black and white bed linen

Privacy Policy

Your data is safe when you play poker with us.

Privacy Policy

Last Updated: July 5, 2026


Effective Date: July 5, 2026


1. INTRODUCTION

1.1 Who we are. Tablemate (“Tablemate,” “we,” “us,” or “our”) operates a platform to help adults coordinate in-person social card game gatherings through a mobile app, website, and related services (collectively, the “Service”).


1.2 Scope. This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and protect personal information when you:


  • Use the Tablemate mobile application (currently iOS);

  • Visit tablemate.site or related web pages (including hosted legal documents and password-reset pages);

  • Interact with our APIs or hosted backend (e.g., identity verification, account deletion, messaging, email checks, webhooks); or

  • Communicate with us (email, support requests).


1.3 Not for children. The Service is intended only for individuals 21 years of age or older. We do not knowingly collect personal information from anyone under 21.


1.4 Agreement. By using the Service, you acknowledge this Policy. Our Terms of Service govern your use of the Service. This Policy is incorporated into the Terms.


1.5 Changes. We may update this Policy. We will post the revised Policy with a new “Last Updated” date and, where required, provide additional notice (e.g., email or in-app). Continued use after changes means you accept the updated Policy.


1.6 Contact. Privacy questions and rights requests: support@tablemate.site (subject: “Privacy Request”).


2. PERSONAL INFORMATION WE COLLECT

We collect information in four ways: you provide it, we collect automatically, we receive it from third parties, and we store locally on your device (see Section 3).

2.1 Information You Provide

Category

Examples

Purposes (summary)

Account & identity

Name, email, password (if set), date of birth, account credentials

Registration, authentication, age eligibility

Profile

Profile photo, bio, Tablemate username, display preferences

Profiles, trust, discovery

Legal name

Legal first/last name (including from Sign in with Apple confirmation)

Verification, display rules, eligibility

Contact (optional)

Phone number, residential street address

Profile completeness, eligibility, geofencing — not shown to other users for browsing

Games

Titles, dates, times, city/coordinates, stakes/notes, capacity, game type (e.g., cash, tournament), tournament metadata, venue details

Listings, coordination, discovery

Participation

Join/leave actions, waitlist requests, invitations, roster status, approval/decline decisions

Hosting, joining, waitlists

Social graph

Follows, blocks

Discovery, messaging, safety

Communications

Direct messages, game/group chat content, system-generated roster/waitlist messages in chats

Messaging, coordination

Trust & safety

Reports (reason, reported user, optional game id), ratings/reviews of hosts and players

Safety, quality signals

Legal acceptance

Timestamps/versions of Terms & Privacy acceptance

Compliance, audit trail

Support

Emails or messages you send us

Support, disputes


Legal and display names. We may store legal first/last name separately from public display rules enforced in the Service (e.g., display name locks after Sign in with Apple or verification). Other users generally see display-name rules defined in the app, not your full legal name, except as needed for trust features you choose to enable.


Profile photos. Photos you upload are processed and stored as part of your account data (typically encoded and stored in our database infrastructure) to display on your profile and in the Service.

2.2 Information Collected Automatically

Category

Examples

Purposes (summary)

Device & app

Device type, OS version, app version, language, diagnostic logs in development

Operation, debugging, security

Usage

Features used, session activity, API interactions

Improve Service, abuse detection

Location

Precise GPS (with permission), coarse location from IP

California/market geofencing, distances to games

Push tokens

Apple Push Notification (APNs) device tokens tied to your account

Notify you of game, social, and message events

Logs

IP address, request timestamps, API paths, user agent, rate-limit signals

Security, rate limiting, troubleshooting


Location details. When you grant permission, we may collect location while you use the app (and, if the OS allows and you enable it, limited background updates for geofencing). You can disable location in device settings; some features will stop working.


