WrapGTO
Back to app

Legal

Privacy Policy

Effective July 3, 2026

1. What we collect

Account info — when you sign in with Google we receive and store your Google account ID, email address, display name, and profile picture URL. We never see or store a password.

Usage — the hands you play and construct, your decisions and their grades, aggregate stats (scores, EV loss), your free-tier hand count, and app preferences.

Billing — subscription status and Stripe customer/subscription identifiers, plus records of payments (amount, date, Stripe reference). Card numbers go directly to Stripe; we never see or store them.

Technical — standard server logs (IP address, browser user-agent, request paths, timestamps) kept for security and debugging.

2. How we use it

To run the service: authenticate you, save your hands and stats, enforce the free tier, process subscriptions, prevent abuse, and fix problems. That's the whole list. We don't sell or rent your data, we don't run ads, and we currently use no analytics trackers.

3. Cookies and local storage

One essential session cookie keeps you signed in (expires after ~30 days or on sign-out). Your browser's local storage holds interface preferences (selected tab, display units, collapsed panels). No third-party or advertising cookies.

4. Who else touches your data

Four service providers, each only for its job: Google (sign-in identity; fonts are also loaded from Google's servers, which sees standard requests), Stripe (payments and subscription management — see Stripe's privacy policy for how they handle card data), Cloudflare (network/proxy in front of the site), and Hetzner (the server that hosts WrapGTO, located in the United States). We disclose data beyond this only if the law requires it.

5. Retention and backups

Account and usage data are kept while your account is active. Nightly encrypted-in-transit backups rotate on roughly a two-week window. Server logs rotate automatically. When your account is deleted, live data is removed immediately and ages out of backups on that rotation; Stripe retains payment records as required by financial regulations.

6. Your rights

Email us and we'll show you what we hold about you, correct it, export it, or delete your account and its data — usually within a few days. Deleting your account cancels any active subscription.

7. Security

All traffic is encrypted (HTTPS). The database lives on a locked-down server with key-only access. Payment credentials never touch our systems. No internet service is perfectly secure, but the attack surface here is deliberately small.

8. Children

WrapGTO is for adults (18+). We don't knowingly collect data from minors; if you believe a minor has an account, email us and we'll delete it.

9. Changes and contact

If this policy changes, the current version lives at wrapgto.com/privacy and we'll make reasonable efforts to flag material changes in the app or by email.

Privacy questions or requests: [email protected]