Privacy Policy
Your data is safe when you play poker with us.
Privacy Policy
Last Updated: July 5, 2026
Effective Date: July 5, 2026
1. INTRODUCTION
1.1 Who we are. Tablemate (“Tablemate,” “we,” “us,” or “our”) operates a platform to help adults coordinate in-person social card game gatherings through a mobile app, website, and related services (collectively, the “Service”).
1.2 Scope. This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and protect personal information when you:
Use the Tablemate mobile application (currently iOS);
Visit tablemate.site or related web pages (including hosted legal documents and password-reset pages);
Interact with our APIs or hosted backend (e.g., identity verification, account deletion, messaging, email checks, webhooks); or
Communicate with us (email, support requests).
1.3 Not for children. The Service is intended only for individuals 21 years of age or older. We do not knowingly collect personal information from anyone under 21.
1.4 Agreement. By using the Service, you acknowledge this Policy. Our Terms of Service govern your use of the Service. This Policy is incorporated into the Terms.
1.5 Changes. We may update this Policy. We will post the revised Policy with a new “Last Updated” date and, where required, provide additional notice (e.g., email or in-app). Continued use after changes means you accept the updated Policy.
1.6 Contact. Privacy questions and rights requests: support@tablemate.site (subject: “Privacy Request”).
2. PERSONAL INFORMATION WE COLLECT
We collect information in four ways: you provide it, we collect automatically, we receive it from third parties, and we store locally on your device (see Section 3).
2.1 Information You Provide
Category
Examples
Purposes (summary)
Account & identity
Name, email, password (if set), date of birth, account credentials
Registration, authentication, age eligibility
Profile
Profile photo, bio, Tablemate username, display preferences
Profiles, trust, discovery
Legal name
Legal first/last name (including from Sign in with Apple confirmation)
Verification, display rules, eligibility
Contact (optional)
Phone number, residential street address
Profile completeness, eligibility, geofencing — not shown to other users for browsing
Games
Titles, dates, times, city/coordinates, stakes/notes, capacity, game type (e.g., cash, tournament), tournament metadata, venue details
Listings, coordination, discovery
Participation
Join/leave actions, waitlist requests, invitations, roster status, approval/decline decisions
Hosting, joining, waitlists
Social graph
Follows, blocks
Discovery, messaging, safety
Communications
Direct messages, game/group chat content, system-generated roster/waitlist messages in chats
Messaging, coordination
Trust & safety
Reports (reason, reported user, optional game id), ratings/reviews of hosts and players
Safety, quality signals
Legal acceptance
Timestamps/versions of Terms & Privacy acceptance
Compliance, audit trail
Support
Emails or messages you send us
Support, disputes
Legal and display names. We may store legal first/last name separately from public display rules enforced in the Service (e.g., display name locks after Sign in with Apple or verification). Other users generally see display-name rules defined in the app, not your full legal name, except as needed for trust features you choose to enable.
Profile photos. Photos you upload are processed and stored as part of your account data (typically encoded and stored in our database infrastructure) to display on your profile and in the Service.
2.2 Information Collected Automatically
Category
Examples
Purposes (summary)
Device & app
Device type, OS version, app version, language, diagnostic logs in development
Operation, debugging, security
Usage
Features used, session activity, API interactions
Improve Service, abuse detection
Location
Precise GPS (with permission), coarse location from IP
California/market geofencing, distances to games
Push tokens
Apple Push Notification (APNs) device tokens tied to your account
Notify you of game, social, and message events
Logs
IP address, request timestamps, API paths, user agent, rate-limit signals
Security, rate limiting, troubleshooting
Location details. When you grant permission, we may collect location while you use the app (and, if the OS allows and you enable it, limited background updates for geofencing). You can disable location in device settings; some features will stop working.
Analytics. We do not currently integrate third-party advertising or cross-app behavioral analytics SDKs in the mobile app. We may use first-party server logs and aggregated usage to operate and improve the Service. Platform providers (e.g., Apple) may collect crash or distribution analytics under their own policies.
2.3 Information from Third Parties
Provider
Data we may receive
Role
Supabase
Auth identifiers, session/refresh tokens, email auth metadata, database hosting
Authentication, database, API hosting
Persona
Verification status, inquiry id, pass/fail signals, limited attributes we configure
Government ID verification
Sign in with Apple
Apple user identifier, email (including private relay), name on first authorization (per your Apple consent)
Optional sign-in and registration
Google Sign-In
Email, name, profile photo (per your Google consent)
Optional sign-in
Apple (APNs / App Store)
Push delivery infrastructure; distribution and platform analytics per Apple policies
Notifications, app delivery
Cloud hosting (e.g., Vercel or similar)
Server logs when our backend processes requests
APIs, webhooks, Persona sessions, password-reset bridge pages
We do not intentionally store full copies of your government ID or selfie in our primary application database when Persona processes them; Persona retains verification media under Persona’s policies.
2.4 Sensitive Information
Depending on jurisdiction, some data may be classified as “sensitive,” including:
Government-ID verification outcomes and document metadata from Persona;
Precise geolocation;
Date of birth; and
Account credentials.
