Privacy Policy — Poker Timer

1. Who we are

Poker Timer is an independent service operated by a sole individual based in the United Kingdom. The operator is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (GDPR).

You can contact us at [email protected] for any privacy-related question, including exercising your rights described below.

2. What this policy covers

This policy explains how we collect, use, and share personal data when you use www.pokertimer.pro (our marketing site) and app.pokertimer.pro (our tournament clock application), together referred to as "Poker Timer" or "the service". It applies whether you use the free tier or subscribe to Pro.

3. Data we collect

We keep data collection to the minimum needed to run the service.

3.1 Data you provide

Account data (Pro only). If you sign in to use Pro features, we receive your email address and a unique account identifier from your OAuth provider (Google or GitHub). We do not see your password.
Subscription data (Pro only). Billing is handled entirely by Stripe. We never see or store your card details. We store a Stripe customer ID and the subscription status (active, cancelled, past due) so we know whether to unlock Pro features.
Support communications. If you email us, we keep the thread so we can respond and follow up.

3.2 Data created by your use of the service

Tournament state. Blind structures, chip sets, and payouts you configure on the free tier are stored locally in your browser (localStorage) and never sent to our servers.
Multi-device session data (Pro only). When you start a remote session we generate a short room code and route messages between your host screen and your controllers over a websocket. Session payloads are transient and are not retained after the session ends.
Device identifiers. A locally-generated device ID is stored in your browser's sessionStorage to keep controllers and hosts distinguishable during a session.

3.3 Data collected automatically

Analytics. We use Google Analytics 4 (measurement ID G-Y1KNMN8DLT) to understand aggregate usage. Analytics cookies are only set if you do not opt out — see our Cookie Policy for details.
Server logs. Our hosting provider (Cloudflare) records standard request metadata (IP, user agent, URL, timestamp, response code) for security and abuse prevention. Logs are retained for up to 30 days.

4. How we use your data

To deliver the service you requested, including running your tournament timer and synchronising controllers.
To process subscriptions, billing, and refunds via Stripe.
To reply to your support emails.
To keep the service secure, detect abuse, and prevent fraud.
To understand which features are used and improve them.
To comply with our legal obligations.

5. Legal bases (UK GDPR / GDPR)

Contract. Running your subscription and delivering Pro features.
Legitimate interests. Keeping the service secure, understanding aggregate usage, and defending against abuse.
Consent. Setting non-essential analytics cookies. You can withdraw consent at any time.
Legal obligation. Responding to lawful requests and keeping tax/accounting records.

6. Sharing your data

We do not sell your personal data. We share limited data with trusted processors who help us run the service:

Stripe — payment processing and subscription management.
Google and GitHub — OAuth sign-in (Pro only).
Cloudflare — hosting, edge compute (Workers, Durable Objects), and the D1 database where account/subscription records are stored.
Google Analytics — aggregate product usage.

Each processor is bound by their own terms and privacy practices. We recommend reviewing their policies if you'd like more detail.

7. International data transfers

Some of our processors are located outside the United Kingdom and the European Economic Area. Where personal data is transferred internationally we rely on appropriate safeguards, including the UK International Data Transfer Addendum and the EU Standard Contractual Clauses where applicable.

8. How long we keep data

Account and subscription records: while your account is active, and for a short period afterwards to handle post-cancellation queries and refunds. Stripe retains billing records per its own retention policy.
Support emails: typically up to 24 months.
Server logs: up to 30 days.
Locally-stored tournament state: kept on your own device until you clear browser storage.

9. Your rights

Depending on where you live, you have rights including:

Access to your personal data.
Correction of inaccurate data.
Deletion of your data.
Portability (receive a copy in a machine-readable format).
Restriction of or objection to certain processing.
Withdrawing consent where processing relies on consent.
Lodging a complaint with a supervisory authority — in the UK that is the Information Commissioner's Office (ico.org.uk).

California residents have rights under the CCPA/CPRA, including the right to know, delete, and opt out of "sale" or "sharing". We do not sell or share your personal data as those terms are defined under California law.

To exercise any of these rights, email [email protected].

10. Security

We take reasonable technical and organisational measures to protect your data, including HTTPS in transit, access control on our databases, and relying on Stripe for all payment information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

11. Children

Poker Timer is not directed at children. We do not knowingly collect personal data from anyone under the age of 13 (or 16 in the UK/EEA). If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above. Significant changes affecting Pro subscribers will be communicated by email where appropriate.

13. Contact

Questions, concerns, or requests: email [email protected].