Privacy Policy
This Privacy Policy explains what personal data we collect when you use PLO Hero (the “Service” at plo-hero.com), why we collect it, who we share it with, and the rights you have. We process personal data in line with the Swiss Federal Act on Data Protection (FADP) and, where it applies, the EU/UK General Data Protection Regulation (GDPR). For EU/EEA/UK users, please also read our GDPR Policy. PLO Hero is operated by R. Rezgui; see our Impressum for full operator and contact details.
1. The data we collect
- Account data — your email address and a password (stored only as a secure one-way hash, never in plain text). If you use “Continue with Google,” we receive your Google account identifier and email address.
- Email verification — a one-time code we send to your email to confirm it.
- Profile & preferences — your display settings (e.g. deck and colour choices).
- Gameplay data — the practice hands you play, coaching feedback, your statistics and sessions, and any hand-history files you choose to upload for review.
- Payment data — payments are processed by Stripe. We do not receive or store your full card number. We store your Stripe customer identifier and your subscription status and billing dates.
- Technical data — your IP address, browser/device (user-agent) and login session records, used to keep you signed in and to protect the Service.
- Usage / analytics data — only if you consent to analytics cookies, we collect how you use the site (approximate location, device/browser, pages viewed and interactions) via Google Analytics 4. This is never collected if you decline, and Google Analytics 4 does not log full IP addresses. See our Cookie Policy.
2. How and why we use it
We use your data only for the purposes below, each with a lawful basis:
| Purpose | Lawful basis |
|---|---|
| Operate the Service and provide your training, coaching and history features | Performance of a contract |
| Create and secure your account, keep you logged in, prevent fraud and abuse | Contract / our legitimate interest in a secure service |
| Process payments and manage your subscription | Contract / legal obligation (accounting) |
| Send service emails (verification, subscription confirmations, important notices) | Contract |
| Measure and improve the Service (analytics via Google Analytics) | Your consent (which you can withdraw anytime) |
| Comply with legal, tax and accounting obligations | Legal obligation |
We do not sell your personal data, and we do not use it for advertising or cross-site behavioural tracking. Analytics is used only to understand and improve the Service, and only if you opt in.
3. Cookies
We use strictly necessary cookies (for login and security) and, only with your consent, analytics cookies (Google Analytics). No analytics cookies are set if you decline, and you can change or withdraw your choice anytime via the Cookie settings link. See our Cookie Policy for the full list.
4. Who we share data with (sub-processors)
We use a small number of trusted service providers who process data on our behalf, only to run the Service:
- Stripe — payment processing and subscriptions. (Privacy policy)
- Brevo (Sendinblue) — sending transactional emails. (Privacy policy)
- Google — optional “Sign in with Google,” and, only with your consent, Google Analytics 4 for usage analytics (Google Ireland Ltd / Google LLC). (Privacy policy)
- Our hosting provider — secure servers that run the application and database.
We may also disclose data if required by law, to protect our rights, or in connection with a business transfer, in which case we will inform you.
5. International transfers
We host the Service and store user data on servers located in Switzerland and/or the European Union. Some of our sub-processors (e.g. Stripe and Google) may process data outside Switzerland/the EEA, including in the United States. Where that happens, the transfer is protected by an adequacy decision or by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
6. How long we keep it
We keep your personal data for as long as your account is active. If you delete your account or ask us to erase your data, we will delete it within a reasonable period, except where we must keep certain records to meet legal obligations — for example, invoicing and accounting records, which Swiss law requires us to retain for up to 10 years. Backups are overwritten on a rolling basis.
7. Your rights
Subject to applicable law, you can ask us to: access the data we hold about you; correct inaccurate data; delete your data; restrict or object to certain processing; and receive your data in a portable format. Where we rely on consent, you can withdraw it at any time. To exercise any right, email hello@plo-hero.com. You can also delete much of your data yourself from within the app (hands, sessions, and your account).
If you believe we have mishandled your data, you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC), or, if you are in the EU/EEA/UK, your local data protection authority.
8. Security
We protect your data with measures including password hashing (bcrypt), HTTP-only signed session cookies, encryption in transit (TLS), and revocable server-side sessions. No system is perfectly secure, but we work to keep your data safe and to respond promptly to any incident.
9. Children
PLO Hero is intended only for adults aged 18 or older. We do not knowingly collect data from anyone under 18. If you believe a minor has used the Service, contact us and we will remove the account.
10. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the “Last updated” date; significant changes will be communicated by email where appropriate.
11. Contact
Questions about your privacy? Email hello@plo-hero.com.