactions, bankroll settings, achievements, staking and selling records, referral codes, theme and preference settings, and any hand history notes you record.
  • Voice recordings you choose to make for hand history transcription. Audio is uploaded to our servers and forwarded to OpenAI for transcription. We store the resulting transcript with your account; we do not retain the original audio file. For the live (real-time) transcript shown while you speak, your device’s speech-recognition service is used: on some devices and languages this is processed on-device, and on others your platform provider (Apple or Google) processes the audio on its servers.
  • Subscription information processed by Apple or Google when you purchase a subscription. We do not see or store your payment card details.
  • Device and diagnostic information that the operating system or our error monitoring tools share with us, such as device model, OS version, and app version.
  • A push notification token and basic device identifiers, used to deliver notifications such as staking activity and live-session reminders.

3. How we use information

We use the information above to operate the Service, sync your data across devices, authenticate your sessions, process subscription entitlements, transcribe voice recordings you submit, communicate with you about the Service, and diagnose and fix problems.

4. Service providers and sharing

We use the following third parties to operate the Service. Each acts as a processor of your data and is bound by their own privacy terms:
  • Supabase — authentication and database hosting.
  • OpenAI — voice transcription. Audio you submit is sent to OpenAI through our backend to generate a transcript. Under OpenAI’s API data usage policy, data submitted through its API is not used to train its models.
  • Apple and Google — sign-in providers (when you choose) and processors of any in-app purchases or subscriptions you make. Their speech-recognition services may also process audio for the live transcript shown while you record a hand, where on-device recognition is unavailable.
  • RevenueCat — subscription management and entitlement validation.
  • Sentry — error and crash diagnostics. Crash reports include an account identifier (not your email) and technical context so we can diagnose issues.
  • Expo — delivery of push notifications and storage of your push notification token.

We do not sell your personal information.

5. Data retention

We retain your account data for as long as your account is active. When you delete your account, we delete your account data within a reasonable period, except where we are required by law to retain it (for example, transaction records for tax or audit purposes).

6. Your rights

You can access most of your data inside the app. You can also export your sessions as CSV from Settings. You can delete your account and the data associated with it from Settings at any time. If you are in a jurisdiction with additional rights (such as the EU/UK or California), you may have rights to access, correct, or object to certain processing of your information. Contact us at [email protected] to exercise these rights.

7. Children

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. Security

We use industry-standard measures to protect your information, including encrypted transport (TLS) and authenticated server access. No system is perfectly secure; you are responsible for keeping your account credentials confidential.

9. International transfers

We and our service providers may process your information in countries other than the one where you live. Where required, we put in place appropriate safeguards for these transfers.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by email. The “Effective” date above shows when the current version took effect.

11. Contact

Questions or requests can be sent to [email protected].