Privacy Policy

Last updated: February 5, 2025

Plain-English Summary

This summary is provided for convenience and is not legally binding. Please read the full policy below.

We collect your email and password to create your account
We store your learning progress, quiz results, and optional bankroll data
Your password is securely hashed using industry-standard encryption (bcrypt)
We share data only with essential service providers (hosting, email)
You can access, export, or delete your data at any time
We don't sell your personal data

1. Data Controller

All-In Poker Tool is a service provided by:

Modio LLC
915 SW Rimrock Way STE 201-242, Redmond, OR 97756
Email: adrian@modio.tv

Modio LLC is the data controller for your Account Data. For User Data that you store in the Service, you are the data controller and Modio LLC acts as a data processor on your behalf.

2. Data We Collect

2.1 Account Data

Information you provide when creating and using your account:

Data Type	Examples	Purpose
Email Address	your@email.com	Account identification, authentication, communications
Display Name	Your chosen display name	Personalization
Password	Stored as bcrypt hash only	Authentication
Email Verification Status	Verified / Not verified	Account security
Terms Acceptance	Timestamp, version, IP address	Legal compliance

2.2 Session and Security Data

Data collected automatically when you use the Service:

Data Type	Examples	Purpose
Session Tokens	Hashed authentication tokens	Keeping you logged in
IP Address	192.168.1.1	Security, fraud prevention
User Agent	Browser and device information	Security, troubleshooting
Timestamps	Login times, account creation	Security auditing

2.3 User Data

Data you create through the Service:

Data Type	Examples	Purpose
Lesson Progress	Completed lessons, mastery scores	Track your learning journey
Quiz Results	Scores, decision times, mistakes	Measure your progress
Bankroll Sessions (optional)	Session results, notes	Track poker results
Calculator Favorites	Saved hand calculations	Quick access to common scenarios
Range Presets	Custom hand range configurations	Personalize training

3. How We Use Your Data

We use your data to:

Provide the Service: Create and manage your account, authenticate you, and deliver features
Track Your Progress: Store and display your learning progress and quiz results
Improve the Service: Analyze aggregated, anonymized usage patterns to improve features
Communicate: Send account-related emails (verification, password reset)
Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
Legal Compliance: Meet legal obligations and respond to legal requests

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your data based on:

Contract Performance: Processing necessary to provide the Service you requested
Legitimate Interests: Security, fraud prevention, and service improvement
Legal Obligations: Compliance with applicable laws
Consent: Where you have explicitly agreed to specific processing

5. Cookies and Tracking

5.1 Cookies We Use

Cookie	Purpose	Duration
session_token	Authentication - keeps you logged in	7 days
session (Flask)	Server-side session management	Session

5.2 Third-Party Tracking

We do not use third-party analytics or advertising trackers. We do not share your data with advertisers.

6. Data Sharing and Recipients

We share your data only with:

Recipient	Purpose	Data Shared
Render (hosting)	Web application and database hosting	All data (as our infrastructure provider)
Resend (email)	Transactional emails	Email address only

We do not sell your personal data.

7. International Data Transfers

Your data is stored and processed in the United States. If you are outside the US, your data will be transferred to and stored in the US. We implement appropriate safeguards to protect your data during transfers.

8. Data Retention

Data Type	Retention Period
Account Data	Until account deletion
User Data (progress, favorites)	Until account deletion
Session Tokens	7 days, or until logout
Password Reset Tokens	1 hour
Email Verification Tokens	24 hours

When you delete your account, all associated data is permanently deleted.

9. Security Measures

We implement industry-standard security measures:

Password Hashing: bcrypt with 12 salt rounds
Session Tokens: Cryptographically random, stored as SHA-256 hashes
HTTPS: All data transmitted over encrypted connections
HTTP-Only Cookies: Session cookies are not accessible to JavaScript
Rate Limiting: Protection against brute-force attacks

10. Your Rights

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Deletion: Delete your account and all associated data
Portability: Export your data in a machine-readable format
Restriction: Limit how we process your data
Objection: Object to certain processing activities

To exercise these rights, contact us at adrian@modio.tv.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will:

Update the "Last updated" date
Notify you by email before changes take effect

13. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: adrian@modio.tv
Company: Modio LLC
Address: 915 SW Rimrock Way STE 201-242, Redmond, OR 97756