Privacy Policy

Effective Date: June 9, 2026

Sullivan Technology LLC, doing business as LiveHands (“LiveHands,” “we,” “us,” or “our”), operates the LiveHands mobile application (the “App”) and the website located at livehandsapp.com (the “Website,” and together with the App, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

Sullivan Technology LLC, d/b/a LiveHands, is the controller of personal information processed under this Privacy Policy, except where a third-party service provider independently determines its own processing purposes as described in Section 3.

By accessing or using the Service, you acknowledge that your information will be collected, used, and disclosed as described in this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not access or use the Service.


1. Information We Collect

1.1 Information You Provide

  • Account Information. When you create an account, we collect your name and email address. If you sign in through Apple or Google, we receive the information you authorize those services to share (typically your name and email address).
  • Hand History Data. When you use the App to log poker hands, we collect the hand data you input, including game details, player actions, and outcomes (“Hand Data”).
  • Support Communications. If you contact us for support, we collect the information you provide in your communications with us, which may include your name, email address, and any details you choose to share about your issue.

1.2 Information Collected Automatically

  • Device and Technical Information. We collect device identifiers, device model, operating system type and version, app version, language and locale settings, and timezone to provide and improve the Service and to diagnose technical issues. Some of this information may be collected by integrated third-party tools as described in Section 3.
  • Usage Analytics. We use third-party analytics tools to collect information about how you interact with the App and the Website, such as screens viewed, pages visited, features used, session duration, and interaction patterns. These tools may collect device identifiers, browser information, or other technical metadata as part of their standard operation (see Section 3).
  • Crash and Performance Data. We use third-party crash reporting tools to collect crash reports, error logs, and performance diagnostics. These reports may include device state, stack traces, and technical metadata present at the time of an error.
  • Network and Connection Information. Our service providers may process your IP address as part of delivering the Service. We do not intentionally log or store IP addresses, but they may be recorded in server logs or vendor systems as part of standard internet communication.

1.3 Information We Do Not Intentionally Collect

  • Precise Location Data. We do not intentionally collect GPS coordinates, precise geolocation, or fine-grained location data. However, some technical information collected automatically (such as IP address, timezone, or device locale) may indicate a general geographic region.
  • Payment Card Information. We do not directly collect or store your payment card details. Subscription payments are processed by the Apple App Store or Google Play Store. We may receive limited subscription-related information from the applicable store (such as subscription status, transaction identifiers, or receipt validation data) as needed to verify and manage your access to the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, maintaining, and improving the Service, including syncing your Hand Data across devices;
  • Processing your account registration and managing your subscription status;
  • Verifying subscription eligibility and managing access to paid features;
  • Sending transactional emails related to your account, such as password resets, subscription confirmations, and service updates;
  • Diagnosing technical issues, monitoring app performance, and analyzing usage trends to improve the App and the Website;
  • Creating aggregated and de-identified datasets as described in Section 5;
  • Maintaining the security and integrity of the Service; and
  • Responding to your support inquiries and communicating with you about the Service.

3. Third-Party Service Providers

We use third-party service providers to help operate and improve the Service. We share information with these providers as necessary for them to perform services on our behalf. The categories of providers we currently use, and the types of data involved, are described below.

ProviderPurposeData Involved
SupabaseAuthentication, database, cloud syncAccount information, Hand Data, authentication tokens
Apple / GoogleAuthentication, subscription billing and verificationAccount information, subscription status, transaction data
RevenueCatSubscription management and entitlement verificationApp user identifiers, subscription status, transaction identifiers, device identifiers
Google Firebase CrashlyticsCrash reporting and diagnosticsDevice identifiers, crash logs, device state, app version
MixpanelApp usage analyticsDevice identifiers, usage events, technical metadata
Google AnalyticsWebsite analyticsIP address (truncated), browser and device information, pages visited, referral source, cookies
ResendTransactional email deliveryEmail address, message content
Google DriveOptional hand history export (user-initiated). LiveHands requests access only to files it creates in your Drive.Hand Data (only when you choose to export)

These service providers process information on our behalf and are expected to use it only for the purposes for which it was provided. Each provider’s own privacy practices are governed by their respective privacy policies. We encourage you to review the privacy policies of these providers if you have questions about their data practices.

The providers listed above reflect the categories of service providers we currently use. We may change or add service providers from time to time. We will update this Privacy Policy as appropriate to reflect material changes in our data practices.

We do not sell your personal information to third parties. We do not share your personal information with advertising networks or data brokers.


4. Data Storage, Security, and Sync

Your Hand Data is stored locally on your device. When you are signed in, your Hand Data is also synced to our cloud infrastructure hosted by Supabase. Cloud sync is intended to support access and continuity across sessions and devices, but it is not a guaranteed backup or data recovery service.

We may maintain backup or disaster recovery copies of data as part of our normal operational and security practices. These backups exist for business continuity and infrastructure resilience purposes. We do not guarantee that individual user data can be restored from backups in every circumstance, and backup copies are not a user-facing feature of the Service.

