ChipLog is committed to protecting your privacy. This policy explains what information we
collect, how we use it, with whom we share it, and what rights you have.
1. Data We Collect
Information You Provide Directly
- Email address — used for account creation and login
- Gambling session records: casino name, location, date, game type, outcome, amount wagered, buy-in, session duration, and personal notes
- W-2G tax data you manually enter: reported amounts and dates
- Account credentials (password stored as a one-way hash — never in plain text)
Information Collected Automatically
- Device location (GPS) — requested only to surface nearby casino news; you may deny this at any time without affecting core functionality
- Short-lived authentication tokens stored locally on your device; these expire automatically and are cleared when you sign out
- Anonymized crash reports and error logs for diagnosing technical issues only — these contain no email, session data, or other personally identifiable information
Information We Do NOT Collect
- Payment card or banking information (all payments handled by Apple)
- Background location or location history
- Contacts, photos, microphone, or camera
- Social media profiles or third-party account data
2. How We Use Your Data
We use your information only for the following purposes:
- Authenticate you and maintain your account
- Display your session history, statistics, and year-over-year comparisons
- Calculate estimated IRS tax figures based on your logged sessions (informational only)
- Generate personalized casino news and AI-powered insights from your session history and approximate location
- Send transactional communications (e.g., password resets) — no marketing emails without explicit opt-in
- Diagnose technical issues and improve app performance
- Comply with applicable laws and legal obligations
We do not use your data for advertising, profiling, or automated decision-making that produces legal or similarly significant effects on you.
3. Data Sharing — We Do Not Sell Your Data
We do not sell, rent, trade, or broker your personal information to any third party, ever.
We share data only in these limited, necessary circumstances:
- Infrastructure providers: Supabase, Inc. (database and authentication) and Railway (backend hosting) process data on our behalf under strict confidentiality obligations.
- Subscription management: RevenueCat processes subscription status only. No session or tax data is shared with RevenueCat.
- AI services: OpenAI receives only publicly available news headlines already fetched from third-party RSS feeds. No user-identifying information, email addresses, session records, or financial data is ever sent to OpenAI.
- Legal compliance: We may disclose data if required by a valid court order, subpoena, or applicable law. We will notify you unless prohibited by law.
- Business transfer: In the event of a merger or acquisition, your data may transfer to the successor entity with advance notice and opportunity to delete your account.
4. Data Retention
We retain your account data and session records for as long as your account is active.
If you delete your account, all personal data — including your email, session history, and tax records — is permanently deleted from our systems within 30 days. Anonymized, aggregated statistics that cannot identify you may be retained for service improvement.
Authentication tokens on your device are cleared when you sign out. To request earlier deletion, contact us at privacy@chiplog.app.
5. Security
- All data transmitted between your device and our servers is encrypted using TLS
- Passwords are stored using industry-standard one-way hashing (bcrypt)
- Database access is protected by row-level security policies — only you can read your own session data
- Server infrastructure is hosted in SOC 2-compliant data centers
- Authentication tokens expire and are rotated automatically
No method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at support@chiplog.app.
6. Your Rights
- Access — request a copy of all personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request permanent deletion of your account and all associated data
- Portability — export your session data in CSV format (Premium feature)
- Restriction — request that we limit processing of your data
- Objection — object to processing based on legitimate interests
- Withdraw consent — revoke optional permissions (e.g., location) at any time in device Settings
To exercise any of these rights, contact us at privacy@chiplog.app. We will respond within 30 days.
7. Location Data
ChipLog requests foreground location access solely to identify nearby casinos for personalized news content. Location is never accessed in the background, never stored in our database, and never shared with third parties in identifiable form.
You can deny or revoke location permission at any time in your device's Settings app. The app remains fully functional without location access.
8. Third-Party Services
- Supabase — database and authentication (supabase.com/privacy)
- Railway — backend server hosting (railway.app/legal/privacy)
- OpenAI — receives only anonymized public headlines; no personal data (openai.com/policies/privacy-policy)
- RevenueCat — subscription management (revenuecat.com/privacy)
- Apple App Store — payment processing and app distribution (apple.com/legal/privacy)
9. Children's Privacy
ChipLog is intended strictly for adults of legal gambling age — minimum 18, and 21 in jurisdictions that require it.
We do not knowingly collect personal information from anyone under 18. If we discover that a minor has created an account, we will immediately delete all associated data. Contact us at privacy@chiplog.app if you believe a minor has provided us data.
10. California Privacy Rights (CCPA/CPRA)
We do not sell, share for cross-context behavioral advertising, or otherwise monetize your personal information — full stop.
California residents have the right to: know what personal information is collected; request deletion; opt out of the sale or sharing of personal information; correct inaccurate data; limit use of sensitive personal information; and not be discriminated against for exercising these rights.
To submit a CCPA request: privacy@chiplog.app
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by updating the "Last updated" date and, where appropriate, via an in-app notice. Continued use of the app after changes are posted constitutes your acceptance of the revised policy.