Home/Privacy Policy

Legal

Privacy Policy

Last updated: May 14, 2026

Summary

You own your poker data. We use it only to power your analysis.

Payments processed securely by Stripe. We never see your card.

No advertising. No selling your data. No third-party tracking.

01

Introduction

Stacked Poker (“Stacked,” “we,” “our,” or “us”) operates the Stacked Poker platform, an educational poker analysis tool available at stacked.ai.

This Privacy Policy describes how we collect, use, store, and protect information about you when you use our website and services. By creating an account or using the platform, you consent to the practices described in this policy.

If you have questions, you can reach us at any time at privacy@stacked.ai.

02

Information We Collect

We collect the following categories of information:

Account Information

  • Email address and username when you sign up
  • Hashed password (we never store plain-text passwords)
  • Google account details if you use Google Sign-In
  • Subscription tier and billing status

Usage Data

  • Pages visited and features used within the platform
  • Session duration and interaction patterns
  • Browser type, device type, and operating system
  • IP address (used for security and fraud prevention)

Poker Data

  • Hand histories you upload or paste for analysis
  • Tournament files and session data you provide
  • Analysis results and coaching insights generated for your hands
03

How We Use Your Data

We use the information we collect to:

  • Provide, operate, and improve the Stacked Poker platform
  • Process your hand histories and generate coaching analysis
  • Manage your account, subscription, and billing
  • Send transactional emails (password resets, billing receipts, important notices)
  • Analyze aggregate, anonymized usage patterns to improve our features
  • Detect and prevent fraudulent or abusive activity
  • Comply with legal obligations

We do not use your data for advertising, sell it to third parties, or use it to profile you for non-platform purposes.

04

Hand History & Poker Data

You own your poker data. Hand histories you upload remain yours. We act as a data processor, not a data owner, for your poker hands.

Specifically, hand histories and poker data you provide:

  • Are used solely to generate analysis results and coaching insights for your account
  • Are never sold, licensed, or disclosed to third parties for their own use
  • Are not used to train AI or machine learning models beyond powering your analysis
  • Are stored securely and associated only with your account
  • Can be deleted at any time by deleting your account or contacting us

Hand histories may contain usernames of other players at the table. We treat this information with the same confidentiality as your own data.

05

AI Analysis Processing

Stacked Poker uses Anthropic's Claude API to generate coaching commentary and strategic explanations. When you request an analysis:

  • Your parsed hand data (not your raw file) is sent to Anthropic's API
  • Anthropic processes this data to generate coaching text
  • We do not include your name, email, or account ID in API requests
  • Anthropic's data retention and usage is governed by their own privacy policy

Anthropic is a SOC 2 Type II certified provider. Their API usage policy does not permit them to use your inputs to train their models by default.

06

Payment Processing

All payments are processed by Stripe, Inc., a leading payment processor trusted by millions of businesses worldwide.

  • We never see, store, or have access to your full card number, CVV, or expiry date
  • Stripe handles all payment data under PCI DSS Level 1 compliance
  • We store only a Stripe Customer ID to manage your subscription
  • Billing history and invoices are accessible via your account settings
  • Stripe may retain transaction records as required by applicable law

Stripe's privacy practices are described in the Stripe Privacy Policy.

07

Authentication & Security

Authentication is managed by Supabase, an open-source backend platform with enterprise-grade security.

  • Passwords are hashed using bcrypt — we can never read your password
  • Sessions use short-lived JWT tokens stored in secure, httpOnly cookies
  • Google OAuth is available as a sign-in alternative
  • All data in transit is encrypted via TLS 1.2+
  • Database connections use encrypted channels

If you suspect unauthorized access to your account, please contact us immediately at privacy@stacked.ai.

08

Cookies & Local Storage

We use cookies and browser local storage for the following purposes:

Required

Authentication

Session tokens to keep you signed in. Cannot be disabled without breaking sign-in.

Functional

UI Preferences

Layout preferences and UI state stored in localStorage for a consistent experience.

We do not use advertising cookies, cross-site tracking, or any third-party analytics cookies.

09

Data Retention

  • Account data is retained for as long as your account is active
  • Hand histories and analysis results are retained until you delete them or your account
  • Upon account deletion, personal data is removed within 30 days
  • Billing records may be retained for up to 7 years as required by financial regulations
  • Anonymized, aggregated usage statistics may be retained indefinitely

To request early deletion of your data, email privacy@stacked.ai with the subject “Data Deletion Request.”

10

Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the GDPR and UK GDPR:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data.

Right to Object

Object to processing of your data for certain purposes.

Data Portability

Receive your data in a machine-readable format.

Right to Restrict

Limit how we process your data in certain circumstances.

To exercise any of these rights, contact privacy@stacked.ai. We will respond within 30 days.

Our legal basis for processing personal data is: contract performance (providing the service), legitimate interests (platform security and improvement), and consent where explicitly given.

11

Third-Party Services

We use the following trusted third-party services to operate the platform:

Supabase

Authentication, database, and storage

Privacy policy →

Stripe

Payment processing and subscription management

Privacy policy →

Anthropic

AI coaching insights via Claude API

Privacy policy →

Vercel

Hosting, CDN, and edge network

Privacy policy →
12

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and update the “Last updated” date at the top of this page.

Continued use of Stacked Poker after changes take effect constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account before the effective date.

13

Contact Us

For any privacy-related questions, data requests, or concerns, contact us at:

Privacy inquiries

privacy@stacked.ai

We aim to respond to all privacy-related requests within 30 days.

Also see our usage terms and subscription policies.

Terms of Service →