Hypoker LLC ("we," "us," or "our") is a limited liability company organized under the laws of the State of Washington, United States. We operate Hypoker at hypoker.net, a poker training platform. This Privacy Policy applies to all users of the Service, including registered accounts and guests.
Hypoker LLC acts as the data controller for personal information collected through the Service, as that term is defined under applicable privacy laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
For privacy-related inquiries, contact us at: [email protected]
| Data | When Collected | Purpose |
|---|---|---|
| Email address | Account registration | Authentication, account recovery, service communications |
| Password (hashed) | Account registration | Authentication — never stored in plain text |
| Date of birth | Account registration | Age verification (18+ requirement, COPPA compliance) |
| Display name | Account registration | User identity within the platform |
| Avatar selection | Account registration or profile settings | User identity and personalization |
| Data | When Collected | Purpose |
|---|---|---|
| Country code (2-letter) | Account creation | Profile display (flag), regional context — detected once via IP; IP is not stored |
| Account creation timestamp | Account registration | Profile display, account management |
| Training statistics | During Trainer use | Performance tracking, stats display |
| Multiplayer game statistics | During multiplayer sessions | Performance tracking, stats display |
| XP and level data | Ongoing platform use | Progression system |
When you use the friends and social features of Hypoker, the following data is stored as part of operating those features:
| Data | When Collected | Purpose |
|---|---|---|
| Friend relationships (your UID and a friend's UID) | When a friend request is accepted | Maintaining your friends list |
| Friend request records (UIDs, display names, avatars, and countries of both parties) | When a friend request is sent | Processing and displaying friend requests |
| Online presence status | While connected to the multiplayer server | Displaying online/offline status to friends |
Presence data is held in memory only and is not persisted to the database. Friend request records are deleted upon acceptance or rejection.
We use the information we collect solely to operate and improve the Service. Our legal bases for processing under GDPR are noted where applicable:
We do not sell your personal information. We do not use your data for advertising purposes. We do not share your data with third parties for their own marketing.
Hypoker LLC uses the following third-party services to operate the platform. Each acts as a data processor under our direction for the purposes described:
We use Firebase for authentication and database storage. Your account data — including email, display name, statistics, and social data — is stored in Google Cloud Firestore, which is hosted in the United States. Firebase is subject to Google's Privacy Policy at policies.google.com/privacy. Google acts as a data processor under a Data Processing Agreement with Hypoker LLC.
The Hypoker web application is hosted on Netlify. Netlify may collect standard server logs including IP addresses in connection with delivering the website. See Netlify's Privacy Policy at netlify.com/privacy.
Our multiplayer game server is hosted on Railway. Railway handles server infrastructure only and does not have access to your personal account data. See Railway's Privacy Policy at railway.app/legal/privacy.
At account creation, a single request is made to ipapi.co to determine your country based on your IP address. Only the 2-letter country code result is stored by Hypoker LLC. Your IP address is not stored by us. See ipapi.co's Privacy Policy at ipapi.co/privacy.
Hypoker loads fonts from Google Fonts. Google may log requests made to its font servers, which may include your IP address. See Google's Privacy Policy at policies.google.com/privacy.
Hypoker uses Stripe to process subscription payments and virtual currency (Chip) purchases made on the web. When you make a web purchase, your payment information (credit/debit card details) is transmitted directly to Stripe and is never sent to or stored on Hypoker's servers. Stripe may collect information necessary to process payments, including your name, card number, billing address, and email address.
Stripe acts as a data processor and is PCI DSS Level 1 certified — the highest level of payment security certification. See Stripe's Privacy Policy at stripe.com/privacy.
Hypoker LLC stores only the following Stripe-related identifiers in your user record: Stripe customer ID and Stripe subscription ID. These are used to manage your subscription status and do not contain payment card information.
If you purchase a Premium subscription, Chips, or other items through the Hypoker iOS app, payment is processed by Apple through In-App Purchase. Apple may collect your Apple ID, payment method details, and transaction history. Hypoker LLC receives from Apple only an anonymized receipt and transaction identifier necessary to verify and fulfill your purchase; Hypoker does not receive your payment method, billing address, or Apple ID email. Apple's handling of your payment data is governed by Apple's Privacy Policy.
If you purchase a Premium subscription, Chips, or other items through the Hypoker Android app, payment is processed by Google through Google Play Billing. Google may collect your Google account identifier, payment method details, and transaction history. Hypoker LLC receives from Google only a purchase token and product identifier necessary to verify and fulfill your purchase; Hypoker does not receive your payment method or billing address. Google's handling of your payment data is governed by the Google Privacy Policy.
Hypoker LLC does not knowingly collect personal information from children under the age of 13. If you are under 13, you may not use this Service in any capacity. Users under 13 who attempt to register are blocked and no personal data is collected from them, in compliance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and 16 CFR Part 312.
If we become aware that we have inadvertently collected personal information from a child under 13, we will delete that information immediately. If you believe we may have collected information from a child under 13, please contact us immediately at [email protected].
We retain your account data for as long as your account is active. If you delete your account — which you can do directly from the Profile page within the app — your personal data will be removed from our active databases immediately upon deletion.
Specifically, the following data is deleted upon account deletion: your user profile, email, display name, avatar, training statistics, multiplayer statistics, XP and level data, friends list, friend request records, and leaderboard entries.
