← Back to FeltLive
Privacy Policy
Effective date: May 9, 2026
1. Who we are
FeltLive is a play-chip poker platform for private home games. This policy describes what data we collect, why, and how we protect it.
2. What we collect
We collect the minimum data necessary to operate the Service.
| Data | When | Why |
|---|
| Email address |
Account creation |
Authentication, password resets, support |
| Display name |
Joining a room |
Seat label during the session |
| IP address |
Room creation |
Rate limiting, abuse prevention (stored on the room object for its lifetime; hashed in support tickets) |
| Session metadata |
When you explicitly save a session |
Replay and statistics (Pro accounts only) |
| Support ticket content |
When you submit a support request |
Responding to your inquiry |
| Billing identifiers |
When you subscribe to a paid plan |
Subscription management (Stripe customer ID and subscription status; we never see your card number) |
3. What we do not collect
- Hole cards and hand histories are not stored in any permanent database unless you explicitly save the session.
- Credit card numbers. Payments are handled entirely by Stripe; we never see, store, or process your card details. We store only a Stripe customer identifier and subscription status.
- Tracking cookies or third-party analytics. We do not use Google Analytics, Facebook Pixel, or similar tracking services.
- Browsing history or cross-site data.
4. Authentication
Account authentication is provided by Supabase, a third-party auth provider. When you create an account or sign in with Google, Supabase processes your credentials. We do not store passwords. Supabase's privacy policy governs their handling of your auth data.
5. Cookies and local storage
We use a small number of functional cookies and browser local storage:
- sb_access_token — session cookie for authenticated users. Set client-side with SameSite=Lax.
- Player tokens — stored in localStorage, scoped per room. Used to reconnect to your seat if you refresh or lose connection. Discarded when the room expires.
- Preferences — sound, hotkey, and display settings stored in localStorage.
We do not use advertising cookies, tracking pixels, or third-party cookie services.
6. Data retention
- Active rooms: game state exists in server memory only while the room is active. Rooms expire after 6 hours (hard limit) or 1 hour of inactivity. State is lost on server restart.
- Saved sessions: retained until you delete them or close your account.
- Account data: retained until you request deletion.
- Support tickets: retained indefinitely for quality and legal purposes unless you request deletion.
- IP addresses: used transiently for rate limiting; hashed before storage in support tickets. Not stored in association with gameplay.
7. Data sharing
We do not sell, rent, or share your personal data with third parties for advertising or marketing. The following service providers process data on our behalf:
- Supabase — authentication provider (processes email and OAuth credentials).
- Stripe — payment processor (handles credit card data for subscriptions; we never see card numbers).
- Render — hosting provider (infrastructure; does not access application data).
- Resend — email delivery (forwards support ticket notifications).
- jsDelivr — CDN (serves the Supabase JavaScript library; standard HTTP request data only).
- Law enforcement — if required by valid legal process.
8. Security
We use industry-standard practices to protect your data:
- HTTPS encryption for all connections.
- WebSocket origin validation and rate limiting.
- Cryptographically signed session tokens (HMAC).
- Per-user data isolation — saved sessions are scoped to your account and cannot be accessed by other users.
- Verifiable fair dealing via cryptographic proofs (Fairness Auditor).
9. Your rights
You may request to:
- Access the personal data we hold about you.
- Delete your account and all associated data.
- Export your saved session data.
To exercise these rights, contact us at feltlive.com/support.
10. Children
FeltLive is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via the Service. Continued use after changes constitutes acceptance.