We implement reasonable technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, row-level security on database tables, and secure authentication protocols.

No method of electronic storage or transmission over the internet is completely secure. While we strive to protect your information, we cannot guarantee absolute security.


5. Aggregated and De-Identified Data

We may create aggregated or de-identified datasets derived from Hand Data. “Aggregated data” refers to information that has been combined across multiple users so that it reflects population-level patterns rather than individual activity. “De-identified data” refers to information from which personal identifiers have been removed or modified so that the data does not identify and is not reasonably linkable to any individual user.

We take reasonable measures designed to de-identify data and reduce the likelihood of re-identification. Such datasets may include statistical, analytical, benchmarking, research, and other derived insights generated from use of the Service across user populations.

LiveHands owns all aggregated and de-identified data and may use, analyze, publish, license, or sell it for any lawful purpose, including research, product improvement, benchmarking, and other commercial purposes. We do not attempt to re-identify de-identified data, and we contractually require any third parties who receive such data to refrain from attempting re-identification.


6. Data Retention and Deletion

6.1 Active Accounts

We retain your account information and Hand Data for as long as your account is active or as needed to provide the Service.

If your subscription ends but you do not delete your account, your account and associated data will be retained in accordance with this section. You may lose access to certain paid features, but your data will not be deleted solely because your subscription has lapsed.

6.2 Account Deletion

You may request deletion of your account by contacting us at [email protected]. Upon receiving and verifying a valid deletion request, we will delete your personal information and Hand Data from our active systems within 30 days.

Residual copies of your data may persist in our backup or disaster recovery systems for a limited period following deletion from active systems, consistent with our normal backup retention cycles. These residual copies are not accessible to you or used for any purpose other than system recovery, and they are overwritten or purged in the ordinary course of backup operations.

We recommend using the App’s built-in export features to save your Hand Data before requesting account deletion, as we are unable to restore deleted data.

6.3 Exceptions to Deletion

We may retain limited information after account deletion where required to comply with legal obligations, resolve disputes, enforce our agreements, prevent fraud, or address security concerns. Any such retained information will be limited to what is necessary for the applicable purpose.

6.4 Aggregated and De-Identified Data

Aggregated and de-identified data (as described in Section 5) is not subject to deletion requests, as it does not identify and is not reasonably linkable to any individual user. Such data may be retained indefinitely.


7. Your Rights and Choices

7.1 Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. These may include the right to:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Request that we correct inaccurate or incomplete information.
  • Deletion. Request that we delete your personal information and account, subject to the exceptions described in Section 6.3.
  • Data Portability. Export your Hand Data using the App’s built-in export features.
  • Opt Out of Analytics. Request that we limit analytics collection associated with your account, where technically feasible. Note that certain device-level or system-level data collection by third-party tools may not be fully controllable on a per-account basis.

If you are located in the European Economic Area or the United Kingdom, additional rights may apply to you as described in Section 12.

7.2 How to Submit a Request

To exercise any of these rights, please contact us at [email protected]. Please include sufficient information for us to verify your identity and understand the nature of your request (for example, the email address associated with your account).

7.3 Verification

We may need to verify your identity before processing your request. We will typically do so by confirming information associated with your account, such as your email address. We will not fulfill requests if we are unable to verify that the requestor is the account holder or an authorized representative.

7.4 Authorized Agents

If applicable law permits, you may designate an authorized agent to submit a privacy request on your behalf. We may require the agent to provide written authorization from you and may require you to verify your identity directly with us.

7.5 Response Timing

We will respond to your request within 30 days, or notify you if additional time is needed.

7.6 Right to Appeal

If we decline a privacy request, we will explain the basis for our decision. Where required by applicable law, you may appeal our decision by contacting us at [email protected] with a description of why you believe the request should be reconsidered.

7.7 Limitations

Certain rights may be limited by applicable law or by our need to comply with legal obligations, prevent fraud, maintain security, complete pending transactions, or enforce our agreements. We will inform you if any such limitation applies to your request.


8. International Data Transfers

The Service is operated from the United States. Your information may be transferred to, stored, and processed in the United States and in other countries where LiveHands or its service providers operate. Data protection laws in these countries may differ from those in your country of residence.

Where required by applicable law, we rely on recognized transfer mechanisms or appropriate safeguards for cross-border transfers of personal information. These may include contractual protections adopted by our service providers or other lawful transfer mechanisms available under applicable data protection law.

If you have questions about international transfers of your information, please contact us at [email protected].


9. Minors

The Service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe someone under 18 has provided us with personal information, please contact us at [email protected].


10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law.

For material changes — such as changes to the categories of data we collect, the purposes for which we use data, or the rights available to you — we will provide notice by posting the updated policy within the App or on our Website, updating the “Effective Date” above, and, where practicable, notifying you by email or through an in-app notification.

