Privacy Policy
LynxPoker — Tournament Management Platform
Last Updated: [DATE] · Provider: Adam Shriki LTD (Company No. 515963320), Israel
1. Introduction
This Privacy Policy explains how Adam Shriki LTD ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects personal data in connection with the LynxPoker web application, mobile applications, and related services (the "Service").
This Policy is designed to comply with the Israeli Privacy Protection Law 5741-1981, the EU/UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).
2. Data Roles: Controller vs. Processor
We are Data Controller for:
- Staff Account Data — information provided by tournament staff when creating accounts
- Technical Data — automatically collected for security and performance
We are Data Processor for:
- Player Data — entered by tournament staff on behalf of the organizer
- The Customer (Tournament Organizer) is the Data Controller for all Player Data
3. Data We Collect
3.1 Staff Account Data Controller
| Category | Examples | Purpose |
|---|---|---|
| Identity Information | Full name, display name | Account creation and management |
| Contact Information | Email address, phone number | Authentication, communications, support |
| Authentication Data | Hashed password, session tokens | Account security |
| Organizational Data | Organization name, role/position | Multi-organization management |
3.2 Player Data Processor
| Category | Examples | Purpose |
|---|---|---|
| Identity Information | Player name, nickname | Tournament registration |
| Profile Media | Profile photograph | Player identification |
| Tournament Performance | Profits, losses, buy-ins, cashes | Record-keeping and statistics |
| Seating Data | Table assignment, seat number | Floor management |
Player Data is controlled by the Customer. Players with questions about their data should contact the tournament organizer directly.
3.3 Technical Data Controller
| Category | Examples | Purpose |
|---|---|---|
| Device Information | Browser type, OS, device type | Compatibility and performance |
| Network Data | IP address | Security, fraud prevention |
| Session Data | Login timestamps, session duration | Security auditing |
| Usage Data | Features accessed, interactions | Product improvement |
4. Legal Bases for Processing
Under GDPR (EU/UK Users)
- Performance of a Contract (Art. 6(1)(b)) — Staff Account Data
- Legitimate Interests (Art. 6(1)(f)) — Technical Data for security and improvement
- Legal Obligation (Art. 6(1)(c)) — Where required by law
- Processor Obligation (Art. 28) — Player Data on behalf of Customer
5. How We Use Personal Data
- Providing the Service: Account management, authentication, tournament features, real-time sync, support.
- Security and Fraud Prevention: Monitoring for unauthorized access, investigating incidents.
- Performance and Reliability: Diagnosing issues, optimizing performance.
- Product Improvement: Analyzing aggregate usage patterns.
- Communications: Transactional emails and, with consent, product updates.
- Legal Compliance: Fulfilling legal obligations, responding to lawful requests.
6. Data Sharing and Disclosure
✓ We do NOT sell personal data
We do not sell, rent, or trade personal data to third parties for their marketing purposes. This applies to all users, including California residents.
We may share data with trusted service providers (cloud hosting, analytics, email delivery) bound by contract to process data only for specified purposes. We may also disclose data when required by law or to protect rights and safety.
7. International Data Transfers
The Service is operated from Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection (Commission Decision 2011/61/EU). Where data is transferred to countries without an adequacy determination, we implement Standard Contractual Clauses (SCCs).
8. Data Security
We implement appropriate technical and organizational measures including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls and role-based permissions
- Regular security assessments and monitoring
- Secure software development practices
- Incident response procedures
9. Data Retention
- Staff Account Data: Duration of account + 12 months for reactivation and legal compliance.
- Player Data: Duration of Customer's subscription. Export available within 30 days of termination; deleted within 90 days.
- Technical Data: Maximum 24 months, then anonymized or deleted.
10. Your Rights
GDPR (EU/UK Residents)
Right to access, rectification, erasure, restriction, data portability, objection, consent withdrawal, and to lodge a complaint with your local supervisory authority.
Israeli Law
Right to access, correct, and request deletion under the Privacy Protection Law 5741-1981.
CCPA/CPRA (California Residents)
Right to know, delete, correct, opt-out of sale/sharing, and non-discrimination. We do not sell or share personal information for cross-context behavioral advertising.
Exercising Your Rights
Contact us at the address in Section 13. We respond within 30 days (GDPR) or 45 days (CCPA/CPRA). For Player Data, contact your tournament organizer — they are the Data Controller.
11. Children's Privacy
The Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe a child has provided data to us, contact us immediately.
12. Cookies and Tracking
- Essential Cookies: Required for authentication and session management. Cannot be disabled.
- Analytics: Anonymized/aggregated usage data with appropriate safeguards.
- No Third-Party Advertising: We do not use advertising cookies, tracking pixels, or ad networks.
13. Contact Information
EU/UK residents may also lodge a complaint with their local Data Protection Authority.
14. Changes to This Policy
Material changes will be communicated at least thirty (30) days before taking effect. Continued use constitutes acceptance.