Privacy Policy

Last Updated: April 3, 2026

Effective Date: April 3, 2026

1. INTRODUCTION

1.1 Scope. This Privacy Policy (“Policy”) describes how Tablemate (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you visit our website, use our mobile application, interact with our APIs or backend services, or otherwise access related products and services (collectively, the “Service” or “Platform”). This Policy applies to all users and visitors, including people who only browse our website, registered account holders, hosts, and players.

1.2 Your Consent. By accessing or using the Service—including visiting our website—you consent to the collection, use, and disclosure of your information as described in this Policy. If you do not agree with this Policy, you must not use the Service.

1.3 Changes. We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on our website and within the Service and updating the “Last Updated” date. Your continued use of the Service after such changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

1.4 Not Legal Advice. This Policy is intended to describe our practices in plain language. It is not a contract by itself; our Terms of Service govern your use of the Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account and profile information

• Name: First name and last name (and, where applicable, display name rules we communicate in the Service).

• Email address: Used for authentication, account recovery, and communications.

• Phone number: Optional or required depending on sign-in method; used for one-time passcodes (OTP), account recovery, and notifications if you provide it.

• Date of birth: Required for age verification (21+); used to confirm eligibility.

• Residential address: Collected during onboarding for geographic eligibility and market verification; never shared with other users and used for geofencing and controlled disclosure of game locations as described in the Service.

• Profile photo: Optional; may be displayed to other users when you host or join games or appear in search.

• LinkedIn profile: Where required for verification, we collect LinkedIn identifier, email, name, and profile URL when you connect your LinkedIn account.

Game-related information

• Game titles, dates, times, locations (city and coordinates), stakes, notes, and player capacity when you create or join games.

• Messages and communications sent through the Service.

• Ratings and reviews you submit about hosts or players.

Verification information

• Identity verification may be conducted through Stripe Identity. We do not store copies of your government-issued ID or selfie on our systems. Stripe processes verification and provides us with verification outcomes and, in some cases, limited metadata. Please review Stripe’s Privacy Policy.

Market and location eligibility

• City, state, and ZIP code when you check market availability or join a waitlist.

2.2 Information Collected Automatically

Device and usage information

• Device type, operating system, and device identifiers where available.

• App or browser version and language preferences.

• Usage data, including features used, session duration, and interaction patterns.

• Crash reports and diagnostic data (subject to platform settings and any opt-outs you select).

Location information

• Precise location (GPS): When you grant permission in the app, we may collect your device’s location to verify you are within designated service areas, to show approximate distances to games, and to enable location-based features. Location may be collected while the app is in use (and, if enabled by the platform, in the background as permitted by your settings).

• Approximate location: We may infer approximate location from your IP address or from address information you provide.

2.3 Website, API, and Server Log Data

When you visit our website, use web-based flows (for example, links that open in a browser), or when our systems process requests to our hosted services (for example, APIs on cloud infrastructure), we and our hosting providers may automatically collect:

• IP address and derived approximate geographic region (e.g., city or region level).

• Browser type, operating system, and device type (where available from HTTP headers).

• Referring / exit pages and URLs you request.

• Date and time of requests and server response metadata.

• Cookies, pixels, local storage, and similar technologies as described in Section 11.

We use this information to operate, secure, and improve the Service, to diagnose errors, to prevent abuse, and to understand aggregate usage of our website and APIs.

2.4 Information from Third Parties

Authentication providers

• Google Sign-In: When you sign in with Google, we may receive your email address, name, and profile photo (subject to what you authorize). We use this to create or link your account.

• Supabase Auth: We use Supabase for authentication (including email, one-time codes, password, and OAuth). Supabase processes login credentials and session tokens. See Supabase Privacy Policy.

Verification providers

• Stripe Identity: For ID verification, you may be directed to Stripe. Stripe collects and processes your government ID and selfie. We receive verification outcomes and limited related data as described above.

• LinkedIn: When you connect LinkedIn, we receive identifiers and profile details needed to verify your professional identity, as described in the Service.

3. HOW WE USE YOUR INFORMATION

3.1 To provide the Service

• Create and manage your account.

• Authenticate you and maintain your session (including on web and in the app).

• Display your profile to other users (name, photo, ratings, verification status) when relevant to games.

• Facilitate game discovery, creation, joining, and coordination.

• Enable messaging between users.

• Show approximate distances to games based on your location (where enabled).

• Verify your eligibility for the Service (age, location, identity).

3.2 To improve the Service

• Analyze usage patterns to improve features and user experience.

• Debug and fix technical issues.

• Develop new features and services.

3.3 For safety and compliance

• Enforce our Terms of Service and policies (including community and safety policies).

