SpikyPoker

Privacy Policy

Last updated: 2026-03-22

1. Data Controller

The data controller responsible for your personal data is MB Blipas, registered at Minties g. 16, LT-53365 Kauno r., registration number 306705803. For privacy-related inquiries, contact us at: info@spikypoker.com.

2. Data We Collect

We collect and process the following categories of personal data:

  • Account data: Email address, display name, and password (stored in hashed form) — collected during registration to create and manage your account.
  • Tournament data: Tournament names, player names, blind structures, timer settings, prize configurations, and related content you create within the Service.
  • Payment data: Subscription tier and billing status. Payment card details are processed directly by Stripe and are never stored on our servers. See Stripe's privacy policy at stripe.com/privacy.
  • Technical data: IP address, browser type, device information, and session tokens — automatically collected for authentication, security, and service operation.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): Processing your account and tournament data is necessary to deliver the Service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR): Processing technical data for security, fraud prevention, and service stability.
  • Legal obligation (Art. 6(1)(c) GDPR): Retaining billing and transaction records as required by applicable tax and accounting laws.
  • Consent (Art. 6(1)(a) GDPR): If we introduce optional features such as analytics or marketing communications in the future, we will request your explicit consent before processing.

4. How We Use Your Data

We use your personal data to: provide, maintain, and improve the Service; process payments and manage subscriptions; authenticate your identity and secure your account; communicate with you about your account, service updates, or support requests; comply with legal obligations. We do not sell your personal data. We do not use your data for automated profiling or decision-making.

5. Third-Party Service Providers

We use trusted third-party providers to operate the Service: Stripe for payment processing (stripe.com/privacy), cloud infrastructure providers for hosting and database services, and content delivery services. These providers process data on our behalf under Data Processing Agreements (DPAs) that ensure GDPR-compliant data protection. We only share the minimum data necessary for each provider to perform their function.

6. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or reliance on adequacy decisions by the European Commission, to protect your data in accordance with GDPR requirements.

7. Cookies

We use only strictly necessary cookies that are essential for the Service to function:

  • Authentication cookie: Maintains your login session so you don't need to sign in on every page visit. Expires when you log out or after your session ends.
  • Preference cookie: Stores your display theme preference (light/dark mode). Contains no personal data.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Because we only use strictly necessary cookies, no cookie consent is required. If we add non-essential cookies in the future, we will request your consent before setting them.

8. Data Retention

We retain your account and tournament data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where we are legally required to retain certain records (e.g., billing records may be retained for up to 10 years for tax compliance). Anonymized or aggregated data that cannot identify you may be retained indefinitely for statistical purposes.

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Art. 18): Request that we limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format (JSON or CSV).
  • Right to object (Art. 21): Object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)): Withdraw consent at any time where processing is based on your consent.

To exercise any of these rights, contact us at info@spikypoker.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

You also have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybine duomenu apsaugos inspekcija, vdai.lrv.lt) or the supervisory authority in your country of residence.

10. Children's Data

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect by email or through a notice in the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at: MB Blipas, Minties g. 16, LT-53365 Kauno r., Email: info@spikypoker.com