Privacy Policy

Effective Date: May 17, 2026

First Hand Poker ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the First Hand Poker mobile application and website (collectively, the "Service").

1. Information We Collect

The App is fully functional without an account. Signing in is optional and only required if you want your progress to sync across devices.

Account information (only if you sign in). When you choose to sign in, we collect your email address. We use Supabase for authentication — you receive a magic link plus a 6-digit one-time code by email, and no password is stored.

Learning progress (always). We store your per-module progress (module ID, total correct, total answered, time spent, completion timestamp), per-lesson progress (status, current section, current example, last-updated timestamp), per-decision-point answer records (the option you selected, whether it was correct, and when), and per-slider commit records for Module 7 and later (scenario ID, slider value, computed zone, commit timestamp). When you are not signed in, this data is stored only in your device's local browser storage. When you are signed in, it is also written to our server database (Supabase) so it can sync across your devices.

Theme preference (always, local-only). Whether you have selected light or dark theme is stored in your device's local browser storage. It is not transmitted off your device.

Error monitoring data (always). When the App encounters an uncaught error, we send the error message, stack trace, recent navigation breadcrumbs, app version, and basic device information (operating-system version, device class) to Sentry to help us diagnose and fix bugs. Sentry is configured not to send personally-identifying information. See Section 9 (Third-Party Services) for more detail.

We do not collect aggregate usage analytics (no Google Analytics, Mixpanel, Amplitude, or comparable SDK is integrated). We do not collect IP-based location, contacts, photos, microphone, camera, advertising identifiers (IDFA), or cross-app tracking data.

2. Information We Do Not Collect

First Hand Poker is an educational app. We do not collect:

• Financial or payment-card information (the full curriculum is free; no in-app purchases exist)
• Precise location data (no GPS, no IP-based geolocation)
• Contacts, photos, microphone, camera, or other personal media
• Health, fitness, or biometric data
• Gambling or real-money transaction data (the app involves no real-money play)
• Advertising identifiers (IDFA), behavioral analytics, or cross-app tracking data
• Social-graph data (we use magic-link sign-in only; no Apple Sign-In, Google OAuth, or Facebook OAuth)

3. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Save and sync your learning progress across devices
• Personalize your educational experience
• Communicate with you about service updates or support requests
• Analyze anonymized usage patterns to improve content quality

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following limited circumstances:

• Service providers: We use third-party services that process data on our behalf under strict data protection agreements. Our service providers are listed in Section 9 (Third-Party Services).
• Legal requirements: We may disclose information if required by law, regulation, or legal process.
• Safety: We may share information if we believe it is necessary to protect the safety of our users or the public.

5. Data Security

We implement industry-standard security measures to protect your information, including encrypted data transmission (TLS/SSL), secure authentication protocols, and access controls on our infrastructure. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account and progress data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at email@firsthandpoker.com.

8. Children's Privacy

First Hand Poker is rated 17+ on the Apple App Store and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it promptly.

9. Third-Party Services

We rely on the following third-party services to operate the App. Each acts as a sub-processor on our behalf.

Supabase (authentication and database hosting). We use Supabase to authenticate users via the magic-link sign-in flow and to store learning progress when users are signed in. Data exposed: email address, lesson progress, quiz responses. Region: United States (Virginia). Privacy policy: https://supabase.com/privacy.

Sentry (error monitoring). We use Sentry to capture uncaught application errors and browser performance traces. Data exposed: error messages, stack traces, browser navigation breadcrumbs, app version, and device class (e.g., iOS version). Sentry is configured with sendDefaultPii: false, and we do not tag Sentry sessions with user identity — your email address and account ID are never sent to Sentry. Privacy policy: https://sentry.io/privacy/.

The Service may also contain links to third-party websites. We are not responsible for the privacy practices of external sites we link to.

10. International Data Transfers

If you access the App from outside the United States, your data is transferred to and stored on servers in the United States. Specifically:

• Your account data and learning progress are stored in Supabase's U.S. (Virginia) region.
• Error monitoring data (per Section 9) is processed by Sentry's infrastructure, which may include U.S. and EU regions per Sentry's regional configuration.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: where personal data is transferred outside your jurisdiction, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal basis for transfer. Supabase provides SCCs on request via its data processing addendum (https://supabase.com/legal/dpa); Sentry provides SCCs as part of its standard terms.

If you have questions about the legal basis for international data transfer of your data, contact us at the email address in Section 12 (Contact Us).

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email. The "Effective Date" at the top of this page indicates when this policy was last revised.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: email@firsthandpoker.com
Website: firsthandpoker.com