Privacy Policy

Effective date: May 24, 2026 · Last updated: May 24, 2026

This Privacy Policy explains what information Preflop Ranger (“the Service”) collects when you use it, why we collect it, who we share it with, and the choices you have over your data.

The Service is operated by Patrick Knight, a sole proprietor (“we,” “us”). You can reach us any time at support@preflopranger.com.

Short version. We collect the minimum needed to sign you in, sync your poker profiles across devices, and process subscription payments. We don’t run analytics, don’t use advertising trackers, and don’t sell your data. You can delete your account at any time from Settings > Delete account.

1. Who this policy applies to

This policy applies to everyone who uses Preflop Ranger via the web app at preflopranger.com (and its alternate domains) or via our Android app distributed through Google Play. The Service is intended for users 18 years of age or older. We do not knowingly collect data from anyone under 18.

2. What we collect

2.1 Account information (provided by you)

When you sign in we receive identifying information from your chosen sign-in method:

Google sign-in: your Google account email address, display name, and profile picture URL.
Email / password sign-in: your email address and a securely hashed password (we never store your password in plaintext - Firebase Authentication handles the hashing).

2.2 Profile and preference data (created by you in the app)

As you use the Service we store the data you create - your preflop range profiles, painted custom ranges, palette preferences, theme choice, and similar app settings. For free-tier users this data lives only in your browser’s local storage and is wiped on each app reload. For premium users this data is also synchronized to our database so it follows you between devices.

2.3 Subscription and entitlement data

If you purchase a subscription or lifetime license we receive a record of the purchase from our payment processor - the product you bought, when it was purchased, whether it’s currently active, and when it expires or renews. We do not see, store, or have access to your full payment card details. Card data is handled exclusively by Stripe (web) or Google Play Billing (Android) under their own security and compliance regimes.

2.4 Diagnostic data we do not collect

Preflop Ranger does not include analytics SDKs, tracking pixels, advertising identifiers, fingerprinting libraries, or third-party cookies for marketing purposes. We do not build behavioural profiles of how you use the Service.

3. How we use your data

To sign you in and keep you signed in across sessions (essential authentication cookies / tokens set by Firebase Authentication).
To sync your premium profile data between devices via Cloud Firestore.
To grant and verify premium entitlements based on your subscription or lifetime purchase state.
To provide support when you contact us - we may look up your account by email or UID to investigate an issue.
To comply with legal obligations (e.g. tax records of payments) where applicable.

We do not use your data to train AI models, send marketing messages, or for any purpose unrelated to operating the Service.

4. Service providers we share data with

We rely on the following processors to operate the Service. Each one receives only the data needed for its function and is bound by its own privacy commitments.

Provider	What they handle	Privacy policy
Google (Firebase)	Authentication, profile sync database, hosting, backend functions, error logs	firebase.google.com/support/privacy
RevenueCat	Subscription state management; receives your account UID and purchase events	revenuecat.com/privacy
Stripe	Web payments (card processing, customer record, billing) for web subscribers	stripe.com/privacy
Google Play Billing	Android in-app payments for users who subscribed through the Play Store	play.google.com/about/play-terms
Cloudflare	DNS and email forwarding for our support inbox	cloudflare.com/privacypolicy

Beyond these processors, we do not share or sell your personal information to any third party.

5. Where your data is processed

Our database and backend functions run in Google Cloud’s us-central1 region in the United States. Stripe and RevenueCat process payment data in the regions described in their own policies (primarily the United States). By using the Service you consent to your data being transferred to and processed in the United States.

6. How long we keep your data

Account & profile data: for as long as your account exists. When you delete your account, this data is removed within 7 days.
Payment records: retained by Stripe / RevenueCat per their own retention policies, typically for the period required by tax and accounting laws (often 7 years).
Server logs: error logs in Firebase / Cloud Functions are automatically purged after 30 days.

7. Your rights and choices

7.1 Access, correction, deletion

You can:

See what we have by signing in and viewing your profiles + account page. For a copy of the underlying records, email us.
Correct your data by editing your profile in the app, or by emailing us.
Delete your account at any time: Settings > Delete account. This removes your profile data, entitlement record, and authentication account. Active subscriptions are cancelled at period end as part of this flow. You can also email support@preflopranger.com and we will delete your account within 7 days.

7.2 Region-specific rights

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction with data-protection laws, you may have additional rights such as data portability, the right to object to processing, or the right to lodge a complaint with a supervisory authority. To exercise any of these, email us.

8. Cookies and similar technologies

We use a small number of essential cookies and tokens, all set by Firebase Authentication to keep you signed in. We do not use analytics, advertising, or tracking cookies. We do not set any cookies if you visit the site without signing in.

9. Security

Your data is transmitted over TLS, stored in Firebase’s managed infrastructure, and protected by per-user access rules (firestore.rules in our open-source code) so that one account cannot read or write another’s data. Card data never touches our servers. No system is perfectly secure - if you believe your account has been compromised, contact us immediately.

10. Children

The Service is not directed to children under 18 and we do not knowingly collect data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email. The “Last updated” date at the top of this page always reflects the most recent revision.

12. Contact

Questions, requests, or complaints about this policy or your data: support@preflopranger.com.