• Prevent fraud, abuse, and illegal activity.

• Comply with legal obligations and respond to lawful requests from authorities.

• Protect the rights, property, and safety of Tablemate, our users, and the public.

3.4 Communications

• Send transactional messages (e.g., account verification, password reset, security alerts, game-related notifications).

• Send service-related announcements (e.g., policy updates).

• With your consent where required, send marketing or promotional communications (you may opt out as described in Section 7).

3.5 Aggregated and de-identified data

• We may create aggregated or de-identified data that cannot reasonably identify you. We may use such data for analytics, research, and improving the Service without restriction, subject to applicable law.

4. HOW WE SHARE YOUR INFORMATION

4.1 With other users

• Your first name, last initial (or display name, as shown in the Service), profile photo, host/player ratings, and verification badges may be visible to other users when you host or join games, appear in search results, or are viewed on profiles.

• Your full residential address is not shared with other users for browsing or discovery. Game location details are handled as described in the Service (including encryption and timing of disclosure to approved participants).

• Your LinkedIn username or similar identifiers may be visible only in limited circumstances described in the Service (for example, to support trust among verified users).

4.2 Service providers

We share information with third-party service providers who perform services on our behalf, including:

• Supabase: Database, authentication, and related backend infrastructure.

• Stripe: Identity verification and related payment/identity products we use.

• Google: Sign-in authentication (and, where applicable, Play services).

• LinkedIn: Professional verification when you connect your account.

• Apple / Google (app stores): App distribution and related platform services.

• Hosting and cloud providers (e.g., serverless or edge hosting): To host websites, APIs, and assets; providers may process IP addresses and request logs as part of delivery and security.

• Analytics and diagnostics providers: To measure performance, reliability, and usage, subject to this Policy and your choices where applicable.

These providers are contractually or legally obligated to use your information only to provide services to us and to protect it in accordance with applicable law.

4.3 Legal and safety

• We may disclose your information if required by law, regulation, legal process, subpoena, or governmental request.

• We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to an emergency.

4.4 Business transfers

• If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you as required by law of any change in ownership or uses of your personal information.

4.5 With your consent

• We may share your information for other purposes with your explicit consent.

4.6 We do not sell your personal information

• We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes. Where state law defines “sale” or “sharing” broadly (for example, certain digital advertising activities), we describe your choices in Section 7.

5. DATA RETENTION

5.1 Active accounts. We retain your information for as long as your account is active or as needed to provide the Service.

5.2 After account closure. After you close your account, we may retain certain information as necessary to:

• Comply with legal obligations;

• Resolve disputes and enforce our agreements;

• Prevent fraud and abuse; and

• Maintain the security and integrity of our systems.

5.3 Backups and deletion. Deletion may not be immediate across all systems. We may retain copies in backup systems for a limited period. We will delete or anonymize your information when it is no longer needed for the purposes described in this Policy, subject to legal retention requirements.

6. DATA SECURITY

6.1 Measures. We implement reasonable technical and organizational measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures may include encryption in transit, access controls, secure hosting environments, and periodic review of our practices.

6.2 Limitations. No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk.

6.3 Your responsibility. You are responsible for maintaining the confidentiality of your account credentials. Notify us promptly if you suspect unauthorized access.

7. YOUR RIGHTS AND CHOICES

7.1 Access and correction. You may access and update much of your profile information through the Service. You may also contact us to request additional access or correction, subject to verification.

7.2 Deletion. You may request deletion of your account and associated personal information by contacting us. We will process your request in accordance with applicable law. We may retain certain information as described in Section 5.

7.3 Location. You may disable location services through your device settings. Doing so may limit features such as verifying you are within a service area or showing distances to games.

7.4 Marketing communications. You may opt out of marketing emails by using the unsubscribe link in any marketing email or by contacting us. Transactional and service messages may continue as permitted by law.

7.5 Cookies and similar technologies. You may control cookies through your browser or device settings as described in Section 11. Some features may not work if you disable certain cookies.

7.6 Privacy rights by jurisdiction

Laws vary by location. Depending on where you live, you may have rights such as:

• California residents: Rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may include the right to know, delete, correct, and to opt out of certain “sales” or “sharing” of personal information (including certain cross-context behavioral advertising, where applicable). We do not sell personal information for money. To exercise rights, contact us using the information in Section 13. We will not discriminate against you for exercising your rights.

• Virginia, Colorado, Connecticut, Utah, and other U.S. state residents: You may have similar rights under applicable state privacy laws, including appeal rights if we deny a request. Contact us as described in Section 13.

