Privacy Statement

Last updated: April 2026

1. Introduction

Poker Tournament Manager ("PTM", "we", "us", or "our") operates the poker.reneo.io platform, the PTM iOS application, and associated services. This Privacy Statement explains how we collect, use, store, and protect your personal information when you use our service.

By using PTM, you agree to the collection and use of information as described in this statement. If you do not agree, please do not use the service.

2. Information We Collect

2.1 Account Information

PTM uses Hanko as its primary authentication provider. Hanko supports passkeys and email-based login. When you create an account:

  • Email address — used for account identification, login, and service communications. Managed by Hanko on our behalf.
  • Passkey credentials — if you register a passkey (biometric or device-based), the credential is stored on your device and with Hanko. We never receive or store your biometric data.
  • Display name — a name you choose to identify yourself within tournaments.
  • Hanko user ID — a unique identifier issued by Hanko, used to link your Hanko identity to your PTM account.

We do not store passwords. Authentication is handled by Hanko; PTM receives a verified identity token and issues its own session tokens.

2.2 Tournament and Venue Data

When you use PTM to manage or participate in tournaments, we collect:

  • Tournament details (name, structure, blind levels, timing).
  • Player registration details (venue, date, status).
  • Buy-in and fee payment status (we do not process or store credit card or bank details).
  • Tournament results, standings, chip counts, table assignments, and elimination data.
  • Rebuy, add-on, and re-entry activity during the tournament.

2.3 IoT Device Data

PTM supports Bluetooth Low Energy (BLE) display devices (ESP32-based hardware) at participating venues. When you use the iOS app to configure or control these devices:

  • Bluetooth scanning — the app scans for nearby PTM display devices. Device names and signal strengths are used only during the provisioning session and are not stored.
  • Wi-Fi credentials — you may provide a Wi-Fi network name (SSID) and password to provision a display device. This information is transmitted directly to the device over Bluetooth and is not stored by PTM.
  • Device identifiers — MAC addresses, device names, and firmware versions of enrolled display devices.
  • Connection data — IP addresses and connection timestamps of enrolled devices.
  • Telemetry data — battery status and device health information.

Device data is associated with venue organisations, not with individual player accounts. Bluetooth is used only for device configuration and tournament control — it is not used to track your location or collect data from your personal device.

2.4 Local Network Access

The iOS app uses your local network to discover PTM server instances running on the same network as your device (via mDNS / Bonjour). This requires the Local Network permission on iOS. The app does not transmit your local network information to any external server; it is used solely to find and connect to your self-hosted PTM instance.

2.5 Automatically Collected Information

When you use our service, we may automatically collect:

  • IP address — for security, fraud prevention, and audit logging.
  • Browser/device information — user agent strings for session management and bug reporting context.
  • Analytics data — app usage events, collected only with your explicit consent. See Section 6.

2.6 Cookies and Similar Technologies

On the web platform, we use cookies for the following purposes:

  • Session cookies — essential for authentication and maintaining your session.
  • Hanko authentication cookies — set by Hanko after successful login to maintain your authenticated session.
  • Analytics cookies — set only with your explicit consent.
  • CAPTCHA cookies — set by Cloudflare Turnstile on certain public-facing forms.

The iOS app does not use persistent cookies. Authentication state is stored securely on your device using iOS secure storage.

2.7 Player Card Association

PTM supports linking physical cards (RFID/NFC) to your account for streamlined tournament check-in. When you link a card:

  • Card identifier — a unique ID read from the physical card is stored and associated with your account.
  • Card type and metadata — the technology type of the card (e.g., RFID, NFC, MIFARE), Answer-To-Reset data, card standard, and other reader-reported metadata.
  • Enrollment metadata — which staff member enrolled the card, the date of enrollment, and any enrollment notes.

Card linking is optional. You can participate in tournaments without linking a card. You may request removal of a card association at any time.

2.8 Email Signup / Mailing List

When you sign up for early access or beta testing via our email signup form, we collect:

  • Name — to personalise communications.
  • Email address — to contact you about early access, beta hardware, and product updates.
  • Game type — to understand your poker context (e.g., home game, pub league, card room).

This information is collected with your explicit consent. You may request removal from the mailing list at any time by contacting us using the details in Section 15.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the tournament management service.
  • Verify your identity via Hanko and secure your account.
  • Enable Bluetooth-based configuration and control of display devices.
  • Discover PTM servers on your local network.
  • Enable card-based tournament check-in when you choose to link a card.
  • Send service-related communications (e.g., tournament updates).
  • Send marketing communications where you have given explicit consent.
  • Deliver real-time tournament updates via WebSocket connections.
  • Improve the service through analytics (with your consent).
  • Protect the service against spam and abuse.
  • Maintain security and prevent fraud.
  • Comply with legal obligations.

