← Back to Home
1. Introduction
TourneyDonk ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform.
By using TourneyDonk, you consent to the practices described in this policy.
2. Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address: For login, notifications, and password recovery
- Display name: Your chosen username visible to other users
- Password: Stored as a cryptographic hash (we never see your plaintext password)
- Role: Whether you're a Donk (player) or Stablemaster (backer)
2.2 Financial Data
When you use our wallet and payment features, we collect:
- Wallet balance: Amount of funds held in your TourneyDonk wallet
- Transaction history: Deposits, withdrawals, purchases, sales, settlements
- Payment method metadata: Last 4 digits of card, card brand (Visa, Mastercard, etc.) — full card numbers are handled by Stripe and never stored by us
- Bank account details: For withdrawals (handled securely via Stripe Connect)
2.3 Identity Verification (KYC) Data
When you complete identity verification, we collect:
- Government ID metadata: Name, date of birth, ID number, ID type (passport, driver's license, etc.)
- Verification status: Pass/fail result from Stripe Identity
- Verification timestamp: When verification was completed
IMPORTANT: We do NOT store raw government ID images or selfies. These are processed by Stripe Identity and only the verification result is shared with us.
2.4 Poker Profile Data
When you link your poker profile, we collect:
- Profile URLs: PokerStars, GGPoker, Hendon Mob, etc.
- Player statistics: ROI, ITM%, volume, biggest cash, GPI rank (manually entered or scraped where permitted)
- Tournament history: Past results you choose to share
2.5 Usage Data
We automatically collect technical information about your use of TourneyDonk:
- Login history: Timestamps, IP addresses, device fingerprints (for security)
- Actions performed: Packages created, stakes purchased, settlements reported
- Device information: Browser type, operating system, screen resolution
- Session data: Pages viewed, time spent, click paths
3. How We Use Your Data
We use the data we collect for the following purposes:
| Purpose |
Data Used |
| Account Management |
Email, password hash, display name, role |
| Transaction Processing |
Wallet balance, payment methods, transaction history |
| Identity Verification |
KYC metadata, age verification, fraud detection |
| Fraud Prevention |
Login history, device fingerprints, transaction patterns |
| Platform Improvement |
Usage data, session analytics, feature engagement |
| Communication |
Email (for transactional emails, security alerts, updates) |
3.1 Legal Basis (GDPR Compliance)
For users in the European Economic Area (EEA), we process your data based on:
- Contract performance: Necessary to provide staking services
- Legal obligation: KYC/AML compliance, tax reporting
- Legitimate interest: Fraud prevention, platform security, service improvement
- Consent: Marketing emails (opt-in only)
4. Third-Party Sharing
We share your data with the following third parties:
4.1 Stripe (Payments & Identity Verification)
- What we share: Email, payment amounts, KYC verification requests
- Why: To process deposits, withdrawals, and identity verification
- Their policy: stripe.com/privacy
4.2 Polsia (Email Service)
- What we share: Email addresses, transactional email content
- Why: To send login codes, settlement notifications, security alerts
- Their policy: polsia.com/privacy
4.3 Render (Hosting Provider)
- What we share: All data stored on our servers (encrypted database, backups)
- Why: Infrastructure hosting for TourneyDonk
- Their policy: render.com/privacy
4.4 Neon (Database Provider)
- What we share: All structured data (users, transactions, packages)
- Why: PostgreSQL database hosting
- Their policy: neon.tech/privacy-policy
4.5 No Data Selling
We do NOT sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Retention
We retain your data for as long as necessary to provide services and comply with legal obligations:
- Account data: Retained while your account is active, plus 7 years after closure (for financial audit requirements)
- Financial records: 7 years minimum (IRS and financial regulations)
- KYC verification records: 5 years after verification (AML compliance)
- Security audit logs: 2 years (fraud detection and dispute resolution)
- Session data: 90 days (platform improvement and analytics)
After retention periods expire, data is securely deleted or anonymized.
6. Your Rights
You have the following rights regarding your personal data:
6.1 Access Your Data
You can request a copy of all data we hold about you. Email privacy@tourneydonk.com with your request.
6.2 Request Deletion
You may request deletion of your account and personal data, subject to legal retention requirements. Financial transaction records must be retained for 7 years per tax law.
6.3 Export Your Data
You can request a machine-readable export of your data (JSON format) by emailing privacy@tourneydonk.com.
6.4 Correct Inaccurate Data
You can update your email, display name, and poker profile data in your account settings. For other corrections, contact support.
6.5 Withdraw Consent
If you consented to marketing emails, you can unsubscribe at any time by clicking the "unsubscribe" link in any email.
6.6 Lodge a Complaint (EU Users)
If you believe we are mishandling your data, you may file a complaint with your national data protection authority.
7. Cookies & Tracking
7.1 What Cookies We Use
TourneyDonk uses the following types of cookies:
- Session cookies: To keep you logged in (expires after 30 days or when you log out)
- Authentication cookies: To verify your identity on each request
- Device trust cookies: To recognize trusted devices and reduce 2FA prompts
7.2 Third-Party Cookies
We do NOT use third-party advertising or analytics cookies (no Google Analytics, Facebook Pixel, etc.).
7.3 Cookie Management
You can disable cookies in your browser settings, but this will prevent you from logging in and using TourneyDonk.
8. Security Measures
We take security seriously and implement the following measures:
- Encryption: All data transmitted via HTTPS (TLS 1.3). Database connections encrypted at rest and in transit.
- Password hashing: Bcrypt with 10 rounds (industry standard)
- Two-factor authentication (2FA): Email verification codes for high-risk actions (withdrawals, settlements, secondary market sales)
- Account lockout: 5 failed login attempts = 15-minute lockout; 10 failed = email unlock required
- Suspicious login detection: Automatic 2FA triggers for unrecognized devices
- Security audit logs: Comprehensive logging of all security events for forensics
- Access controls: Limited employee access to production data; multi-factor authentication for all admins
Despite our best efforts, no system is 100% secure. If you discover a security vulnerability, please report it to security@tourneydonk.com.
9. Children's Privacy
TourneyDonk is NOT intended for users under 18 years old. We do not knowingly collect data from minors.
If we discover that a user is under 18:
- Their account will be immediately terminated
- Any funds in their wallet will be held pending verification of legal guardian ownership
- Personal data will be deleted within 30 days
If you believe a minor has created an account, contact us at support@tourneydonk.com.
10. International Users
10.1 Data Processing Location
TourneyDonk is hosted in the United States. Your data may be processed and stored on servers located in the US (via Render and Neon hosting).
10.2 GDPR Compliance (EU Users)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right to access your data
- Right to rectification (correction)
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
To exercise these rights, email privacy@tourneydonk.com.
10.3 Data Transfers
When we transfer data from the EU to the US, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions for specific service providers (e.g., Stripe is Privacy Shield certified)
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be effective immediately upon posting to this page.
We will notify you of significant changes via:
- Email to your registered address
- In-app banner notification
Your continued use of TourneyDonk after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at: