Privacy Policy

Last updated: 20 February 2026

1. Introduction

Two High Studio ("Company", "we", "us", or "our"), a company registered in the Isle of Man, is the data controller responsible for your personal data collected through the Your Poker application and the website at yourpoker.app (collectively, the "Service").

We are committed to protecting your privacy and handling your personal data in accordance with the Isle of Man Data Protection Act 2018, the EU General Data Protection Regulation (GDPR) as applied through the Isle of Man's data protection framework, and all other applicable data protection legislation.

This Privacy Policy explains what personal data we collect, how we use it, the legal bases for processing, your rights, and how to contact us with any questions or concerns.

2. What Data We Collect

Your Poker is a desktop application that is designed with privacy in mind. The vast majority of your data never leaves your device.

2.1 Data Stored Locally on Your Device

The following data is created and stored exclusively on your local device and is never transmitted to our servers:

  • Tournament configurations, structures, and settings
  • Player names, aliases, and seating assignments
  • Tournament results, chip counts, and payout records
  • League standings and historical statistics
  • Application preferences and custom themes

We do not have access to this data. You are solely responsible for maintaining backups and for the security of data stored on your device.

2.2 Data We Collect When You Use Our Website

When you visit our website at yourpoker.app, we may collect:

  • Log data: Your IP address, browser type and version, operating system, referring URL, pages visited, date and time of visit, and time spent on pages. This data is collected through standard web server logs.
  • Cookie data: We use essential cookies that are strictly necessary for the website to function. See Section 8 (Cookies) below for further details.

2.3 Data We Collect When You Create an Account or Purchase a Licence

If you create an account or purchase a paid licence, we collect:

  • Account information: Your name, email address, and chosen password (stored in hashed form)
  • Billing information: Payment method details are processed by our third-party payment processor and are not stored on our servers. We retain only a transaction reference, the amount paid, and the date of the transaction.
  • Licence information: Your licence tier, licence key, activation date, and subscription status

2.4 Data We Collect Through the Application

The desktop application may transmit limited data to our servers for the following purposes:

  • Licence validation: Your licence key and a device identifier are transmitted periodically to verify your licence status
  • Update checks: Your application version number and operating system are transmitted to check for available updates
  • Crash reports: If you opt in, anonymised crash reports may be sent to help us improve the application. These reports do not contain personal data or tournament data.

We process your personal data on the following legal bases under the GDPR:

  • Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Service to you, including account management, licence validation, and processing payments.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including improving our Service, ensuring security, preventing fraud, and analysing website usage. We have assessed that these interests are not overridden by your rights and freedoms.
  • Consent (Article 6(1)(a)): Where you have given explicit consent, for example when opting into crash reporting or marketing communications. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax and accounting requirements.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To provide, operate, and maintain the Service
  • To process your transactions and manage your subscription
  • To verify your licence and provide software updates
  • To communicate with you, including responding to support enquiries and sending service-related notices
  • To improve and develop the Service based on usage patterns and feedback
  • To detect, prevent, and address technical issues, fraud, or security breaches
  • To comply with legal obligations and enforce our Terms of Service
  • To send marketing communications, but only where you have given explicit consent

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your data only in the following limited circumstances:

  • Service providers: We engage trusted third-party service providers who process data on our behalf, including payment processors, hosting providers, and analytics services. These providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection law.
  • Legal requirements: We may disclose your data if required to do so by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your data.
  • Protection of rights: We may disclose data where we believe it is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations:

  • Account data: Retained for the duration of your account and for up to 12 months after account deletion to allow for reactivation and to resolve any outstanding issues.
  • Billing data: Retained for a minimum of 6 years after the transaction to comply with tax and accounting obligations under Isle of Man law.
  • Website log data: Retained for up to 90 days, after which it is automatically deleted or anonymised.
  • Licence validation data: Retained for the duration of your active licence and deleted within 30 days of licence expiry or cancellation.
  • Crash reports: Retained in anonymised form for up to 24 months for product improvement purposes.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

7. Your Rights

Under the GDPR and applicable Isle of Man data protection law, you have the following rights regarding your personal data:

  • Right of access (Article 15): You have the right to request a copy of the personal data we hold about you, together with information about how we process it.
  • Right to rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure (Article 17): You have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it. This right is not absolute and may be subject to legal obligations that require us to retain certain data.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, for example where you contest the accuracy of the data or object to our processing.
  • Right to data portability (Article 20): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to request that we transmit that data to another controller where technically feasible.
  • Right to object (Article 21): You have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Right not to be subject to automated decision-making: We do not make decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

To exercise any of these rights, please contact us at support@twohigh.studio. We will respond to your request within one month of receipt. In complex cases, we may extend this period by a further two months, and we will inform you of any such extension.

8. Cookies

Our website uses only essential cookies that are strictly necessary for the website to function correctly. These cookies:

  • Enable core website functionality such as page navigation and secure access
  • Remember your preferences within a single browsing session
  • Do not track you across other websites
  • Do not collect personal data for advertising purposes

Because these cookies are strictly necessary for the operation of the website, they do not require your consent under applicable cookie legislation. No third-party tracking cookies, advertising cookies, or analytics cookies that identify individual users are used on our website.

If we introduce non-essential cookies in the future, we will update this policy and implement an appropriate consent mechanism before deploying them.

9. Third-Party Services

We may use the following categories of third-party services to operate and improve the Service:

  • Payment processing: We use third-party payment processors to handle subscription payments. These processors have their own privacy policies governing the use of your payment information. We do not store your full payment card details.
  • Hosting and infrastructure: Our website and server infrastructure are hosted by third-party providers located in the European Economic Area (EEA) or in jurisdictions that provide an adequate level of data protection.
  • Email communications: We may use third-party email services to send transactional and, where you have consented, marketing emails.

All third-party service providers are selected for their commitment to data protection and are bound by data processing agreements that comply with GDPR requirements.

10. International Transfers

Your personal data is primarily processed within the Isle of Man and the European Economic Area (EEA). The Isle of Man has been recognised by the European Commission as providing an adequate level of data protection.

In the event that your personal data is transferred to a country outside the EEA that has not been deemed to provide an adequate level of data protection, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • Any other legally recognised transfer mechanism under the GDPR

You may request further information about the safeguards we have in place for international data transfers by contacting us at the details provided below.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and updates
  • Access controls limiting data access to authorised personnel only
  • Secure password hashing for account credentials

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with our legal obligations.

12. Children's Privacy

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that data promptly.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at support@twohigh.studio so that we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Post the revised policy on our website
  • Where appropriate, notify you by email or through the application

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of the Service after changes to this policy constitutes your acceptance of the revised policy.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

Two High Studio
Data Protection Enquiries
Isle of Man

Email: support@twohigh.studio

We aim to respond to all data protection enquiries within 48 hours and to resolve any concerns as promptly as possible.

15. Supervisory Authority

If you are not satisfied with our response to a data protection concern, or you believe that we are processing your personal data in a manner that is not in accordance with applicable law, you have the right to lodge a complaint with the relevant supervisory authority.

For residents of the Isle of Man or matters relating to our data processing activities, the relevant supervisory authority is:

Isle of Man Information Commissioner
P.O. Box 69
Douglas, Isle of Man
IM99 1EQ

Telephone: +44 1624 693260
Email: ask@inforights.im
Website: www.inforights.im

If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.