Analytics. We do not currently integrate third-party advertising or cross-app behavioral analytics SDKs in the mobile app. We may use first-party server logs and aggregated usage to operate and improve the Service. Platform providers (e.g., Apple) may collect crash or distribution analytics under their own policies.

2.3 Information from Third Parties

Provider

Data we may receive

Role

Supabase

Auth identifiers, session/refresh tokens, email auth metadata, database hosting

Authentication, database, API hosting

Persona

Verification status, inquiry id, pass/fail signals, limited attributes we configure

Government ID verification

Sign in with Apple

Apple user identifier, email (including private relay), name on first authorization (per your Apple consent)

Optional sign-in and registration

Google Sign-In

Email, name, profile photo (per your Google consent)

Optional sign-in

Apple (APNs / App Store)

Push delivery infrastructure; distribution and platform analytics per Apple policies

Notifications, app delivery

Cloud hosting (e.g., Vercel or similar)

Server logs when our backend processes requests

APIs, webhooks, Persona sessions, password-reset bridge pages


We do not intentionally store full copies of your government ID or selfie in our primary application database when Persona processes them; Persona retains verification media under Persona’s policies.

2.4 Sensitive Information

Depending on jurisdiction, some data may be classified as “sensitive,” including:


  • Government-ID verification outcomes and document metadata from Persona;

  • Precise geolocation;

  • Date of birth; and

  • Account credentials.


We use sensitive information only as reasonably necessary to provide the Service, verify eligibility, prevent fraud, and comply with law—not for unrelated advertising profiling.

3. DEVICE AND LOCAL STORAGE

The app stores certain data on your device to keep you signed in and remember preferences:


Storage

Examples

Purpose

Keychain

Supabase access/refresh tokens, user id, Sign in with Apple user identifier

Secure session persistence

UserDefaults / app storage

Terms-agreement flag, password-setup flag, market-check flag, local ID-verification UI state, pending Apple registration draft, push token cache, notification prompt state

UX, session restore, onboarding


This local data is not a substitute for our server-side account record. It is cleared or invalidated when you sign out or delete the app, subject to OS behavior. Do not share your unlocked device with others.


4. HOW WE USE PERSONAL INFORMATION

4.1 Provide the Service — accounts, authentication (email/password, email one-time passcode, Sign in with Apple, Google), profiles, game discovery and hosting, joining and waitlists, invitations, messaging (direct and game-linked group chats), notifications, reviews, blocks, and search and username discovery (for eligible users).


4.2 Safety & integrity — enforce Terms and Policies; investigate reports; detect spam, bots, circumvention, and fraud; enforce blocks; protect users and the public.


4.3 Compliance — respond to lawful requests; maintain records; age and market eligibility (including California geofencing where enabled).


4.4 Improve & develop — debugging, performance, new features (often using aggregated/de-identified data).


4.5 Communicate — transactional messages (security, password reset, game updates, policy changes); marketing only with consent where required.


4.6 Legal claims — establish, exercise, or defend legal rights.


We do not use automated decision-making that produces legal or similarly significant effects without human review, except as needed for fraud prevention and eligibility checks (e.g., verification pass/fail, geofence gates, automated chat archive rules).


5. AUTHENTICATION, EMAIL CHECKS, AND ACCOUNT RECOVERY

5.1 Sign-in methods. Depending on what we offer, you may authenticate with email and password, email one-time passcode (OTP), Sign in with Apple, or Google Sign-In.


5.2 Email existence checks. Before registration or password reset, our backend may check whether an email is associated with an account. These endpoints are rate-limited to reduce abuse. Responses are designed to support account flows; they should not be used to harvest email lists.


5.3 Password reset. Password reset links may route through tablemate.site (or our backend) to open the app via a secure redirect. Reset tokens are handled through Supabase Auth and expire per provider rules.


5.4 Account deletion. You may delete your account in Account Center or via our authenticated DELETE /account backend endpoint, which removes your auth user and cascades deletion of associated app data subject to Section 8.


