Legal
Privacy Policy
Last updated: May 13, 2026
Introduction
At LeakLab, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information when you use our poker analysis service.
By using LeakLab, you consent to the data practices described in this policy.
Information We Collect
Account Information
- Email address (for authentication)
- Name (optional, from Google OAuth)
- Profile picture (optional, from Google OAuth)
- Authentication provider (Google or email/password)
Poker Data
- Winamax and PokerStars hand history files you upload
- Calculated poker statistics (VPIP, PFR, 3-bet, and more)
- Session dates, stakes (NL2 to NL100), and game types
Technical Data
- IP address and browser information
- Usage patterns and feature interactions
- Error logs and performance metrics
How We Use Your Information
Primary Purposes
- Provide and improve the LeakLab service
- Calculate poker statistics and identify leaks
- Personalize your dashboard and recommendations
- Authenticate your account and secure access
- Communicate important service updates
Aggregated Data
We anonymize and aggregate user data to:
- Improve population statistics across supported stakes
- Analyze feature usage to guide development
- Publish anonymous industry insights (for example, "average VPIP at NL10")
Aggregated data cannot be traced back to individual users.
Data Storage and Security
Storage Locations
- Account information: PostgreSQL database (Railway, EU region)
- Hand history data: Stored encrypted in the database for analysis and historical comparison. Anonymized at import (opponent usernames replaced). Can be exported or deleted at any time from your account.
- Calculated statistics: PostgreSQL database
Security Measures
- Encrypted connections (HTTPS/TLS)
- Password hashing (bcrypt for email/password users)
- Secure authentication (NextAuth with JWT)
- Regular security updates and monitoring
Data Retention
- Account data: Retained until account deletion
- Hand history data: Retained as long as the account is active. Deleted on account deletion or on user request.
- Calculated statistics: Retained for historical analysis
- Inactive accounts: May be deleted after 24 months of inactivity
Third-Party Services
Service Providers
We use the following third-party services:
- Vercel: Frontend hosting (USA, EU). Privacy policy: vercel.com/legal/privacy-policy
- Railway: Backend and database hosting (USA, EU). Privacy policy: railway.app/legal/privacy
- Google: OAuth authentication (optional). Privacy policy: policies.google.com/privacy
Data Sharing
We do not sell your personal data. We only share data with third parties when:
- Required by law or legal process
- Necessary to protect our rights or safety
- You explicitly consent to sharing
Your Rights (GDPR/CCPA)
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Portability: Request your data in a machine-readable format
- Objection: Object to certain data processing
To exercise these rights, contact us at leaklabgg@gmail.com.
Children's Privacy
LeakLab is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify users of significant changes via email or in-app notification.
Contact Information
For privacy-related questions or to exercise your data rights:
Email: leaklabgg@gmail.com