H
Handwise

Privacy Policy

Last Updated: January 10, 2025

1. Introduction

Handwise ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered poker hand analysis service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password, and profile details
  • Payment Information: Processed securely through Stripe (we do not store full credit card numbers)
  • Poker Hand Histories: Hand data you upload for analysis
  • Communications: Messages you send to our support team

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session cookies for authentication and preferences
  • Analytics: Vercel Analytics and Speed Insights for performance monitoring
  • Activation Funnel Events: We track key user journey milestones (signup, upload, parse success, hand selection, analysis requests, and result views) to understand and improve the user experience and identify where users may encounter issues
  • Browser Storage: We store minimal data in your browser including:
    • localStorage: Privacy policy update banner dismissal preference
    • sessionStorage: Credit warning banner dismissal preference, analytics events for debugging (last 100 events, not transmitted)

2.3 Bug Reports and Security

  • Bug Reports: When you submit a bug report, we collect your email (optional), description, page URL, and user agent
  • Rate Limiting: We temporarily store your IP address to prevent spam and abuse. This data is automatically deleted after 60 minutes and is not used for any other purpose
  • Security Monitoring: We may log IP addresses and request patterns to detect and prevent fraudulent activity, DDoS attacks, and abuse of our Service

3. How We Use Your Information

We use your information to:

  • Provide and maintain our AI poker analysis Service
  • Process your subscription payments and manage your account
  • Analyze poker hands using AI models (OpenAI, Groq)
  • Send you service updates, security alerts, and support messages
  • Send you marketing communications (only with your explicit consent, which you may withdraw at any time)
  • Improve our Service through analytics and user feedback
  • Track user activation and engagement patterns to identify and fix user experience issues
  • Process and respond to bug reports you submit
  • Detect and prevent fraud, abuse, and security incidents through rate limiting and IP monitoring
  • Comply with legal obligations

Note on IP Address Retention: IP addresses collected for rate limiting are stored temporarily in server memory and are automatically deleted after 60 minutes. We do not permanently store IP addresses for rate limiting purposes.

Marketing Communications: We will never send you marketing emails without your prior consent. You can opt-in to marketing during account creation or in your account settings. You may unsubscribe at any time by clicking the unsubscribe link in any marketing email.

4. AI Processing and Third-Party Services

We use the following third-party services to operate Handwise:

  • Supabase: Database and authentication services (Data residency: US/EU depending on region)
  • OpenAI & Groq: AI models for poker hand analysis (Enterprise-grade services with privacy protections)
  • Stripe: Payment processing and subscription management (PCI DSS compliant)
  • Vercel: Hosting, analytics, and performance monitoring (Data residency: Global CDN)

4.1 AI Data Processing

When you request AI analysis of a poker hand, we send the following information to AI providers (OpenAI and Groq):

  • Hand history text (card values, actions, bet sizes)
  • Game context (stakes, positions, stack sizes)
  • Your specific question or analysis request

We do NOT send: Your name, email, payment information, or any other personally identifiable information.

AI Provider Data Usage: Our agreements with AI providers prohibit them from using your poker hand data to train their models. Data is processed solely to provide analysis results to you and is not retained by the AI provider beyond the duration needed to generate the response.

4.2 Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all third-party service providers that process personal data on our behalf. These agreements ensure providers:

  • Process data only according to our instructions
  • Implement appropriate security measures
  • Comply with GDPR and other applicable privacy laws
  • Use Standard Contractual Clauses (SCCs) for international data transfers

For details on how each provider handles data, please review their privacy policies:

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: Third parties who help us operate the Service (as listed above)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

6. Cookies and Tracking Technologies

6.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our Service. We use both session cookies (deleted when you close your browser) and persistent cookies (remain until deleted or expired).

6.2 Cookies We Use

Cookie NamePurposeTypeDuration
Supabase AuthAuthentication and session managementEssentialSession
Vercel AnalyticsPerformance monitoring and analyticsAnalytics1 year
Speed InsightsWebsite performance measurementAnalytics1 year

6.3 Managing Cookies

You can control cookies through our cookie consent banner or your browser settings. Please note that disabling essential cookies may prevent you from using certain features of our Service.

  • Essential Cookies: Required for authentication and core functionality. Cannot be disabled.
  • Analytics Cookies: Used for performance monitoring. Loaded only with your consent.

When you first visit our Service, you'll see a cookie consent banner allowing you to accept or reject analytics cookies. You can change your preferences at any time by clicking "Cookie Settings" in the footer of any page.

7. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication with password hashing
  • Regular security audits and updates
  • Access controls and least-privilege principles
  • Rate limiting to prevent abuse
  • Monitoring for suspicious activity

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. We encourage you to use strong passwords and enable two-factor authentication where available.

