Privacy Policy

Beta draft — last updated May 2026.

What we collect

• Account data: email, chosen nickname, bcrypt password hash, timezone, preferred currency. Stored in a SQLite database on our server.
• Your uploads: HRC solver files (.hrcz) and hand-history text you send us. Stored as files and per-user database shards on the same server, tied to your account.
• Sharing records: which hands you shared peer-to-peer, which groups you joined, who posted what — stored so the UI can show it back to you and the recipients.
• Session cookies: one opaque httpOnly cookie per active login. No third-party cookies.
• Product telemetry: anonymous-by-default page views and feature events through PostHog, and crash reports through Sentry. Identifiable only by your user id once you sign in, used to triage bugs and prioritise improvements. No third-party advertising tags.

What we don't collect

• No access to your solver history or poker-site login — you paste/upload files by hand.
• No advertising pixels, no fingerprinting, no third-party trackers beyond the telemetry listed above.
• No payment data during beta (beta is free).

Third parties

• Resend delivers transactional email (signup verification, password reset) from noreply@nousgg.com.
• Cloudflare sits in front of the origin for TLS termination and DDoS protection.
• Sentry receives server-side and browser-side errors.
• PostHog receives anonymous usage events.

No other data leaves our server.

Hand-history data and other players

Hand histories from poker sites include screen names of other players. We process that data only to display statistics back to you and anyone you share with. We do not build a cross-user player database, do not sell stat data, and do not surface nicknames to users outside the share/group relationship.

Your rights (LGPD)

You can ask us to export, correct, or delete the personal data we hold for you, or to stop processing it. While in-product export and full-account deletion are still being built, email nousverific@gmail.com from the address tied to your account and we'll respond within 14 days. The Profile page already lets you delete every hand history, alias, and group on demand (Danger zone); that path is self-service and instant.

Security

Passwords are bcrypt-hashed. Sessions are server-side tokens that can be revoked instantly. Rate limits sit on login, signup, password reset, uploads, and group-join. The app is served over HTTPS via Cloudflare; the origin is reachable only through the Cloudflare edge.

Backups

We keep rolling daily backups: shared auth/sharing data and the per-user hand-history shards are retained for 3 days, and the larger .hrcz uploads tree for 1 day. They exist to recover from a bug or accidental delete — not as a long-term archive. When you delete data, the live copy is removed immediately; the backup copy ages out on the schedule above.

Contact

Privacy and data-rights questions go to nousverific@gmail.com.