• European Economic Area (EEA), United Kingdom, and Switzerland: You may have rights under the General Data Protection Regulation (GDPR) or UK GDPR, including rights to access, rectify, erase, restrict processing, data portability, object to certain processing, and withdraw consent where processing is based on consent. You may lodge a complaint with a supervisory authority.

• Other jurisdictions: You may have additional rights under local law.

7.7 Verification. To protect your privacy and security, we may verify your identity before processing certain requests and may deny requests that are fraudulent, excessive, or impractical.

8. CHILDREN’S PRIVACY

8.1 The Service is not intended for individuals under 21 years of age. We do not knowingly collect personal information from anyone under 21. If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will take appropriate steps to delete such information, subject to law.

9. INTERNATIONAL DATA TRANSFERS

9.1 The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where we or our service providers operate. Those countries may have different data protection laws than your jurisdiction.

9.2 By using the Service, you understand that your information may be transferred to the United States and other countries as described in this Policy. Where required by law, we implement appropriate safeguards (for example, Standard Contractual Clauses approved by the European Commission) for transfers of personal data from the EEA, UK, Switzerland, or other jurisdictions.

10. THIRD-PARTY LINKS AND SERVICES

10.1 The Service may contain links to third-party websites, apps, or services (for example, LinkedIn, Stripe, Google). We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing information to them.

11. COOKIES AND SIMILAR TECHNOLOGIES (WEBSITE AND WEB FLOWS)

11.1 What we use. When you use our website or web-based flows, we and our partners may use cookies, local storage, session storage, pixels, and similar technologies (“Cookies”) to:

• Keep you signed in and maintain security (for example, session and authentication tokens);

• Remember your preferences;

• Measure how the website and APIs perform;

• Protect against fraud and abuse; and

• Understand aggregate traffic patterns (for example, pages viewed and general geography derived from IP).

11.2 Types of Cookies (illustrative). Depending on how you use the Service, Cookies may include:

• Strictly necessary: Required for core functionality such as security, load balancing, and authentication. These may not be optional if you wish to use logged-in features on the web.

• Functional: Remember settings you choose (for example, language).

• Analytics / performance: Help us understand usage in aggregate (for example, error rates, page views). Where we use third-party analytics, their terms and opt-out tools may apply.

• Marketing (if used): Used to measure campaigns or deliver relevant ads only if we deploy such technologies; we will provide additional notice and choices where required by law.

11.3 Your choices. You can control Cookies through your browser settings (for example, blocking third-party cookies or deleting stored data). Browser “private” or “incognito” modes may limit persistence. If you block strictly necessary Cookies, parts of the website (such as sign-in) may not function.

11.4 Mobile app. Our mobile app may use local storage, secure storage, device identifiers, and platform services to maintain your session and preferences. Platform settings (for example, iOS or Android privacy controls) may limit certain data collection.

11.5 No guaranteed “Do Not Track” response. See Section 12.

12. DO NOT TRACK

12.1 Some browsers offer a “Do Not Track” (DNT) signal. There is no universally accepted standard for how to respond to DNT signals. We do not currently respond to DNT signals in a uniform, technically standardized way; we honor applicable privacy rights and your choices as described in this Policy and in jurisdiction-specific laws where they apply.

13. CONTACT US

For questions or concerns about this Privacy Policy or our data practices, or to exercise your privacy rights, please contact us at:

Tablemate
Email: support@tablemate.site

For privacy-related requests, please include Privacy Requestin the subject line and provide sufficient detail for us to process your request (including the region you are writing from, if relevant).

14. CALIFORNIA NOTICE (SUMMARY)

14.1 Categories collected (examples). In the preceding twelve (12) months, we may have collected identifiers (name, email, phone, account ID), commercial information (games you create or join), geolocation data (precise or approximate, depending on your choices), internet or network activity (logs, interactions with the Service), and professional or employment-related information (for example, LinkedIn verification details), among categories described in Section 2.

14.2 Sensitive personal information. We may collect certain information that California law classifies as sensitive (for example, precise geolocation or government-ID verification outcomes through Stripe) only as reasonably necessary to provide the Service, verify eligibility, ensure security, or as otherwise permitted by CPRA.

14.3 Retention. We retain categories of personal information as described in Section 5.

By using the Service, you acknowledge that you have read this Privacy Policy.

Privacy FAQs

What data is collected?

We collect only essential info like device type and game stats to improve your experience.

How is data used?

Is my data shared?

Can I delete my data?

Is my data secure?

Your data helps us maintain app security and personalize gameplay.

We do not sell or share your personal information with third parties except as required by law.

Yes, you can request data deletion by contacting support anytime.

We use encryption and strict protocols to keep your info safe.

Get in touch

Questions about privacy or data? Reach out anytime.