Privacy Policy
This Privacy Policy describes how the PokerDrill mobile application (the "App", "we", "us"), operated by Mingle Zeng, collects, uses, and discloses information about its users.
By installing or using the App, you agree to the practices described below. If you do not agree, please uninstall the App.
1. Information We Collect
1.1 Information We DO NOT Collect
PokerDrill is privacy-first. We do NOT collect:
- ❌ Personally Identifiable Information (PII): name, email address, phone number, postal address
- ❌ Account credentials (no signup, no login required)
- ❌ Location (GPS, Wi-Fi, Bluetooth, IP geolocation)
- ❌ Persistent device identifiers (IMEI, IDFA, Advertising ID)
- ❌ Contacts, Calendar, Photos, Microphone, Camera
- ❌ Behavioral analytics via third-party tracking SDKs
- ❌ Cookies (the App is native, not browser-based)
1.2 Information Stored Locally On Your Device
The following data is stored only on your device via React Native AsyncStorage / SQLite. We never see this data:
- Your hand history, decisions, mistakes, GTO scores
- Training settings, preferences, language choice
- Achievement progress and Poker DNA stats
- App theme and UI preferences
1.3 Information We Process via Network Services
For the AI Coach feature and In-App Purchases, the App must communicate with two services:
(a) PokerDrill Coach API (https://api.pokerdrill.app, deployed on Cloudflare Workers global edge network)
- What is sent: A salted SHA-256 hash of an anonymous device-generated UUID + a de-identified hand summary (hero position, villain position, action sequence fold/call/raise, pot ratios, GTO recommended action, EV loss value, blocker combos). No PII, email, real device ID, IP, account balance, or payment information is attached.
- Why (as of v1.0.140): Relayed via PokerDrill's own backend to a third-party LLM, DeepSeek-Chat (Hangzhou DeepSeek AI Foundation Tech Research Co., Ltd., Hangzhou, China), to generate coaching commentary. OpenAI / Gemini are no longer used.
- DeepSeek Terms of Use: platform.deepseek.com
- DeepSeek Privacy Policy: cdn.deepseek.com
- Per DeepSeek API commercial terms, your API inputs are not used to train their models.
- How long: Request responses are cached for 24 hours (to deduplicate identical hands and reduce latency / cost), then deleted automatically. The anonymous UUID hash is used solely for per-IP rate limiting (30 req / day / IP) and is rotated periodically.
- Encryption: Client ↔ Cloudflare Workers via HTTPS (TLS 1.3); Workers ↔ DeepSeek API via HTTPS.
- User control: You can disable AI Coach in Settings → AI Coach. When disabled, no LLM requests are sent; only the local GTO rule engine is used.
(b) Google Play Billing (operated by Google LLC)
- What is sent: Your Google Play account ID, product SKU (
pro_monthly_499/pro_yearly_2999/pro_lifetime_4999), purchase token. - Why: To validate purchases, restore subscriptions, and enforce entitlements per Google Play policy.
- Important: Google's own privacy policy applies to this transaction. We only receive the verified entitlement status — never your credit card or full Google account.
2. How We Use Information
The minimal data we process is used solely for:
- Generating AI coaching feedback for the specific hand you submitted
- Verifying your subscription / lifetime purchase
- Rate limiting to prevent abuse of the AI Coach API
- Aggregated, anonymous usage statistics (e.g. "X requests served today") for service health
3. How We Share Information
We do NOT sell, rent, or trade any data. Limited disclosures occur only to:
- DeepSeek (Hangzhou, China): De-identified hand summaries are sent to DeepSeek's API to generate the coaching response (per their commercial terms, API inputs are not retained for training). This replaces OpenAI as of v1.0.140.
- Cloudflare (global CDN): As the backend runtime (Workers + D1 database) and frontend CDN. Cloudflare does not store your hand content; it acts only as a transmission pipeline.
- Google Play: For purchase verification.
- Law enforcement: Only if compelled by valid legal process.
4. Data Retention
| Data Type | Retention |
|---|---|
| On-device hand history | Until you uninstall or clear app data |
| AI Coach API cache (Cloudflare D1) | 24 hours, then auto-deleted |
| Anonymous per-IP rate-limit counter | Reset daily at midnight UTC |
| Trial entitlement records | 30 days after the 14-day trial ends, for fraud prevention; then deleted |
| Inputs on DeepSeek's side | Per DeepSeek's privacy policy (typically not exceeding 30 days) |
| Google Play purchase records | Per Google's policy (typically 7 years for tax) |
5. Your Rights
Because we do not collect personal data, the following rights are largely already fulfilled by design:
- Right to Access: All your gameplay data is on your device. You can view it in-app at any time.
- Right to Delete: Uninstall the App, or use Settings → Clear All Data. Server-side anonymous data can be deleted via our deletion form.
- Right to Portability: Pro users can export hand history as CSV/JSON from Settings.
- Right to Object: You can disable AI Coach in Settings to stop all server communication.
EU residents have additional rights under GDPR. California residents under CCPA. Contact us at support@pokerdrill.app to exercise any right.
6. Children's Privacy
PokerDrill is rated 18+ and is NOT directed to children under 18. We do not knowingly collect any data from children. If you believe a minor has used the App, please contact us and we will delete any associated data.
7. Security
We use industry-standard security: HTTPS for all transit, AES encryption at rest on the server, and the principle of least privilege for all internal access. However, no system is 100% secure. You use the App at your own risk.
8. International Transfers
As of v1.0.140, our infrastructure has been migrated to a more stable, controllable architecture:
- Backend API (api.pokerdrill.app): Deployed on Cloudflare Workers global edge network. Requests are served by the geographically closest edge node (mainland China users are typically served by Hong Kong / Tokyo / Singapore nodes).
- Database (Cloudflare D1): Primary region is APAC, in line with mainland China users' data localization preferences.
- AI model (DeepSeek-Chat): Processing occurs within mainland China (Hangzhou).
By using the App, you consent to these cross-node / cross-region transfers. For EU residents under GDPR Art. 4: because the App transmits no PII and only de-identified gameplay data, this does not constitute a "transfer of personal data".
9. Changes to This Policy
We may update this Policy from time to time. The "Last Updated" date at the top will reflect any changes. Material changes will be announced in-app.
10. Contact
For privacy questions, please contact:
- Email: support@pokerdrill.app
- Operator: Mingle Zeng (Shenzhen, China)