4. Information Sharing

We do not sell your personal information. We may share information only in these circumstances:

  • Hanko (authentication provider) — your email address and authentication credentials are processed by Hanko to provide login services. See Hanko's Privacy Policy.
  • Venue operators — tournament venues you register with can see your display name and registration status for their events.
  • Service providers — we use third-party services for email delivery, hosting, bot protection (Cloudflare Turnstile), and analytics (Firebase / Google Analytics). These providers process data on our behalf under contractual obligations.
  • Legal requirements — we may disclose information if required by law, regulation, or legal process.

5. Card Data and Physical Identification

Your linked card identifier is treated as sensitive data. Specifically:

  • Card IDs are associated with your account globally — a linked card works across all venues.
  • Only the card's unique identifier and technical metadata are stored; we do not read or store any other data from the card.
  • You can request unlinking of any card at any time by contacting venue staff or our support.

6. Analytics and Consent

The PTM iOS app uses Firebase Analytics (Google) to understand how the app is used. The web platform uses Google Analytics. In both cases, analytics tracking is opt-in only. You will be asked for consent when you first use the app or platform. You can change your analytics preference at any time through the app settings.

Analytics data collected includes app screens viewed, feature usage events, and session information. It does not include your name, email address, or tournament data.

7. Data Retention

  • Account data is retained for as long as your account is active.
  • Tournament records are retained for historical and statistical purposes.
  • Audit logs (profile changes, login events) are retained for security purposes.
  • Unrecognised card reads are temporary and resolved or cleared within a short period.
  • Mailing list entries are retained until you request removal or the mailing list is retired.

If you delete your account, we will remove your personal information within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (e.g., completed tournament records).

8. Data Security

We take reasonable measures to protect your information, including:

  • Authentication is handled by Hanko using industry-standard passkeys and JWT tokens.
  • Sessions are secured with token-based authentication (JWT).
  • Wi-Fi credentials entered for device provisioning are transmitted only over Bluetooth directly to the target device and are never stored by PTM.
  • Profile changes are tracked in an audit log for security monitoring.
  • Real-time WebSocket connections are authenticated and scoped to authorised tournaments.
  • IoT device connections are authenticated via unique API tokens.

9. iOS App — Permissions

The PTM iOS app requests the following device permissions:

  • Bluetooth — required to discover, configure, and control PTM display devices. Not used for location tracking or data collection from your personal device.
  • Local Network — required to discover PTM server instances on your local network via Bonjour/mDNS. Not used to access other devices on your network.

You can revoke either permission at any time in iOS Settings. Revoking Bluetooth will disable display device management. Revoking Local Network will disable automatic server discovery (you can still connect by entering a server address manually).

10. GDPR Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local laws apply to our processing of your personal data.

10.1 Legal Bases for Processing

  • Contract performance (Art. 6(1)(b)) — providing the tournament management service, including account management and tournament registration.
  • Consent (Art. 6(1)(a)) — for analytics tracking and marketing communications. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)) — for service security, fraud prevention, audit logging, and service improvement.
  • Legal obligation (Art. 6(1)(c)) — where we are required to retain data by law.

10.2 Your Rights Under GDPR

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18) — request that we limit how we use your data.
  • Right to data portability (Art. 20) — receive your personal data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)) — withdraw consent for analytics or marketing at any time.

To exercise any of these rights, contact us using the details in Section 15. We will respond within 30 days.

10.3 Data Transfers

Our servers and some third-party providers (including Hanko and Firebase/Google) may process data outside the EEA. Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

11. Your Rights (General)

Regardless of your jurisdiction, you may:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and personal data.
  • Withdraw consent for analytics or marketing at any time.
  • Unlink cards from your account.
  • Revoke Bluetooth or Local Network permissions via iOS Settings.
  • Unsubscribe from marketing communications at any time.

12. Marketing Communications

We will only send marketing communications if you have explicitly opted in. You can unsubscribe at any time. Service-related messages (such as critical account notifications) are not considered marketing.

13. Children's Privacy

PTM is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us so we can take appropriate action.

14. Third-Party Services

  • Hanko — passkey and email authentication provider. Privacy Policy
  • Firebase Analytics / Google Analytics — app and web usage analytics (opt-in only). Privacy Policy
  • Email delivery — Resend and/or Mailgun for transactional emails.
  • Cloudflare Turnstile — bot protection on public-facing forms.
  • Hosting and infrastructure — cloud hosting providers for application deployment and data storage.

15. Changes to This Statement

We may update this Privacy Statement from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the revised statement.

16. Contact Us

If you have questions about this Privacy Statement, wish to exercise your data rights, or have a GDPR-related enquiry, please contact us at:

Back to Home