Privacy Policy

Effective date: 27 May 2026

1. Who we are

Chaos Hold'Em is operated by Chaos Hold'Em Ltd, 6945 Unit 108308, London, W1A 6US, United Kingdom ("we", "us", or "our"). We are the data controller for personal data collected through the Chaos Hold'Em app and the website at chaosholdem.com.

Contact for privacy matters: bonjour@chaosholdem.com.

2. Scope

This policy covers:

• The Chaos Hold'Em mobile and web app (iOS, Android, and the in-browser game client).
• The chaosholdem.com marketing website.

It applies to all users, including those in the United Kingdom and European Economic Area. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Data we collect

Email address

Collected when you create an account or sign in. We use your email to send you a one-time login code. It is your account identifier and is not made visible to other players.

Username

You may optionally choose a username after creating your account. Your username is visible to other players in the game. You can change it at any time in your profile settings.

Gameplay data

We store data required to operate the game, including:

• Your virtual Chaos Orb inventory (earned through gameplay).
• Game and table history (the sequence of actions in completed games).
• In-game notifications, such as reward alerts, which are automatically deleted approximately 24 hours after delivery.

Chips and Orbs are virtual and carry no monetary value — see our Terms & Conditions.

Technical and usage data — app (via New Relic)

We use New Relic, a third-party application performance monitoring service, in the Chaos Hold'Em app. New Relic collects information including:

• App interactions, screen navigation, and session events.
• Crash reports and error diagnostics.
• Network request metadata and device and app version information.

This data is used to monitor app stability, investigate bugs, and improve performance. It is processed by New Relic on our behalf under a data-processing agreement. New Relic may process this data outside the UK and EEA — see section 8 on international transfers.

Website data — chaosholdem.com (via New Relic and cookies)

The chaosholdem.com marketing website uses the New Relic Browser agent, which sets cookies on your device to collect page interaction and performance data. This data helps us monitor the health of the website and is not used for advertising or sold to third parties.

4. Cookies

The Chaos Hold'Em marketing website (chaosholdem.com) uses cookies placed by New Relic for website performance monitoring. These are first-party-style operational cookies; they are not advertising cookies and do not track you across other websites.

The in-app game client does not use advertising cookies.

Most browsers let you manage or disable cookies in their settings. Disabling New Relic cookies may affect our ability to detect and respond to website performance issues but will not prevent you from using the site or the game.

5. How and why we use your data

We process your personal data on the following lawful bases under UK GDPR:

Performance of contract

We need your email to create your account, send login codes, and authenticate you. We need your gameplay data to operate the game. Without this we cannot provide the service.

Legitimate interests

We process technical and usage data to monitor service stability, investigate bugs, detect abuse, prevent cheating, and improve the game. We have assessed that these interests are not overridden by your rights and freedoms; we use aggregated or pseudonymous data where possible and you can contact us to discuss any concerns.

Legal obligations

We may process or retain data where required to comply with applicable law.

6. Who we share data with

We do not sell your personal data. We share data only with the following processors acting on our behalf:

Amazon Web Services (AWS)

• AWS SES (Simple Email Service, region: eu-west-1) — used to send your one-time login code to your email address.
• AWS S3 (region: eu-west-1) — used to store game and table history records.
• AWS Secrets Manager — used to store our system's signing keys securely.

AWS processes data under a Data Processing Addendum consistent with UK GDPR requirements.

New Relic

New Relic collects app performance and diagnostic data (mobile SDK) and website monitoring data (browser agent with cookies), as described in sections 3 and 4. Data is processed under a data-processing agreement.

App stores (future purchases)

If we introduce in-app purchases, transactions will be processed by Apple (App Store) or Google (Google Play) under their own privacy policies. We do not receive your full payment card details.

Legal and safety disclosures

We may disclose data if required by law, court order, or to protect the rights or safety of our users or the public.

7. International transfers

We are based in the United Kingdom and aim to keep data within the UK and EEA where possible. Our AWS infrastructure runs in the eu-west-1 region (Ireland, EEA). However, New Relic may transfer and process data in the United States and other countries. Where data is transferred outside the UK/EEA, it is protected by appropriate safeguards (such as the UK International Data Transfer Agreement or Standard Contractual Clauses). You can request more information about these safeguards by contacting us.

8. How long we keep your data

• Account and email: kept for as long as your account is active. On account closure or deletion request, we will delete your account data within a reasonable period.
• Login codes: short-lived and expire automatically; they are not retained in logs after expiry.
• In-game notifications: automatically deleted approximately 24 hours after delivery.
• Game history and Orb inventory: retained while your account is active and deleted with your account.
• Diagnostic data (New Relic): subject to New Relic's own retention policies.

9. Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Session tokens expire and are stored securely. Login codes are single-use and short-lived. However, no system is completely secure; we encourage you to keep your device and email account protected.

10. Children

Chaos Hold'Em is intended for users aged 13 and over. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has created an account, please contact us at bonjour@chaosholdem.com and we will investigate and delete the account promptly.

11. Your rights

Under UK GDPR you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your data in certain circumstances.
• Restriction: ask us to restrict processing while a dispute is resolved.
• Portability: receive your data in a structured, machine-readable format where processing is based on consent or contract.
• Objection: object to processing based on legitimate interests.

To exercise any of these rights, email us at bonjour@chaosholdem.com. We will respond within one month. There is no charge for making a request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk, 0303 123 1113.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes where reasonably practicable (for example, via an in-app notice). The effective date at the top of this page will be updated when we make changes. Continued use of the game or website after an update constitutes acceptance of the revised policy.

13. Contact us

For any privacy-related questions, requests, or concerns:

• Email: bonjour@chaosholdem.com
• Postal address: Chaos Hold'Em Ltd, 6945 Unit 108308, London, W1A 6US, United Kingdom

Also see our Terms & Conditions.