Local Fold

Privacy Policy

Last updated: May 7, 2026

EN · PL

1. Who we are

Local Fold is developed by Wiktor Zając (Poland) as an independent developer. References to "we", "us", or "Local Fold" mean the developer in their individual capacity.

Contact: wzajac.contact [at] gmail.com

2. Scope

This policy describes the personal data Local Fold collects through its iOS application, why we collect it, and the rights you have over that data.

3. What we collect

3.1 Account data

When you sign in we receive the following from your authentication provider:

Sign in with Apple: a stable Apple user identifier; the name and email you choose to share at first sign-in. If you use Apple's "Hide My Email" relay we receive only the relay address.
Sign in with Google: your Google account name, email address, and profile photo URL.

This data is stored in Firebase Authentication and in our Cloud Firestore database under your user document. The user document also stores a chosen avatar color and the timestamp at which your account was first created.

3.2 In-app content

While using the app you create content that is saved to Cloud Firestore:

Display name set in your profile
Groups you create, belong to, or are invited to
Live and historical poker session records: buy-ins, mid-session cash-outs, final chip counts, and the resulting point tally
Membership relationships with other users in your groups

This content is shared in real time with other members of the same group — that sharing is the app's purpose.

3.3 Diagnostic data

We use Firebase Crashlytics to collect crash reports:

A randomly generated installation identifier (not linked to your account)
Device model, operating system version, and app version
Crash stack traces and event timestamps
Your IP address (used by Google for security purposes and not retained by us)

Crash data helps us fix bugs. It is not used for advertising, profiling, or cross-app tracking. Crashlytics is configured so that crash reports are not linked to your Local Fold account; the app does not pass your user identifier to Crashlytics.

3.4 Local device data

A small flag tracking whether you have completed onboarding is stored on your device using the operating system's local storage. This data does not leave your device.

3.5 What we do NOT collect

We do not use third-party analytics SDKs.
We do not use advertising SDKs.
We do not track you across other apps or websites — App Tracking Transparency is not requested because we perform no such tracking.
We do not collect, process, or store payment information. The app uses unitless integer points and does not reference money, currency, or any monetary unit.

4. Why we use your data (legal bases)

Account data and in-app content: to provide the service you signed up for. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
Crash diagnostics: to maintain and improve app stability. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

5. Data sharing

We share data with the following processors who help us operate the app:

Google LLC — Firebase Authentication, Cloud Firestore, and Firebase Crashlytics. Provides the cloud infrastructure that stores your account, app content, and crash reports.
Apple Inc. — Sign in with Apple. Handles authentication when you choose Apple sign-in.

We do not sell your data. We do not share your data with advertisers or data brokers.

6. International transfers

Firebase services may process data on Google's servers outside the European Economic Area, primarily in the United States. Google relies on Standard Contractual Clauses approved by the European Commission for these transfers.

7. Data retention

Account and profile data: retained for as long as your account exists. When you delete your account in the app, your user document and personal profile are removed from our database.
Groups you host: when you delete your account, the entire group — including its session history, member roster, and pending invite codes — is permanently removed.
Groups hosted by other users: your member entry is removed from each such group. However, historical session records you participated in (buy-ins, cash-outs, and chip counts) remain inside those sessions alongside your display name and pseudonymous Firebase user identifier as recorded at the time of the session. Local Fold cannot rewrite session history that another user owns. If you want such records altered, contact us at the email above and we will forward the request to the relevant group host.
Crashlytics data: retained for up to 90 days per Google's default Crashlytics retention.

8. Your rights (GDPR)

If you reside in the European Economic Area you have the right to:

Access your personal data
Request correction of inaccurate data
Request erasure (the in-app account-deletion flow fulfills this for most categories — see Section 7 for limits)
Restrict or object to processing
Data portability — receive a machine-readable copy of your data
Lodge a complaint with the Polish data protection authority (Urząd Ochrony Danych Osobowych, https://uodo.gov.pl)

To exercise any of these rights, contact us at wzajac.contact [at] gmail.com. There is no automated export tool inside the app today; access and portability requests are fulfilled manually. Please allow up to 30 days for a response, in line with GDPR Article 12(3).

9. Account deletion

You can delete your account at any time from inside the app: Profile tab → Delete account.

This action:

Deletes your user document and personal profile from Cloud Firestore
Deletes any groups you host, along with their sessions, member roster, and pending invite codes
Removes your member entry from groups hosted by other users
Deletes your Firebase Authentication account
Disconnects Local Fold from your Google account (revokes the Google OAuth grant)
Revokes your Apple Sign-In token where applicable, as required by App Store guideline 5.1.1(v)
Cannot be undone

For data that may remain inside other users' sessions after deletion, see Section 7.

10. Children

Local Fold is not directed at children under 16. We do not knowingly collect data from minors. If you believe we may have done so, please contact us and we will remove the data.

11. Security

Data in transit is protected by TLS provided by the operating system and the Firebase SDKs. Data at rest in Cloud Firestore is encrypted by Google. Access to your group's data is gated by Firestore security rules that grant read access to group members and write access to the host of each session.

If we become aware of a personal data breach, we will notify the Polish supervisory authority (UODO) within 72 hours, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay (GDPR Article 34).

12. Changes to this policy

We may update this policy if the app changes. Material changes will be reflected in the "Last updated" date and the published policy at this URL. We recommend reviewing the policy periodically.

13. Disclaimer

Local Fold is provided "as is", without warranty of any kind. The app helps you record chip counts and verify they reconcile; it does not move money, settle debts, or replace any binding agreement between players. Always confirm reconciliation results with the players at your table before relying on them.

Local Fold is not a payment service, a financial product, or a gambling service, and the app does not facilitate any of these. Counts are tracked as unitless integer points; the app does not reference money, currency, or any monetary unit.

To the maximum extent permitted by applicable law, the developer disclaims liability for any direct, indirect, incidental, or consequential loss arising from use of, or inability to use, the app — including any disputes over session reconciliation outcomes.

14. Contact

For privacy inquiries: wzajac.contact [at] gmail.com