隐私政策Privacy Policy
本政策说明 Fair Poker 收集哪些数据、如何使用与共享,以及你依据 GDPR、CCPA/CPRA 等法律享有的权利。Fair Poker 的设计本身就尽量少收集数据:发牌与牌局证据主要留在你的浏览器,官方只做轻量中继。 This policy explains what data Fair Poker collects, how it is used and shared, and the rights you have under laws such as the GDPR and CCPA/CPRA. Fair Poker is designed to collect as little as possible: dealing and hand evidence stay mainly in your browser, and the operator runs only a lightweight relay.
数据最小化要点:我们不出售你的个人数据,不投放广告,不接入第三方行为追踪。账号只需用户名与本地派生的认证凭据;服务端从不接触你的明文密码;每手牌的底牌解密钥只留在你当前标签页。
Data-minimization summary: we do not sell your personal data, run no ads, and use no third-party behavioural tracking. Accounts need only a username and a locally-derived credential; the server never touches your plaintext password; per-hand hole-card keys stay in your current browser tab.
1. 我们是谁
本服务由 Fair Poker 运营方("我们")提供。就适用数据保护法而言,我们是处理本政策所述个人数据的数据控制者。隐私相关事宜联系:[email protected]。
2. 我们收集的数据
| 类别 | 内容 | 存放位置 |
|---|---|---|
| 账号数据 | 你选择的用户名,以及由你的密码在本地派生的认证凭据(authSecret)的哈希。我们不存储明文密码。 | 账号哈希存于服务端;账号密钥库加密后存于你的浏览器。 |
| 本地游戏数据 | 语言偏好、会话标识、牌局 transcript 证据、逐卡解密钥等。 | 留在你浏览器的 localStorage / sessionStorage,默认不上传。 |
| 连接与技术数据 | 建立 WebSocket 连接所必需的网络信息(如 IP 地址)、连接时间、基本日志。私有发牌消息端到端加密,中继只见密文。 | 由中继(Cloudflare)短暂处理,用于连通与防滥用。 |
| 你主动提供的数据 | 当你通过邮件联系我们时提供的内容。 | 邮箱通信记录。 |
我们不收集:广告或跨站追踪标识、第三方行为分析、与游戏无关的设备指纹用于画像。界面中显示的脱敏安全/伙牌信号在本地计算,用于提示,不用于广告。
3. 如何使用
- 提供并维护牌桌连接、账号登录与基本功能;
- 保障安全:防止作弊、串通、滥用与拒绝服务,维护服务完整性;
- 排障与改进服务质量;
- 遵守法律义务、回应合法请求。
4. 法律依据(GDPR)
对欧洲经济区/英国用户,我们处理个人数据的依据包括:合同的履行(为你提供你请求的服务)、合法利益(保障安全、防滥用、维持服务)、同意(在适用且我们征求时)、以及法律义务。你可随时就基于同意的处理撤回同意。
5. 共享与披露
- 服务提供商:我们使用 Cloudflare 提供中继与边缘基础设施,作为受合同约束的数据处理者按我们的指示处理连接数据。客户端通过公共 IPFS 网关分发。
- 法律要求:在法律要求或为保护权利、安全与防欺诈所必需时,我们可能披露信息。
- 业务转移:如发生合并、收购或资产转让,相关数据可能随之转移,并继续受本政策约束。
- 我们不会出售你的个人数据,也不为第三方的跨站定向广告而"分享"你的个人信息(CCPA/CPRA 含义下)。
6. 数据保留
账号哈希在你的账号存在期间保留;删除账号后,服务端账号数据将在合理期限内删除或匿名化,除非法律要求保留。连接日志仅短期保留用于安全与排障。留在你浏览器中的本地数据由你掌控,可随时在浏览器中清除(见 Cookie 与本地存储说明)。
7. 安全
我们采用与风险相称的技术与组织措施:账号密钥库本地加密、传输层 TLS、服务端只存认证凭据哈希、私有发牌端到端加密。但没有任何系统可保证绝对安全;请使用强密码并避免在装有可疑扩展的浏览器中游戏。
8. 你的权利
视你所在地法律,你可能享有以下权利:
- 知情与访问我们持有的与你相关的个人数据;
- 更正不准确的数据;
- 删除("被遗忘权");
- 限制或反对某些处理;
- 数据可携;
- 对基于同意的处理撤回同意;
- (CCPA/CPRA)知悉、删除、更正,并对"出售/分享"选择退出——我们本就不出售或分享;不因你行使权利而歧视你;
- 向你所在地的数据保护监管机构投诉。
行使权利请邮件 [email protected];我们将在适用法律规定的期限内回应,并可能为核实身份请求必要信息。
9. 国际传输
我们的服务提供商(如 Cloudflare)通过全球边缘网络运行,你的连接数据可能在你所在国家/地区以外被处理。在适用法律要求时,此类传输会采取适当保障措施(如标准合同条款)。
10. 儿童
本服务面向成年人,不面向 18 周岁以下人士,我们不会有意收集儿童的个人数据。若你认为未成年人向我们提供了数据,请联系我们删除。
11. Cookie 与本地存储
我们仅使用为提供服务所必需的本地存储,不使用广告或第三方追踪 Cookie。详见 Cookie 与本地存储说明。
12. 政策变更
我们可能更新本政策。重大变更将通过更新"最后更新"日期并在适当情况下显著提示的方式公布。
13. 联系
隐私相关请求或问题,请联系 [email protected]。
1. Who we are
The service is provided by the operator of Fair Poker ("we"). For applicable data-protection law, we are the data controller for the personal data described in this policy. For privacy matters, contact [email protected].
