Privacy Policy — Scope.fish
DRAFT for legal review. Last updated: [DATE]. Effective: [DATE].
This Privacy Policy explains how [ENTITY NAME] ("Scope.fish," "we," "us") collects, uses, and shares information in connection with the website at scope.fish and related services (the "Service"). It also explains the choices you have. By using the Service you agree to this Policy.
1. Two Different Kinds of Data — Please Read
This is important to understanding our Service:
(a) Information about YOU, our account holders and customers. This is standard personal information you give us (your email) and information generated by your use of the Service.
(b) Poker game-play data. Our analytics tools and data products are built from publicly observable online poker game play on the CoinPoker platform — hand histories and the in-game aliases (usernames) of the players in those hands. This data is not information you provide about yourself; it describes game events. We treat the aliases and play data found in this dataset as described in Section 6.
2. Information We Collect About You
- Account information: your email address, and a securely hashed password (we never store your password in plain text).
- Payment information: processed by our payment processor (Stripe). We do not store your full card number or banking details; Stripe handles payment data under its own security and privacy terms. We retain limited records (e.g., a customer/subscription ID, plan, and transaction history) to provide and support your purchases.
- Usage information: actions you take on the Service (e.g., searches, replays, downloads) and basic technical data (IP address, browser type, timestamps) used for security, rate-limiting, fraud prevention, and improving the Service.
- Communications: messages you send us (e.g., support emails).
3. How We Use Your Information
- To provide, operate, and secure the Service and your account;
- To process payments, subscriptions, and downloads;
- To enforce usage limits, prevent fraud and abuse, and protect the Service;
- To respond to your requests and provide support;
- To send service-related messages (e.g., verification, billing, important notices);
- With your consent, to send product updates or marketing — which you can opt out of at any time.
4. Legal Bases (for EEA/UK users)
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the Service you signed up for), legitimate interests (to secure, operate, and improve the Service, and — as described in Section 6 — to provide competitive-analysis tools based on public game play), consent (for optional marketing), and legal obligation where applicable.
5. How We Share Information
We do not sell your personal account information. We share it only with:
- Service providers who help us operate (e.g., Stripe for payments, hosting/infrastructure providers), under appropriate confidentiality and data-processing terms;
- Legal requirements — if required by law, legal process, or to protect rights, safety, or the integrity of the Service;
- Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.
Note: our hand-history data products contain poker game-play data and in-game aliases (Section 6); they do not contain our account holders' personal information.
6. Poker Game-Play Data and Player Aliases
Our data products and analytics describe online poker game play and identify players by their in-game aliases (usernames), not by real-world identity. We collect this from publicly observable game play and process it to provide competitive-analysis tools and datasets, on the basis of our legitimate interest in offering such analytics (and yours, where you are a customer, in using them).
We recognize that, under some laws (including the GDPR), an alias combined with play history can be considered personal data. Accordingly:
- If you are a player and wish to have your alias's data removed from our active database and the products we generate going forward, you may request erasure (Section 8). We will review and process such requests in accordance with applicable law and our technical capabilities.
- Datasets, downloads, and exports that have already been delivered to customers may not be capable of modification or removal after delivery. Erasure applies to our active database and the products we generate after the request; we cannot recall, alter, or remove copies already distributed to third parties.
- We do not attempt to re-identify players' real-world identities, and we do not use this data to target individuals with advertising.
(This section addresses a developing area of law; it is being reviewed by counsel and may be updated.)
7. Data Retention
We retain account and transaction information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Usage logs are retained for a limited period for security and fraud-prevention purposes. We retain records of completed purchases as required for tax and accounting.
8. Your Rights and Choices
Depending on your location (including under the GDPR/UK GDPR and the California Consumer Privacy Act), you may have the right to access, correct, delete, or restrict processing of your personal information, to object to certain processing, to data portability, and to withdraw consent. You may also request erasure of an in-game alias's data as described in Section 6.
To exercise any of these rights — including "delete my data" — email sales@scope.fish (or use the erasure request form once available). We may require reasonable verification of your identity, or of your control of an alias, before processing a request. We will respond within the time required by applicable law, and we will not discriminate against you for exercising your rights.
California residents: Under the California Consumer Privacy Act (CCPA/CPRA) you have rights to know, access, delete, and correct your personal information, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under the CCPA/CPRA, and we do not discriminate against you for exercising your rights.
9. Cookies
We use strictly necessary cookies to operate the Service (e.g., to keep you logged in). We may also use privacy-respecting, aggregate website analytics (such as page views and feature usage) to understand and improve the Service. If we add analytics or other non-essential cookies, we will update this Policy and, where required, request consent.
10. Security
We use reasonable technical and organizational measures (including password hashing and encrypted transport) to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security, and we cannot guarantee that unauthorized third parties will never defeat our security measures.
11. International Users
The Service is operated from the United States. If you access it from outside the U.S., your information may be processed in the U.S., which may have different data-protection laws than your country.
12. Children
The Service is not directed to anyone under 18, and we do not knowingly collect information from children.
13. Changes
We may update this Policy; we will post the updated version with a new effective date.
14. Contact
Privacy questions or requests: sales@scope.fish.