Privacy Policy
Effective Date: April 28, 2026 Last Updated: April 28, 2026
This Privacy Policy describes how Onyx Rose Advisors, LLC (“Poker Ledger,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Poker Ledger website at pokerledger.club and any related services (collectively, the “Service”). By using the Service you agree to the practices described below.
If you do not agree with this Policy, do not use the Service.
1. Who we are
The Service is operated by Onyx Rose Advisors, LLC, a Virginia limited liability company. You can reach us at support@pokerledger.club.
Poker Ledger is a record-keeping tool for hosts of in-person poker games. We do not host games, process bets, transfer funds between players, or facilitate gambling. We help hosts track buy-ins, cash-outs, and balances that they would otherwise track on paper or in a spreadsheet.
2. Information we collect
2.1 Information you provide
When you create an account or use the Service, we collect:
- Account information: your email address, first name, last name, and (if you sign up with email and password) a salted bcrypt hash of your password. We never store your plaintext password.
- Authentication identifiers: if you sign in with Google, we receive a stable identifier (the OIDC subject claim), your email address, and your name from Google. We do not receive your Google password.
- House and game data you create: the description of your “house” (your home game), the names of members you add to your roster, the dates and descriptions of games, the players you add to each game, and the transactions you log (buy-in, cash-out, or cover, plus the amount, payment type tag, and whether the entry is marked settled).
- Communications: the contents of any feedback you submit through the Service or messages you send us by email.
2.2 Information collected automatically
When you use the Service, we and our service providers automatically receive:
- Log and request data: your IP address, user agent, request paths, response codes, and timing data.
- Authentication cookies: we set a single HTTP-only, secure cookie named
placontaining a signed JSON Web Token used to keep you logged in. The cookie expires after seven days. - Error and performance telemetry: if the Service encounters an error, our error-monitoring providers (see Section 4) receive the error message, stack trace, and limited context such as the URL and browser environment. Performance-monitoring providers receive request timings and endpoint patterns.
2.3 Information about other people that you provide
When you add a “member” to your house, you are providing us with another person’s first name (and optionally a payment handle for services like Venmo or Cash App). You represent that you have a legitimate basis to provide that information — typically that the person is a friend or guest in your recurring game and is aware their name and balances are being tracked. Members you add are not users of the Service and do not create their own accounts.
2.4 Information we do not collect
- We do not process payments and do not collect or store credit card numbers, bank account information, or government identifiers.
- We do not collect health, biometric, or location data.
- We do not knowingly collect information from anyone under the age of 18 (see Section 9).
3. How we use information
We use the information described above to:
- create and maintain your account and authenticate you;
- provide the core record-keeping features of the Service (your house, members, games, and transactions);
- communicate with you about the Service, including transactional emails (e.g., responses to feedback you submit);
- monitor, debug, and secure the Service, including investigating suspected fraud or abuse;
- comply with legal obligations and enforce our Terms of Service.
We do not sell your personal information, and we do not use your data to train machine-learning models.
4. Service providers (subprocessors)
We rely on the following third-party providers to operate the Service. Each receives only the information needed to perform its function:
| Provider | Purpose | Data shared |
|---|---|---|
| Amazon Web Services, Inc. | Hosting, database, email delivery, content delivery (US-East-1 region) | All Service data |
| Google LLC | OAuth / OpenID Connect sign-in (only if you choose Google sign-in) | Email, name, OIDC subject identifier |
| Functional Software, Inc. (Sentry) | Error monitoring | Error messages, stack traces, IP, browser environment |
| New Relic, Inc. | Application performance monitoring | Request timings, endpoint patterns, IP |
Each of these providers acts as a “service provider” or “processor” under applicable privacy law and is contractually obligated to use the data only to provide its services to us.
If we begin offering paid features in the future, we will use a payment processor (such as Stripe, Inc.) to handle billing. Payment card details would be sent directly to that processor and would not be stored on our servers. We will update this Policy before that processing begins.
5. How we share information
We share information only as described in this Policy. Specifically:
- With service providers as described in Section 4.
- For legal reasons: if we believe in good faith that disclosure is required to comply with a law, court order, subpoena, or other valid legal process, or to protect the rights, property, or safety of us, our users, or others.
- In a business transfer: if we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you and post a notice on the Service if such a transfer would change how your information is handled.
- With your direction: if you choose to use a feature that shares information (for example, a public read-only link to a game ledger), the information you direct us to share may become accessible to anyone with the link.
We do not share your information with advertisers, and we do not engage in cross-context behavioral advertising.
6. Cookies and similar technologies
We use a single first-party cookie (pla) that is strictly necessary to keep you signed in. We do not use advertising or analytics cookies and do not embed third-party tracking pixels.
You can disable cookies in your browser, but doing so will prevent you from staying logged in to the Service.
7. Data retention
We keep your account information and the data you create for as long as your account is active. If you ask us to delete your account (see Section 8), we will delete or de-identify your personal information within 30 days, except to the extent we are required to retain it to comply with a legal obligation, resolve disputes, or enforce our agreements.
Aggregated or de-identified information that cannot reasonably be used to identify you may be retained indefinitely.
Error logs and request logs are retained for up to 90 days.
8. Your rights and choices
Depending on where you live, you may have the right to:
- access the personal information we hold about you;
- correct inaccurate information;
- delete your account and associated personal information;
- export a copy of the data you’ve provided in a portable format;
- object to or restrict certain uses of your information;
- withdraw consent where processing is based on consent.
To exercise any of these rights, email us at support@pokerledger.club from the email address associated with your account. We will respond within 30 days. We do not discriminate against you for exercising any of these rights.
California residents have additional rights under the California Consumer Privacy Act (CCPA / CPRA), including the right to know what personal information we have collected, to whom we have disclosed it, and to opt out of any “sale” or “sharing” (as those terms are defined in the CCPA). We do not sell or share personal information as those terms are defined.
Residents of the European Economic Area, the United Kingdom, and Switzerland have rights under the GDPR and equivalent UK and Swiss law. The legal bases on which we rely are: performance of a contract (to provide the Service to you), our legitimate interests (to operate, secure, and improve the Service), and consent (where we ask for it). You have the right to lodge a complaint with your local data-protection authority.
9. Children
The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information to us, please contact us at support@pokerledger.club and we will delete it.
10. International transfers
Our servers and service providers are located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, which may have data-protection laws different from those of your country. By using the Service, you consent to that transfer.
11. Security
We implement reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit (HTTPS/TLS), bcrypt password hashing, signed authentication tokens, and access controls on our infrastructure. No system is perfectly secure, and we cannot guarantee the security of your information.
If we become aware of a security incident that affects your personal information, we will notify you and the appropriate authorities as required by law.
12. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will post a notice on the Service and update the “Last Updated” date above. Your continued use of the Service after a change takes effect constitutes acceptance of the updated Policy.
13. Contact
If you have questions about this Policy or our privacy practices, contact us at:
Onyx Rose Advisors, LLC Email: support@pokerledger.club Web: pokerledger.club