Privacy Policy

Smartboard (“we”, “us”, “our”) operates the Smartboard card-game scoreboard application available at www.smartboard.games and on the iOS and Android app stores. This policy explains what personal information we collect, how we use it, who we share it with, and the choices you have.

We are based in Australia and Smartboard is operated subject to the Australian Privacy Act 1988 (Cth). If you are located in the EU/UK, we also honour the relevant rights under the GDPR and UK GDPR.

We collect the following categories of personal information:

• Account information you give us: name, email address, and (optionally) mobile number. You provide this at sign-up.
• Sign-in identifiers: if you sign in with Google, we receive your name and email from Google. If you set up biometric sign-in, your device stores a passkey credential; we store only the public-key portion needed to verify future sign-ins.
• Game and group data: playgroups you create or join, members of your playgroups, games you play, scores you enter, expenses you log, and settlements you confirm.
• Payment information: if you subscribe to Smartboard Pro, your payment is processed by Stripe. We receive only a subscription identifier and metadata (e.g. plan, current period end). We do NOT receive or store your card number.
• Usage and technical data: IP address, browser type, device type, approximate geographic region inferred from IP, and timestamps of significant actions in your account. Some of this is recorded in an audit log to detect abuse and help support requests.
• Help chat content: when you ask a question in the in-app help bubble, the text of your question is sent to Google Gemini (an AI service) to generate a response. We do not store chat transcripts on our servers; conversation history is kept on your device only.

We do not knowingly collect information from children under 13. If you are under 13, do not use Smartboard.

• To provide the Smartboard service: keep scores, track balances, settle expenses, and let you share scoreboards with your crew.
• To authenticate you securely and prevent unauthorised access.
• To process subscription payments via Stripe.
• To send transactional emails (sign-up confirmation, billing receipts, password resets, support replies). We do not send marketing emails without your explicit consent.
• To send in-app and push notifications you have opted into.
• To respond to your support questions and improve the service (in aggregate, non-identifying terms).
• To comply with legal obligations, enforce our terms, and respond to lawful requests from authorities.

Our lawful basis under the GDPR for processing this data is one or more of: (a) performance of our contract with you, (b) your consent (for notifications and any optional features), (c) our legitimate interests in operating and securing the service, and (d) compliance with legal obligations.

We use the following service providers to operate Smartboard. Each receives only the data necessary to perform its function and is bound by its own privacy commitments. We do not sell your data to anyone.

• Vercel — application hosting and edge network.
• Neon — managed PostgreSQL database where your account and game data are stored. Hosted in the AWS Sydney region.
• Pusher — real-time live-score updates.
• Stripe — payment processing. Stripe handles all card-data collection and storage; we never see your card number.
• Google — optional “Continue with Google” sign-in (Google Identity), and the Gemini API for the in-app help assistant.
• Resend — transactional email delivery.
• Apple Push Notification service / Firebase Cloud Messaging — push notifications to the mobile apps once they ship.

Some of these providers may store data in jurisdictions outside Australia (e.g. the United States or the European Union). By using Smartboard you consent to this transfer. Each provider is contractually committed to the security standards required by its home jurisdiction.

We retain personal information for as long as your account is active. When you delete your account (see Section 7), we delete or anonymise your account information within 30 days, except where we are required to retain certain records for tax, fraud-prevention, or legal-compliance reasons.

Game history within a playgroup is retained as long as the playgroup itself exists, so that other members' stats remain accurate. You can leave a playgroup at any time; the group keeps the history of games you played but your individual account is unlinked.

We use cookies that are strictly necessary for the service to work: authentication cookies that keep you signed in, and a small set of functional cookies that remember your active playgroup and your help chat visibility preference. We do not use third-party advertising, tracking, or analytics cookies. We do not run ad networks.

Your browser also stores small amounts of data locally (via localStorage) to remember the Quick Scoreboard state you have in progress and your active playgroup. You can clear this data at any time via your browser settings.

You have the right to:

• Access the personal information we hold about you — much of it is already visible in your account.
• Correct inaccurate personal information.
• Delete your account and associated personal information. Visit /delete-account while signed in, or email aditya.tadimalla@gmail.com from the address on your account and we will action this within 30 days.
• Object to specific uses of your data, including opting out of notifications at any time from your account settings.
• Receive a copy of your data in a portable format — write to us and we will provide a JSON export.
• Lodge a complaint with a privacy regulator. In Australia: the Office of the Australian Information Commissioner ( oaic.gov.au). In the EU/UK: your local Data Protection Authority.

We protect your data with industry-standard measures: TLS in transit, encryption at rest (Neon and Vercel), bcrypt password hashing, tenant-isolated database queries, and access controls that limit what each user can see. No system is perfectly secure; if we ever become aware of a breach affecting your data we will notify you promptly in line with applicable law.

We may update this policy from time to time. Material changes will be communicated by email and via an in-app notice at least 14 days before they take effect. The “Effective” date at the top of this page indicates when the current version was published.

Questions, requests, or complaints about this policy or our handling of your information: aditya.tadimalla@gmail.com.