6. MESSAGING AND SOCIAL FEATURES

6.1 Direct messages. Verified users may send direct messages subject to follow, block, and verification rules. Message threads may appear in different inbox sections (e.g., friends vs. requests) depending on mutual follow status.


6.2 Game and group chats. Approved participants in a game may access a linked group conversation. Game group chats may become read-only after the game start time plus a defined window (e.g., 24 hours), after which new user messages may be blocked while history may remain visible per app rules.


6.3 Blocks. If you block a user, we use block data to restrict interactions (including certain direct messages) while preserving safety and audit needs as described in our Policies.


6.4 Push notifications. We may send push notifications for messages, game roster changes, waitlist events, follows, reviews, and similar activity. Notification content is delivered through Apple’s APNs using device tokens stored in our database.


6.5 What other users see. Depending on your actions, settings, and verification status, other users may see your profile information, verification badges, ratings, games you host or join (subject to address disclosure rules), and messages you send them or group participants.


7. HOW WE DISCLOSE PERSONAL INFORMATION

7.1 Other users (intentional visibility)

Depending on your actions and verification status, other users may see:


  • Display name (under app display rules), profile photo, bio, username;

  • Verification badges (e.g., ID verified);

  • Host/player ratings and reviews;

  • Games you host or join (non-address fields until disclosure rules apply);

  • Messages you send to participants in permitted conversations.


We do not publish your full residential address for discovery. Game venue addresses are shared only under Service rules (typically approved players, on or near game day).

7.2 Service providers (processors)

We share data with vendors that process data on our behalf under contractual obligations, including:


  • Supabase (database, authentication, storage of app data);

  • Persona (identity verification);

  • Cloud hosting / serverless providers for our backend (verification sessions, webhooks, account deletion, messaging APIs, email checks, push relay, password-reset pages);

  • Apple Push Notification service (delivery of notifications—we send tokens and payloads to Apple; Apple processes them under its policies);

  • Google (Sign-In, as applicable);

  • Apple (Sign in with Apple authentication).


We may also share aggregated or de-identified information that cannot reasonably identify you.

7.3 Legal & safety disclosures

We may disclose information if we believe in good faith that disclosure is necessary to:


  • Comply with law, regulation, legal process, or governmental request;

  • Protect the rights, property, or safety of Tablemate, users, or others;

  • Investigate fraud, security incidents, or Terms violations; or

  • Respond to an emergency.

7.4 Business transfers

If we merge, acquire, or sell assets, personal information may transfer subject to this Policy and notice as required by law.

7.5 With your direction or consent

We may disclose information when you ask or consent (e.g., sharing your plans with a friend outside the app is your choice—we are not responsible for what you share off-platform).

7.6 We do not sell personal information

We do not sell your personal information for money. We do not share it for cross-context behavioral advertising as a “sale” under CPRA. If practices change, we will update this Policy and provide required opt-outs.


8. RETENTION

8.1 Active accounts — we retain information while your account is active and as needed to provide the Service.


8.2 After deletion — when you delete your account (in-app or via our backend deletion endpoint), we delete or anonymize personal information subject to:


  • Legal retention obligations;

  • Fraud prevention and security logs;

  • Dispute resolution; and

  • Backup systems (deleted on rolling schedules).


8.3 Messages & chats — message content is retained while conversations exist and as needed for safety, abuse investigation, and legal compliance. Game-linked chats may become read-only but history may persist until deletion rules apply.


8.4 Reports & safety — we may retain reports, enforcement notes, and minimal identifiers longer to prevent repeat abuse.


8.5 Terms acceptance records — we may retain that you agreed to specific policy versions.


8.6 Legacy third-party data — we no longer offer LinkedIn connection in the Service. If you connected LinkedIn in the past, we may retain or delete associated fields according to this Policy and account deletion requests.


8.7 No guarantee of instant deletion across all replicas; we work to complete deletion within commercially reasonable timelines.