We use sensitive information only as reasonably necessary to provide the Service, verify eligibility, prevent fraud, and comply with law—not for unrelated advertising profiling.
3. DEVICE AND LOCAL STORAGE
The app stores certain data on your device to keep you signed in and remember preferences:
Storage
Examples
Purpose
Keychain
Supabase access/refresh tokens, user id, Sign in with Apple user identifier
Secure session persistence
UserDefaults / app storage
Terms-agreement flag, password-setup flag, market-check flag, local ID-verification UI state, pending Apple registration draft, push token cache, notification prompt state
UX, session restore, onboarding
This local data is not a substitute for our server-side account record. It is cleared or invalidated when you sign out or delete the app, subject to OS behavior. Do not share your unlocked device with others.
4. HOW WE USE PERSONAL INFORMATION
4.1 Provide the Service — accounts, authentication (email/password, email one-time passcode, Sign in with Apple, Google), profiles, game discovery and hosting, joining and waitlists, invitations, messaging (direct and game-linked group chats), notifications, reviews, blocks, and search and username discovery (for eligible users).
4.2 Safety & integrity — enforce Terms and Policies; investigate reports; detect spam, bots, circumvention, and fraud; enforce blocks; protect users and the public.
4.3 Compliance — respond to lawful requests; maintain records; age and market eligibility (including California geofencing where enabled).
4.4 Improve & develop — debugging, performance, new features (often using aggregated/de-identified data).
4.5 Communicate — transactional messages (security, password reset, game updates, policy changes); marketing only with consent where required.
4.6 Legal claims — establish, exercise, or defend legal rights.
We do not use automated decision-making that produces legal or similarly significant effects without human review, except as needed for fraud prevention and eligibility checks (e.g., verification pass/fail, geofence gates, automated chat archive rules).
5. AUTHENTICATION, EMAIL CHECKS, AND ACCOUNT RECOVERY
5.1 Sign-in methods. Depending on what we offer, you may authenticate with email and password, email one-time passcode (OTP), Sign in with Apple, or Google Sign-In.
5.2 Email existence checks. Before registration or password reset, our backend may check whether an email is associated with an account. These endpoints are rate-limited to reduce abuse. Responses are designed to support account flows; they should not be used to harvest email lists.
5.3 Password reset. Password reset links may route through tablemate.site (or our backend) to open the app via a secure redirect. Reset tokens are handled through Supabase Auth and expire per provider rules.
5.4 Account deletion. You may delete your account in Account Center or via our authenticated DELETE /account backend endpoint, which removes your auth user and cascades deletion of associated app data subject to Section 8.
6. MESSAGING AND SOCIAL FEATURES
6.1 Direct messages. Verified users may send direct messages subject to follow, block, and verification rules. Message threads may appear in different inbox sections (e.g., friends vs. requests) depending on mutual follow status.
6.2 Game and group chats. Approved participants in a game may access a linked group conversation. Game group chats may become read-only after the game start time plus a defined window (e.g., 24 hours), after which new user messages may be blocked while history may remain visible per app rules.
6.3 Blocks. If you block a user, we use block data to restrict interactions (including certain direct messages) while preserving safety and audit needs as described in our Policies.
6.4 Push notifications. We may send push notifications for messages, game roster changes, waitlist events, follows, reviews, and similar activity. Notification content is delivered through Apple’s APNs using device tokens stored in our database.
6.5 What other users see. Depending on your actions, settings, and verification status, other users may see your profile information, verification badges, ratings, games you host or join (subject to address disclosure rules), and messages you send them or group participants.
7. HOW WE DISCLOSE PERSONAL INFORMATION
7.1 Other users (intentional visibility)
Depending on your actions and verification status, other users may see:
Display name (under app display rules), profile photo, bio, username;
Verification badges (e.g., ID verified);
Host/player ratings and reviews;
Games you host or join (non-address fields until disclosure rules apply);
Messages you send to participants in permitted conversations.
We do not publish your full residential address for discovery. Game venue addresses are shared only under Service rules (typically approved players, on or near game day).
7.2 Service providers (processors)
We share data with vendors that process data on our behalf under contractual obligations, including:
Supabase (database, authentication, storage of app data);
Persona (identity verification);
Cloud hosting / serverless providers for our backend (verification sessions, webhooks, account deletion, messaging APIs, email checks, push relay, password-reset pages);
Apple Push Notification service (delivery of notifications—we send tokens and payloads to Apple; Apple processes them under its policies);
Google (Sign-In, as applicable);
Apple (Sign in with Apple authentication).
We may also share aggregated or de-identified information that cannot reasonably identify you.
7.3 Legal & safety disclosures
We may disclose information if we believe in good faith that disclosure is necessary to:
Comply with law, regulation, legal process, or governmental request;
Protect the rights, property, or safety of Tablemate, users, or others;
Investigate fraud, security incidents, or Terms violations; or
Respond to an emergency.
7.4 Business transfers
If we merge, acquire, or sell assets, personal information may transfer subject to this Policy and notice as required by law.
7.5 With your direction or consent
We may disclose information when you ask or consent (e.g., sharing your plans with a friend outside the app is your choice—we are not responsible for what you share off-platform).