8. Data Retention

We retain your information according to the following schedule:

  • Active Accounts: Data retained for the duration your account is active
  • Deleted Accounts: Personal data permanently deleted within 30 days of account deletion request (except as noted below)
  • Hand Histories: Retained until account deletion or user-requested removal
  • Analytics Data: Aggregated and anonymized after 90 days, permanently deleted after 2 years
  • Rate Limiting Data: IP addresses automatically deleted after 60 minutes (stored in server memory only)
  • Backup Data: Included in rolling 30-day backups, then permanently deleted
  • Legal Hold Data: Transaction records, audit logs, and communications may be retained for up to 7 years for legal compliance, dispute resolution, or fraud prevention purposes

You may request deletion of your account and associated data at any time by contacting hello@handwise.app. We will process your request within 30 days.

9. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information through your account settings or by contacting us
  • Deletion: Delete your account and data through Account Settings or by contacting us at hello@handwise.app
  • Export: Download all your data in JSON format through Account Settings (GDPR & CCPA compliant)
  • Opt-out: Unsubscribe from marketing emails (we only send marketing with your consent)
  • Cookies: Manage cookie preferences via the cookie consent banner or Cookie Settings link in the footer
  • Object to Processing: Object to certain types of data processing (contact us to exercise this right)

Most rights can be exercised directly through your Account Settings page. For other requests, contact us at hello@handwise.app. We will respond within 30 days for most requests, or 45 days for CCPA requests as required by law.

Account Deletion: You can initiate account deletion from Account Settings. Your account will be marked for deletion with a 30-day grace period, during which you can cancel by logging in again. After 30 days, your data will be permanently removed, except for data we are legally required to retain (transaction records, audit logs).

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Legal Basis for Processing

We process your personal data based on:

  • Contract Performance: To provide the Service you subscribed to
  • Legitimate Interests: To improve our Service and prevent fraud
  • Legal Obligations: To comply with applicable laws
  • Consent: For marketing communications (you may withdraw consent anytime)

10.2 Your GDPR Rights

  • Right to Access: Obtain confirmation of data processing and a copy of your data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for data processing at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

10.3 International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

10.4 Data Protection Officer

For GDPR-related inquiries, contact our data protection team at hello@handwise.app

11. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

11.1 Your CCPA Rights

  • Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

11.2 Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers: Email address, IP address, unique device identifiers
  • Commercial Information: Purchase history, payment information (processed by Stripe)
  • Internet Activity: Browsing history on our Service, interaction with our Service
  • Geolocation Data: General location inferred from IP address
  • Professional Information: Poker hand histories you upload (not traditional employment data)

11.3 Sale of Personal Information

We do not sell your personal information. We have not sold personal information in the past 12 months.

We may share information with service providers who assist us in operating our Service, but this does not constitute a "sale" under CCPA as these providers are contractually prohibited from using your information for any purpose other than providing services to us.

11.4 How to Exercise Your CCPA Rights

To exercise your CCPA rights, please contact us at hello@handwise.app with the subject line "CCPA Request." We will verify your identity and respond to your request within 45 days as required by law.

You may also authorize an agent to make a request on your behalf. The authorized agent must provide written proof of authorization.

11.5 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

11. Children's Privacy (COPPA Compliance)

Our Service is not intended for children under 18 years of age, and we do not knowingly collect information from children under 13 years of age in compliance with the Children's Online Privacy Protection Act (COPPA).

If we discover that we have collected personal information from a child under 13, we will delete that information within 24 hours. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at hello@handwise.app.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users via email within 72 hours of discovering the breach
  • Provide details about what information was compromised
  • Explain steps we are taking to address the breach
  • Recommend actions you can take to protect yourself
  • Notify relevant supervisory authorities as required by law

13. Automated Decision-Making

Our Service uses artificial intelligence to analyze poker hands and provide strategic recommendations. This constitutes automated decision-making. Please be aware:

  • Purpose: AI analysis is used solely to provide poker strategy insights for educational purposes
  • Logic: Our AI analyzes hand histories against GTO (Game Theory Optimal) strategies and opponent patterns to generate recommendations
  • Consequences: AI recommendations are advisory only and do not guarantee outcomes. You retain full control over your poker decisions
  • Human Review: You may contact us to discuss any AI-generated analysis

You have the right to object to automated decision-making under GDPR. Contact us to exercise this right.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our Service. Your continued use after changes constitutes acceptance of the updated policy.

We maintain a version history of our Privacy Policy. Material changes are announced with at least 30 days notice for existing users.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: hello@handwise.app

For GDPR-related inquiries: hello@handwise.app

For CCPA requests: hello@handwise.app (Subject: CCPA Request)

This Privacy Policy is part of our Terms of Service. By using Handwise, you acknowledge that you have read and understood this Privacy Policy.