9. SECURITY

9.1 We use administrative, technical, and organizational measures designed to protect personal information (e.g., encryption in transit, access controls, hosted infrastructure security, row-level access controls in our database).


9.2 No system is 100% secure. You use the Service at your own risk.


9.3 Your duties — strong passwords, device locks, do not share OTP codes, report suspicious access.


9.4 Breach notification — if we confirm a breach affecting your personal information, we will notify you and regulators as required by law.


10. YOUR RIGHTS AND CHOICES

10.1 Access & correction — update profile fields in-app; contact us for additional access.


10.2 Deletion — delete account in Account Center or email support@tablemate.site. Some data may persist as described in Section 8.


10.3 Location — disable in device settings (limits geofencing and distance features).


10.4 Push notifications — manage in iOS Settings and in-app preferences where offered.


10.5 Marketing opt-out — unsubscribe links or email us; transactional messages may continue.


10.6 Cookies (web) — see Section 14.


10.7 Rights by region (non-exhaustive):


  • California (CCPA/CPRA): know, delete, correct, opt out of sale/share (we do not sell), limit use of sensitive PI, non-discrimination.

  • Other U.S. states (VA, CO, CT, UT, etc.): similar rights may apply; appeal if we deny a request.

  • EEA/UK/Switzerland (GDPR): access, rectification, erasure, restriction, portability, object, withdraw consent, lodge a complaint with a supervisory authority.

  • Other countries: local rights may apply.


10.8 Verification — we may verify your identity before fulfilling requests to prevent fraud.


10.9 Authorized agents — where law allows, agents may submit requests with proof of authority.


How to exercise rights: email support@tablemate.site with “Privacy Request,” your region, and the right you wish to exercise.


11. INTERNATIONAL TRANSFERS

11.1 We are based in the United States. Personal information may be processed in the U.S. and other countries where we or providers operate.


11.2 Those countries may have different data protection laws. By using the Service, you understand your information may be transferred internationally.


11.3 Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.


12. THIRD-PARTY LINKS

The Service may link to third-party sites or services (Persona, Google, Apple). Their privacy practices govern data you provide to them. Review their policies before use.


13. CHILDREN

The Service is not directed to anyone under 21. If you believe someone under 21 provided personal information, contact support@tablemate.site and we will take appropriate steps to delete it, subject to law.


14. COOKIES AND SIMILAR TECHNOLOGIES (WEB)

14.1 On our website and web flows we may use cookies, local storage, and similar technologies for authentication, security, preferences, and aggregate analytics.


14.2 You can control cookies via browser settings. Blocking necessary cookies may break sign-in or password-reset flows.


14.3 The mobile app uses local/secure storage and platform APIs rather than browser cookies (see Section 3).


14.4 Do Not Track — we do not respond to DNT signals in a uniform industry-standard way; we honor rights under applicable law as described in Section 10.


15. CALIFORNIA NOTICE AT COLLECTION (SUMMARY)

Category (examples)

Collected

Purpose

Retention (high level)

“Sold” or “Shared”

Identifiers (name, email, phone, IDs)

Yes

Account, safety

Active account + legal hold

No sale

Customer records (games joined/hosted)

Yes

Service

Same

No sale

Geolocation (precise, with permission)

Yes

Eligibility, distances

Same

No sale

Internet activity (logs, usage)

Yes

Security, improve

Shorter for logs

No sale

Sensitive (verification, DOB)

Yes

Eligibility, fraud

Same

No sale; limited use


For detailed rights, see Section 10. California residents may contact support@tablemate.site.


16. NEVADA

Nevada residents may submit opt-out requests for certain “sales” of covered information. We do not sell covered information as defined in Nevada law. Questions: support@tablemate.site.


17. CONTACT

Tablemate
Email:
support@tablemate.site


Privacy requests: subject “Privacy Request.”
Security incidents: subject
“Security.”



By using the Service, you acknowledge that you have read this Privacy Policy.