For non-material changes — such as formatting updates, typographical corrections, or minor clarifications that do not alter the substance of our practices — we may update the policy without additional notice beyond revising the “Effective Date.”

If you continue to use the Service after the effective date of any changes, the updated Privacy Policy will apply to your use going forward. If you do not agree with the revised policy, you should discontinue use of the Service.


11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Sullivan Technology LLC, d/b/a LiveHands
Email: [email protected]
Website: https://livehandsapp.com


12. Additional Information for EEA and UK Users

This section provides additional information for users located in the European Economic Area (“EEA”) and the United Kingdom (“UK”). It supplements the rest of this Privacy Policy and addresses transparency requirements under the General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”).

12.1 Data Controller

Sullivan Technology LLC, doing business as LiveHands, is the controller of your personal information as described in this Privacy Policy. Our contact details are provided in Section 11.

12.2 EU and UK Representatives

In accordance with Article 27 of the GDPR and Article 27 of the UK GDPR, we have appointed representatives in the European Union and the United Kingdom. If you are located in the EU or UK and have questions or concerns regarding your personal data, you may contact our appointed GDPR representative:

EU Representative:
Euverify Ltd (Ireland)
Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23 AT2P, Ireland
Email: [email protected]

UK Representative:
Euverify Ltd (UK)
3rd Floor, 86-90 Paul Street, London, EC2A 4NE, United Kingdom
Email: [email protected]

You may also submit a data subject access request, data deletion request, or other GDPR-related inquiry through our representative’s secure portal at: https://gdpr.euverify.com/verify/4623318c-fe16-4e36-a814-2e6d04e02970

12.3 Lawful Bases for Processing

Under the GDPR and UK GDPR, we process your personal information on the following lawful bases:

Processing PurposeCategories of DataLawful Basis
Creating and managing your account; providing the Service, including syncing Hand Data; managing subscriptions and access to paid features; enabling exportsAccount information, Hand Data, subscription dataPerformance of a contract — necessary to provide the Service you have signed up for
Sending transactional emails (password resets, subscription confirmations, service updates)Email address, message contentPerformance of a contract
Diagnosing technical issues; crash reporting and performance monitoringDevice and technical information, crash logsLegitimate interests — maintaining service reliability and diagnosing errors
App usage analytics and service improvementDevice identifiers, usage events, technical metadataLegitimate interests — understanding how the App is used so we can improve it
Website analyticsIP address (truncated), browser and device information, pages visited, referral source, cookiesLegitimate interests — understanding how the Website is used so we can improve it
Maintaining security and preventing fraudAccount information, device and technical informationLegitimate interests — protecting the Service and our users
Creating aggregated and de-identified datasets (Section 5)Hand Data (de-identified)Legitimate interests — product improvement, research, and commercial uses as described in Section 5
Responding to your support inquiriesAccount information, support communicationsPerformance of a contract; legitimate interests — providing customer support
Retaining data to comply with legal obligations, resolve disputes, or enforce agreementsAccount information, limited transaction dataCompliance with a legal obligation
Optional Google Drive export (user-initiated)Hand DataPerformance of a contract — carrying out a feature you have requested as part of the Service

Where we rely on legitimate interests, we have assessed that our interests in operating, securing, and improving the Service are not overridden by your rights and freedoms, taking into account the nature of the data processed (which does not include special category data), the expectations of our users, and the safeguards we apply.

12.4 Your Rights Under the GDPR and UK GDPR

In addition to the rights described in Section 7, and subject to applicable law and exceptions, if you are located in the EEA or UK you may also have the right to:

  • Restrict processing. Request that we restrict the processing of your personal information in certain circumstances, such as while we verify the accuracy of your data or assess an objection you have raised.
  • Object to processing. Object to our processing of your personal information where we rely on legitimate interests as the lawful basis. We will consider your objection and, unless we have compelling legitimate grounds that override your interests, we will cease the processing you have objected to.
  • Withdraw consent. Where we process your personal information based on your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal.
  • Lodge a complaint. You have the right to lodge a complaint with the data protection supervisory authority in the country where you live, where you work, or where you believe a violation of your data protection rights has occurred.

To exercise any of these rights, please contact us using the details provided in Section 11, or contact our EU or UK representative as described in Section 12.2.

12.5 International Transfers

As described in Section 8, your personal information is transferred to and processed in the United States. The United States may not provide the same level of data protection as your country of residence. Where required by the GDPR or UK GDPR, we rely on recognized transfer mechanisms or appropriate safeguards to ensure that your personal information receives an adequate level of protection when transferred outside the EEA or UK. These may include standard contractual clauses or other lawful transfer mechanisms adopted by our service providers.

If you have questions about the safeguards applied to international transfers of your data, please contact us at [email protected].

12.6 Data Retention

We retain your personal information as described in Section 6. We do not retain personal information for longer than is necessary for the purposes for which it was collected, except where retention is required by law, necessary to resolve disputes, or needed to enforce our agreements.