myboker.org

Legal

Privacy Policy

Effective June 28, 2026. Owned and operated by Cedarline Digital.

1. Who we are

myboker.org is owned and operated by Cedarline Digital. "We," "us," and "our" refer to Cedarline Digital. By using myboker.org, you agree to the collection and use of information as described in this policy.

This policy is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and the BC Personal Information Protection Act (PIPA).

2. Information we collect

Account information

  • Your email address, required to create and verify your account.
  • Your password, stored exclusively as a one-way bcrypt hash. We never store or have access to your plaintext password.
  • Timestamps for account creation, email verification, and most recent login.

League and gameplay data

  • League names, descriptions, visibility settings (private or public), and configuration you create.
  • Player display names and optional notes within your leagues.
  • Session records: dates, labels, open/close timestamps, and session notes.
  • Ledger events: buy-ins, cash-outs, fronts, payouts, rollovers, debt repayments, and write-offs. All amounts are recorded in cents with a full append-only audit trail.
  • The account that created or voided each ledger event.

Membership data

  • Your role within each league you belong to (owner, manager, or viewer).
  • Which account invited you and when.

Support and operational data

  • Account status information such as whether an account is verified, disabled, or marked as a site administrator.
  • Aggregate operational metrics derived from existing records, such as user counts, active users, league counts, session counts, ledger event counts, voided event counts, and recorded ledger volume.
  • Support actions performed through internal tools, such as account email updates, password reset or temporary password emails, account disable/restore actions, league archive/restore actions, league deletion, and ownership transfers.

3. What we do not collect

  • Real names. Player display names are arbitrary labels chosen by league managers and are not required to correspond to real legal identities.
  • Payment information. We do not process, hold, or transfer money of any kind.
  • Location or GPS data.
  • Browser fingerprints or device identifiers.
  • Advertising IDs or third-party tracking identifiers.
  • Third-party analytics data. There are no third-party analytics scripts (no Google Analytics, Mixpanel, or similar) on myboker.org.

4. Cookies and transient data

We set one cookie: myboker_org_session. This is a functional authentication cookie that keeps you signed in. It contains only an encrypted reference to your session. We do not use advertising cookies, tracking cookies, or any third-party cookies.

Our rate-limiting system temporarily processes your IP address in memory to prevent abuse. IP addresses are not written to disk or retained once the request completes.

Password-reset and league-invitation links are cryptographically signed tokens that expire automatically (1 hour for resets, 7 days for invitations). They are stateless and not stored in our database.

5. How we use your information

  • To authenticate you and maintain a secure session.
  • To store and display your league, session, and player data to you and the members of your leagues.
  • To send transactional emails: account verification, password reset, and league invitations.
  • To enforce rate limits and protect the service from abuse.
  • To provide account and league support, including correcting account emails, helping with password recovery, disabling abusive or compromised accounts, transferring league ownership, and handling deletion requests.
  • To understand basic service health and usage through first-party aggregate metrics calculated from records already stored by the Service.

We do not sell, rent, share, or otherwise disclose your personal information to third parties for advertising or marketing purposes.

6. Internal administration

Authorized site administrators may use private internal tools to view account, league, session, membership, and ledger information when needed to operate the Service, respond to support requests, investigate abuse or security issues, correct account or league problems, and maintain service reliability.

Internal tools may display aggregate service metrics, including recorded ledger volume. Recorded ledger volume is a usage metric only. myboker.org does not process payments, hold money, transfer funds, or treat recorded ledger amounts as platform revenue.

7. Third-party services

We use a third-party SMTP provider to deliver transactional emails. This provider receives only the recipient email address and the message content required to deliver your email. No other personal data is shared with this provider.

We have no other third-party integrations, analytics platforms, or data processors.

Servers hosting myboker.org are located in North America (primarily Canada; potentially the United States). Data is not intentionally transferred to the European Union, though no geographic restriction is technically enforced at the network level.

8. Player display names

Player profiles in a league use display names set by the league manager. These names do not need to be real legal names; they are arbitrary labels for tracking purposes. All leagues are private by default, meaning player data is only visible to members of that specific league.

If you are a league manager adding players, you are responsible for ensuring that players whose results you track have agreed to participate in your league and have their results recorded.

9. Data retention and deletion

We retain your data for as long as your account is active. You have two options for removing your data:

  • Account deletion: available in account settings. This is immediate and permanent. Your account, all leagues you own, and all associated session history are irreversibly removed.
  • League deletion: league owners can permanently delete a league, which removes all its sessions, players, and ledger events. Archiving a league preserves data while hiding the league from active views.

Site administrators may disable accounts, restore accounts, archive leagues, restore leagues, transfer league ownership, or permanently delete accounts or leagues when needed for support, security, abuse prevention, or to complete a verified user request.

We do not have automated data expiry periods. Data remains until you delete it. As the user base grows, we may introduce formal retention policies and will update this policy accordingly.

10. Your rights

Under PIPEDA and BC PIPA, you have the right to:

  • Know what personal information we hold about you.
  • Request corrections to inaccurate information.
  • Request deletion of your personal information (fulfilled via in-app hard delete or by emailing us).
  • Withdraw consent, subject to legal or contractual limitations.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are a resident of the European Union, additional rights may apply under the GDPR. myboker.org is not specifically directed at EU residents, but we will honour GDPR deletion and access requests made in writing.

11. Age requirement

You must be at least 18 years old to create an account on myboker.org. By registering, you confirm you meet this requirement. If we become aware that an account was created by someone under 18, we will permanently delete that account.

12. Security

We apply standard security measures including encrypted connections (TLS in transit), bcrypt password hashing, CSRF protection, and rate limiting. No method of data transmission or storage is 100% secure. We cannot guarantee absolute security but take reasonable precautions to protect your information.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of myboker.org after changes are posted constitutes your acceptance of the revised policy.

14. Contact

Questions or requests regarding this policy:

Cedarline Digital
British Columbia, Canada
[email protected]