LeakLab
Log inSign up

Privacy Policy

Last updated: March 19, 2026

Introduction

At LeakLab, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal information when you use our poker analysis service.

By using LeakLab, you consent to the data practices described in this policy.

Information We Collect

Account Information

  • Email address (for authentication)
  • Name (optional, from Google OAuth)
  • Profile picture (optional, from Google OAuth)
  • Authentication provider (Google or email/password)

Poker Data

  • Winamax hand history files you upload
  • Calculated poker statistics (VPIP, PFR, 3-bet, etc.)
  • Session dates, stakes, and game types

Technical Data

  • IP address and browser information
  • Usage patterns and feature interactions
  • Error logs and performance metrics

How We Use Your Information

Primary Purposes

  • Provide and improve the LeakLab service
  • Calculate poker statistics and identify leaks
  • Personalize your dashboard and recommendations
  • Authenticate your account and secure access
  • Communicate important service updates

Aggregated Data

We anonymize and aggregate user data to:

  • Improve population statistics (NL2 5max statistics)
  • Analyze feature usage to guide development
  • Publish anonymous industry insights (e.g., "average VPIP at NL2")

Aggregated data cannot be traced back to individual users.

Data Storage and Security

Storage Locations

  • Account information: PostgreSQL database (Railway, EU region)
  • Hand history files: Temporary processing only (not stored long-term)
  • Calculated statistics: PostgreSQL database

Security Measures

  • Encrypted connections (HTTPS/TLS)
  • Password hashing (bcrypt for email/password users)
  • Secure authentication (NextAuth with JWT)
  • Regular security updates and monitoring

Data Retention

  • Account data: Retained until account deletion
  • Hand history files: Deleted after processing (within 24 hours)
  • Calculated statistics: Retained for historical analysis
  • Inactive accounts: May be deleted after 24 months of inactivity

Third-Party Services

Service Providers

We use the following third-party services:

  • Vercel: Frontend hosting (USA, EU)

    Privacy policy: https://vercel.com/legal/privacy-policy

  • Railway: Backend and database hosting (USA, EU)

    Privacy policy: https://railway.app/legal/privacy

  • Google: OAuth authentication (optional)

    Privacy policy: https://policies.google.com/privacy

Data Sharing

We do not sell your personal data. We only share data with third parties when:

  • Required by law or legal process
  • Necessary to protect our rights or safety
  • You explicitly consent to sharing

Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain data processing

To exercise these rights, contact us at privacy@leaklab.app.

Cookies and Tracking

LeakLab uses essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels.

You can control cookies through your browser settings, but this may affect Service functionality.

Children's Privacy

LeakLab is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes via email or in-app notification.

Contact Information

For privacy-related questions or to exercise your data rights:

Email: privacy@leaklab.app

Back to Home
Terms of ServiceLegal Notice