Privacy Policy
Last updated: July 1, 2026
This policy explains how PokerNotes (“we”) collects and processes your personal data when you use the application, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
1. Data controller
The data controller is Matthis DUPONT (sole trader / micro-entreprise), reachable at [email protected]. Full details are available in the legal notice.
2. Data we collect
We collect only the data required to run the service:
- Account data (via Google): when you sign in with Google, we receive your email address, first name, last name, profile picture and Google ID. We never receive your Google password.
- Gameplay data: the hands, tournaments, actions and opponent information you enter yourself, together with the computed statistics.
- Subscription data: chosen plan, status and billing period, Stripe customer and subscription identifiers, period end date.
- Preferences: your language choice and consent choice, stored locally in your browser.
We collect no analytics or advertising data, and we do not log your IP address.
3. Purposes and legal bases
| Processing | Purpose | Legal basis |
|---|---|---|
| Account and authentication | Identify you and secure access | Performance of the contract |
| Recording and analysing hands | Provide the game-tracking service | Performance of the contract |
| Subscription and payment | Manage paid plans | Performance of the contract and legal obligation (accounting) |
| Language preference | Display the interface in your language | Legitimate interest |
4. Recipients and processors
Your data is hosted and processed by providers acting on our behalf:
- Google — authentication (Google sign-in).
- Stripe — payment and billing processing.
- Render — backend application hosting (European Union region).
- Neon — database hosting (European Union region).
- Cloudflare — web application delivery.
Our application data is stored in the European Union (Frankfurt) region. We never sell or rent your data. Some providers (Google, Stripe, as well as Render and Neon, which are US companies) may be subject to US law; any transfers or access are governed by the EU–US Data Privacy Framework and/or the European Commission's standard contractual clauses.
5. Retention
- Account and gameplay data: kept while your account is active.
- On account deletion: your profile and gameplay data are erased.
- Subscription invoices: kept for 10 years to meet our accounting obligations.
6. Security
Your sensitive data (email, first name, last name) is encrypted at rest. No password is stored (sign-in via Google). Card data is handled exclusively by Stripe and never passes through our servers.
7. Cookies and local storage
We use no advertising or analytics trackers. Only strictly necessary or functional items are stored in your browser: authentication token, language preference, temporary subscription intent and consent choice. See “Manage cookies” in the footer for details.
8. Your rights
You have the rights of access, rectification, erasure, portability, restriction and objection. From your profile page you can export your data or delete your account at any time. For any other request, contact us at [email protected].
You may also lodge a complaint with the French data protection authority, the CNIL (www.cnil.fr).