Some data may persist temporarily in infrastructure backups or server logs after deletion, as is typical for any cloud-hosted service. Specifically:
All retained data is held under the same security safeguards described in Section 7 and is not used for any purpose other than the one for which it was retained.
We take reasonable technical and organizational measures to protect your personal information, including:
No method of transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users as required by applicable law.
You have the following rights regarding your personal data:
To exercise any of these rights or for data requests that cannot be fulfilled within the app, contact us at [email protected]. We will respond within 30 days.
Hypoker LLC acts as the data controller for personal data processed through the Service. Our legal bases for processing are outlined in Section 3.
Under the GDPR, you have the following rights:
To exercise any GDPR right, contact us at [email protected]. We will respond within 30 days. You have the right at any time to lodge a complaint with your local data protection supervisory authority, whether or not you have first contacted us. For information on why Hypoker LLC does not maintain an EU representative under Article 27, see Section 13.
Where we rely on legitimate interests as the lawful basis for processing (for aggregated, anonymized platform-improvement analytics), you may object at any time by contacting us, and we will stop the relevant processing unless we have compelling legitimate grounds that override your interests or the processing is necessary for the establishment, exercise, or defense of legal claims.
Your personal data is processed and stored in the United States via Firebase (Google LLC). Such transfers from the EU/EEA to the US are made pursuant to the EU-U.S. Data Privacy Framework and Standard Contractual Clauses as applicable under Google's Data Processing Agreement. By using the Service, you consent to this transfer.
Under the CCPA/CPRA, California residents have the following rights:
To submit a verifiable consumer request, contact us at [email protected]. We will respond within 45 days as required by law.
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Display name, email address, unique account ID | Yes |
| Personal information (Cal. Civ. Code § 1798.80) | Name, email | Yes |
| Internet or network activity | Training and gameplay statistics | Yes |
| Geolocation data | Country code (2-letter, no precise location) | Yes (limited) |
| Inferences drawn | Skill level, performance patterns | Yes (within platform only) |
| Sensitive personal information | Passwords (hashed), date of birth (for age verification only) | Yes (limited use) |
| Financial information | Credit card or bank data | No |
| Biometric data | Fingerprints, facial recognition | No |
| Health information | Medical records | No |
Hypoker uses browser storage in limited ways:
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use cookies to track you across other websites.
Hypoker LLC is based in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.
For EU/EEA users, please see Section 9 for information on the legal mechanisms governing these transfers.
By using the Service, you acknowledge that your information may be transferred to and processed in the United States.
Hypoker LLC is established in the United States. Under Article 27(2)(a) of the GDPR, the obligation to appoint a representative in the Union does not apply where processing is occasional, does not include, on a large scale, processing of special categories of data or personal data relating to criminal convictions and offences, and is unlikely to result in a risk to the rights and freedoms of natural persons.
Hypoker LLC's processing falls within this exemption:
For these reasons, Hypoker LLC does not maintain an Article 27 representative in the European Union. EU, EEA, and UK users may submit any data protection inquiry, rights request, or complaint directly to Hypoker LLC at [email protected]. We respond within 30 days. This channel is staffed in English.
If our processing activities change such that Article 27(2) no longer applies — for example, if we begin large-scale profiling, process special category data, or otherwise exit the exemption — we will appoint an EU representative and update this Policy.
You retain the right at any time to lodge a complaint with your local data protection supervisory authority, whether or not you have first contacted us.
This section applies when you use Hypoker through the iOS or Android application. The privacy practices described elsewhere in this Policy apply in full; the information below covers native-app-specific points.
The Hypoker mobile app does not request access to your camera, microphone, contacts, photo library, precise location, health data, or other sensitive device APIs. The app requires only network access to communicate with Hypoker servers.
Hypoker does not collect your device advertising identifier (IDFA on iOS, Google Advertising ID on Android), nor does it use the App Tracking Transparency framework or any equivalent cross-app tracking mechanism. The app does not display third-party advertising and does not share data with advertising networks.
If push notifications are implemented in a future release, you will be asked to grant permission before any notifications are delivered. You may revoke notification permission at any time through your device settings.
The mobile app stores your authentication session locally on your device so you remain logged in between sessions. This data is scoped to the app and is deleted when you log out or uninstall the app.
Purchases made inside the mobile app are processed by Apple (iOS) or Google (Android) as described in Section 4. The receipt data Hypoker receives to verify a purchase is limited to the transaction identifier and product identifier.
Hypoker LLC is a small independent operator (a microenterprise under EU law, with fewer than 10 employees and turnover below EUR 2 million). We aim to make Hypoker accessible to users with a wide range of abilities and work toward alignment with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA where practical.
If you experience an accessibility barrier while using Hypoker, or would like to request an alternative means of access to a feature, please contact us at [email protected]. We will make reasonable efforts to respond within a reasonable time and to remedy the issue where feasible.
We may update this Privacy Policy from time to time. When we do, the "Last Updated" date at the top of this page will be revised. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.
For material changes that affect how we handle your personal data, we will make reasonable efforts to notify registered users within the platform or by email.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Hypoker LLC
State of Washington, United States
Website: hypoker.net
Email: [email protected]
For GDPR-related inquiries, you may also contact your local data protection supervisory authority.