7.6 We do not sell personal information
We do not sell your personal information for money. We do not share it for cross-context behavioral advertising as a “sale” under CPRA. If practices change, we will update this Policy and provide required opt-outs.
8. RETENTION
8.1 Active accounts — we retain information while your account is active and as needed to provide the Service.
8.2 After deletion — when you delete your account (in-app or via our backend deletion endpoint), we delete or anonymize personal information subject to:
Legal retention obligations;
Fraud prevention and security logs;
Dispute resolution; and
Backup systems (deleted on rolling schedules).
8.3 Messages & chats — message content is retained while conversations exist and as needed for safety, abuse investigation, and legal compliance. Game-linked chats may become read-only but history may persist until deletion rules apply.
8.4 Reports & safety — we may retain reports, enforcement notes, and minimal identifiers longer to prevent repeat abuse.
8.5 Terms acceptance records — we may retain that you agreed to specific policy versions.
8.6 Legacy third-party data — we no longer offer LinkedIn connection in the Service. If you connected LinkedIn in the past, we may retain or delete associated fields according to this Policy and account deletion requests.
8.7 No guarantee of instant deletion across all replicas; we work to complete deletion within commercially reasonable timelines.
9. SECURITY
9.1 We use administrative, technical, and organizational measures designed to protect personal information (e.g., encryption in transit, access controls, hosted infrastructure security, row-level access controls in our database).
9.2 No system is 100% secure. You use the Service at your own risk.
9.3 Your duties — strong passwords, device locks, do not share OTP codes, report suspicious access.
9.4 Breach notification — if we confirm a breach affecting your personal information, we will notify you and regulators as required by law.
10. YOUR RIGHTS AND CHOICES
10.1 Access & correction — update profile fields in-app; contact us for additional access.
10.2 Deletion — delete account in Account Center or email support@tablemate.site. Some data may persist as described in Section 8.
10.3 Location — disable in device settings (limits geofencing and distance features).
10.4 Push notifications — manage in iOS Settings and in-app preferences where offered.
10.5 Marketing opt-out — unsubscribe links or email us; transactional messages may continue.
10.6 Cookies (web) — see Section 14.
10.7 Rights by region (non-exhaustive):
California (CCPA/CPRA): know, delete, correct, opt out of sale/share (we do not sell), limit use of sensitive PI, non-discrimination.
Other U.S. states (VA, CO, CT, UT, etc.): similar rights may apply; appeal if we deny a request.
EEA/UK/Switzerland (GDPR): access, rectification, erasure, restriction, portability, object, withdraw consent, lodge a complaint with a supervisory authority.
Other countries: local rights may apply.
10.8 Verification — we may verify your identity before fulfilling requests to prevent fraud.
10.9 Authorized agents — where law allows, agents may submit requests with proof of authority.
How to exercise rights: email support@tablemate.site with “Privacy Request,” your region, and the right you wish to exercise.
11. INTERNATIONAL TRANSFERS
11.1 We are based in the United States. Personal information may be processed in the U.S. and other countries where we or providers operate.
11.2 Those countries may have different data protection laws. By using the Service, you understand your information may be transferred internationally.
11.3 Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.
12. THIRD-PARTY LINKS
The Service may link to third-party sites or services (Persona, Google, Apple). Their privacy practices govern data you provide to them. Review their policies before use.
13. CHILDREN
The Service is not directed to anyone under 21. If you believe someone under 21 provided personal information, contact support@tablemate.site and we will take appropriate steps to delete it, subject to law.
14. COOKIES AND SIMILAR TECHNOLOGIES (WEB)
14.1 On our website and web flows we may use cookies, local storage, and similar technologies for authentication, security, preferences, and aggregate analytics.
14.2 You can control cookies via browser settings. Blocking necessary cookies may break sign-in or password-reset flows.
14.3 The mobile app uses local/secure storage and platform APIs rather than browser cookies (see Section 3).
14.4 Do Not Track — we do not respond to DNT signals in a uniform industry-standard way; we honor rights under applicable law as described in Section 10.
15. CALIFORNIA NOTICE AT COLLECTION (SUMMARY)
Category (examples)
Collected
Purpose
Retention (high level)
“Sold” or “Shared”
Identifiers (name, email, phone, IDs)
Yes
Account, safety
Active account + legal hold
No sale
Customer records (games joined/hosted)
Yes
Service
Same
No sale
Geolocation (precise, with permission)
Yes
Eligibility, distances
Same
No sale
Internet activity (logs, usage)
Yes
Security, improve
Shorter for logs
No sale
Sensitive (verification, DOB)
Yes
Eligibility, fraud
Same
No sale; limited use
For detailed rights, see Section 10. California residents may contact support@tablemate.site.
16. NEVADA
Nevada residents may submit opt-out requests for certain “sales” of covered information. We do not sell covered information as defined in Nevada law. Questions: support@tablemate.site.
17. CONTACT
Tablemate
Email: support@tablemate.site
Privacy requests: subject “Privacy Request.”
Security incidents: subject “Security.”
By using the Service, you acknowledge that you have read this Privacy Policy.