2. Data we collect
| Category | What | Where it lives |
|---|---|---|
| Account data | A username you choose, and the hash of an authentication credential (authSecret) derived locally from your password. We do not store plaintext passwords. | The account hash is on the server; the account vault is encrypted in your browser. |
| Local game data | Language preference, session identifier, hand transcript evidence, per-card decrypt keys, and similar. | Stays in your browser's localStorage / sessionStorage and is not uploaded by default. |
| Connection & technical data | Network information needed to establish a WebSocket connection (such as IP address), connection times, and basic logs. Private dealing messages are end-to-end encrypted, so the relay sees only ciphertext. | Processed transiently by the relay (Cloudflare) for connectivity and abuse prevention. |
| Data you provide | Anything you include when you email us. | Email correspondence. |
We do not collect: advertising or cross-site tracking identifiers, third-party behavioural analytics, or game-unrelated device fingerprints for profiling. The sanitized safety/collusion signals shown in the UI are computed locally for hints and are not used for advertising.
3. How we use it
- to provide and maintain table connectivity, account login, and core features;
- for security: to prevent cheating, collusion, abuse, and denial-of-service, and to protect service integrity;
- to troubleshoot and improve service quality;
- to comply with legal obligations and respond to lawful requests.
4. Legal bases (GDPR)
For users in the EEA/UK, we process personal data on these bases: performance of a contract (to provide the service you request), legitimate interests (security, abuse prevention, keeping the service running), consent (where applicable and requested), and legal obligation. You may withdraw consent at any time for processing based on consent.
5. Sharing
- Service providers: we use Cloudflare for relay and edge infrastructure, acting as a contractually-bound data processor that handles connection data on our instructions. The client is distributed via public IPFS gateways.
- Legal requirements: we may disclose information where required by law or necessary to protect rights, safety, and prevent fraud.
- Business transfers: in a merger, acquisition, or asset transfer, relevant data may transfer and remain subject to this policy.
- We do not sell your personal data, nor "share" it for third-party cross-context behavioural advertising (in the CCPA/CPRA sense).
6. Retention
The account hash is kept while your account exists; after you delete your account, server-side account data is deleted or anonymised within a reasonable period unless retention is legally required. Connection logs are kept only briefly for security and troubleshooting. Local data in your browser is under your control and can be cleared at any time (see the Cookie & Local Storage Policy).
7. Security
We use technical and organisational measures proportionate to the risk: local vault encryption, TLS in transit, server-side storage of only an authentication-credential hash, and end-to-end encryption of private dealing. No system can guarantee absolute security; use a strong password and avoid playing in a browser with suspicious extensions.
8. Your rights
Depending on your location, you may have the right to:
- be informed and access the personal data we hold about you;
- rectify inaccurate data;
- erase ("right to be forgotten");
- restrict or object to certain processing;
- data portability;
- withdraw consent for consent-based processing;
- (CCPA/CPRA) to know, delete, correct, and opt out of "sale/sharing" — which we do not do — without discrimination for exercising your rights;
- complain to your local data-protection authority.
To exercise rights, email [email protected]. We will respond within the period required by applicable law and may request information to verify your identity.
9. International transfers
Our service providers (such as Cloudflare) operate global edge networks, so your connection data may be processed outside your country or region. Where required by law, such transfers use appropriate safeguards (such as Standard Contractual Clauses).
10. Children
The service is intended for adults, not for anyone under 18, and we do not knowingly collect children's personal data. If you believe a minor has provided us data, contact us to delete it.
11. Cookies & local storage
We use only the local storage necessary to provide the service, and no advertising or third-party tracking cookies. See the Cookie & Local Storage Policy.
12. Changes
We may update this policy. Material changes will be announced by updating the "Last updated" date and, where appropriate, a prominent notice.
13. Contact
For privacy requests or questions, contact [email protected].