Privacy Policy

This Privacy Policy explains how Adam Shriki LTD ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects personal data in connection with the LynxPoker web application, mobile applications, and related services (the "Service").

This Policy is designed to comply with the Israeli Privacy Protection Law 5741-1981, the EU/UK General Data Protection Regulation (GDPR), and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).

3.1 Staff Account Data Controller

3.2 Player Data Processor

Player Data is controlled by the Customer. Players with questions about their data should contact the tournament organizer directly.

3.3 Technical Data Controller

Under GDPR (EU/UK Users)

• Performance of a Contract (Art. 6(1)(b)) — Staff Account Data
• Legitimate Interests (Art. 6(1)(f)) — Technical Data for security, product improvement, and conversion measurement via Google Analytics 4, including aggregated demographic insights and cross-device measurement via Google Signals (see Section 12). We balance your privacy interest against our legitimate interest in understanding how visitors find and use LynxPoker, with opt-out control available via the cookie notice and clear transparency in Section 12. We do not use this data for advertising or remarketing — LynxPoker is not on any ad network.
• Legal Obligation (Art. 6(1)(c)) — Where required by law
• Processor Obligation (Art. 28) — Player Data on behalf of Customer

• Providing the Service: Account management, authentication, tournament features, real-time sync, support.
• Security and Fraud Prevention: Monitoring for unauthorized access, investigating incidents.
• Performance and Reliability: Diagnosing issues, optimizing performance.
• Product Improvement: Analyzing aggregate usage patterns.
• Communications: Transactional emails and, with consent, product updates.
• Legal Compliance: Fulfilling legal obligations, responding to lawful requests.

We share data with the following trusted service providers, bound by contract (Data Processing Agreements) to process data only for specified purposes:

• Google LLC — Firebase Authentication for user sign-in; Google Analytics 4 (GA4) for aggregated usage measurement, conversion tracking, and demographic/cross-device insights via Google Signals. Google processes this data under its own privacy policy at policies.google.com/privacy. We do not use GA4 data for advertising or remarketing — see Section 12 for full details and opt-out options.
• Cloud hosting providers — for hosting the Service, storing databases, and serving static content
• Payment processors — PayPal and Grow (Meshulam) for subscription payments, only where applicable
• Email delivery — for transactional and (with consent) marketing emails

We may also disclose data when required by law, pursuant to a valid legal request, or to protect the rights, property, or safety of LynxPoker, our users, or others.

The Service is operated from Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection (Commission Decision 2011/61/EU). Where data is transferred to countries without an adequacy determination, we implement Standard Contractual Clauses (SCCs).

We implement appropriate technical and organizational measures including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and role-based permissions
• Regular security assessments and monitoring
• Secure software development practices
• Incident response procedures

• Staff Account Data: Duration of account + 12 months for reactivation and legal compliance.
• Player Data: Duration of Customer's subscription. Export available within 30 days of termination; deleted within 90 days.
• Technical Data: Maximum 24 months, then anonymized or deleted.

GDPR (EU/UK Residents)

Right to access, rectification, erasure, restriction, data portability, objection, consent withdrawal, and to lodge a complaint with your local supervisory authority.

Israeli Law

Right to access, correct, and request deletion under the Privacy Protection Law 5741-1981.

CCPA/CPRA (California Residents)

Right to know, delete, correct, opt-out of sale/sharing, and non-discrimination. We do not sell or share personal information for cross-context behavioral advertising.

The Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe a child has provided data to us, contact us immediately.

We use cookies and similar technologies to provide, secure, and improve the Service. This section explains what we use, why, and how to opt out.

Essential Cookies Always Active

Required for authentication, session management, and security. Cannot be disabled because the Service cannot function without them.

Analytics Cookies Active by Default, Opt-Out Available

We use Google Analytics 4 (GA4) to measure how visitors find and use LynxPoker. This helps us understand which marketing channels drive sign-ups, identify usability issues, and improve the product.

Specifically, GA4 collects and processes:

• Anonymous client identifier — a random ID stored in the _ga / _ga_* cookies that lets GA4 recognize returning visitors without identifying them personally
• User ID — after sign-up, we attach your Firebase user identifier as the GA4 user_id. This is an opaque identifier (not your email or name) used for cross-device attribution
• Event data — page views, button clicks, sign-up, log-in, subscription purchases, plan changes, and cancellation events
• Marketing source — UTM parameters on inbound links to measure which marketing channels drive sign-ups
• Cross-domain session — the marketing site (lynx.poker) and webapp (app.lynx.poker) share tracking state so we can measure the full sign-up funnel as one user journey
• Google Signals data — for visitors who are signed in to a Google account with Ads Personalization enabled, GA4 receives aggregated demographic information (age range, gender, general interests) and cross-device measurement signals. We see this data only in aggregated form (minimum threshold of ~50 users per segment) and use it solely to understand our audience, not to target ads. See the Google Signals subsection below for details and opt-out options.

What we do NOT collect or share via GA4:

• Email addresses, names, phone numbers, or other directly identifying information
• Payment card details or transaction identifiers that could identify you personally
• Data for advertising, remarketing, or audience targeting on ad networks — LynxPoker is not on Google Ads, Meta Ads, or any other ad network, and we do not build or export remarketing audiences
• Individual-level Google Signals data — we only see aggregated demographic segments above Google's minimum reporting threshold

Google processes GA4 data as our processor under its privacy policy at policies.google.com/privacy.

Google Signals Active, Opt-Out Available

Google Signals is a GA4 feature that enables aggregated cross-device measurement and demographic reporting for visitors who are signed in to a Google account and have turned on Ads Personalization in their Google Account settings.

What it enables for us:

• Understanding our audience demographics (age ranges, gender, general interest categories) in aggregate
• Measuring cross-device user journeys (e.g., someone visiting lynx.poker on their phone and signing up later on their laptop is counted as one user, not two)

What it does NOT enable for us:

• Building remarketing or targeting audiences — LynxPoker is not on any ad network
• Viewing individual user demographics — data is only shown in aggregate above Google's minimum reporting threshold (approximately 50 users per segment)
• Access to your personal Google account data, search history, YouTube history, or ad interactions

How to opt out of Google Signals:

• Turn off Ads Personalization in your Google Account at myadcenter.google.com — this disables Google Signals for all sites you visit, not just LynxPoker
• Or click "Opt out" in the LynxPoker cookie notice — this disables all GA4 tracking (including Google Signals) specifically on our sites
• Review and manage the data Google has associated with your account at myactivity.google.com

No Third-Party Advertising

We do not use advertising cookies, tracking pixels, remarketing audiences, or ad networks. LynxPoker is not on Google Ads, Meta/Facebook Ads, or any other ad platform as of the Last Updated date of this policy.

EU/UK residents may also lodge a complaint with their local Data Protection Authority.

Material changes will be communicated at least thirty (30) days before taking effect. Continued use constitutes acceptance.