Privacy Policy
1. Controller
Webfix Studios
Owner: Nadir Faour
Auf der Reide 108
40468 Düsseldorf
Germany
Email: kontakt@webfix-studios.de
Game support: support@neon-poker.com
Website: https://neon-poker.com/
2. Hosting and server log files
The website, domain, and server-side game data are hosted by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. When the website is accessed, technically necessary log data such as IP address, time, requested file, referrer, browser, operating system, and HTTP status may be processed. Processing is necessary to provide the service, maintain stability, analyze errors, and prevent misuse on the basis of Article 6(1)(f) GDPR. ALL-INKL.COM processes the data as a processor in connection with web hosting.
3. Player account and sign-in
During registration and use, we process in particular the player name, email address, password stored exclusively as a hash, selected profile image, language, session data, and optional profile settings. When email verification is enabled, verification and password-reset codes are also processed. The legal basis is Article 6(1)(b) GDPR for providing the requested account and game service.
4. Game progress and virtual goods
Stored data includes virtual chips and gold, level and XP, statistics, inventory, purchased or gifted items, friendships, guilds, redeem codes, referral assignments, and settings. Processing is required to provide the account and the expressly used features on a persistent basis.
5. Multiplayer, tables, and presence
For poker, blackjack, and roulette, table assignments, seats, bets, cards or game actions, round events, timestamps, and short-term presence data are processed. Heartbeats detect closed tabs and connection losses so that abandoned seats can be removed and resources released. The legal basis is Article 6(1)(b) GDPR; security and stability measures are additionally based on Article 6(1)(f) GDPR.
6. Chats, reports, and moderation
Messages in friend and table chats, player reports, support requests, moderation actions, and internal processing notes may be stored. This data is used for communication, handling reports, enforcing game rules, and preventing misuse. Chat and activity logs may be viewed by authorized developers or moderators and deleted in accordance with the retention periods configured in the Developer Center.
7. Security and anti-cheat system
The system may flag unusual game, account, or chat activity using technical rules. Depending on the Developer settings, a player may be temporarily excluded from tables; any broader account action should be reviewed by an authorized person. No decision based solely on automated processing with legal or similarly significant effects within the meaning of Article 22 GDPR takes place.
8. Public profiles and leaderboard
Player name, profile image, level, and virtual chip values may be displayed in public profiles and on the leaderboard. Bots may be labeled separately or hidden. Do not use your real name if you do not want it displayed publicly.
9. Support, email, player reports, and abuse prevention
For support requests, password resets, suspension notices, and player reports, the supplied contact data, subject, message, category, timestamps, and processing status are handled. The support form uses local server-side abuse protection: a hidden honeypot, a minimum completion time, hashed-IP rate limits, and a temporary hash of identical submissions. Rate-limit and duplicate records are deleted automatically after their protection periods. Email is currently sent through the hosting provider ALL-INKL.COM. Processing is carried out to handle the request and protect the service under Article 6(1)(b) or (f) GDPR.
10. Cookies, local storage, and consent settings
A technically necessary PHP session is used for sign-in. The session cookie is required for account and multiplayer functions. The browser may also store technically necessary settings such as language, dismissed notices, the daily wheel, interface state, and the selected privacy preference. Optional Google reCAPTCHA is not loaded before the user allows it in the privacy settings. Consent can be changed at any time through the “Cookie settings” link in the footer. Necessary storage is based on Article 6(1)(b) or (f) GDPR and Section 25(2)(2) TDDDG; optional reCAPTCHA is based on consent under Article 6(1)(a) GDPR and Section 25(1) TDDDG.
11. Google reCAPTCHA
When configured by the operator and allowed by the user, Google reCAPTCHA may be loaded on the support form to distinguish human submissions from automated abuse. The browser then connects to Google servers, and technical data such as IP address, browser information, device information, interaction data, and cookies or similar identifiers may be processed by Google. The reCAPTCHA response is verified by the Neon Poker server. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google may process data in third countries. When reCAPTCHA keys are configured, completing reCAPTCHA is required for the support form by default; the operator can explicitly configure it as optional.
12. No analytics, advertising, or payment services
No analytics or marketing services, advertising networks, external fonts, or payment services are integrated. Google reCAPTCHA is used only for support-form abuse protection after consent, when configured. No marketing cookies are set.
13. Children and young people
The service is not specifically directed at children. Neon Poker uses virtual values only, provides no payout, and offers no paid chances of winning or cash or non-cash prizes. No specific age restriction is currently configured. If future processing is based on consent under Article 6(1)(a) GDPR and the service is offered directly to children, the requirements of Article 8 GDPR apply; in Germany, independent consent is generally possible from the age of 16.
14. Backups and retention
Automatic backups are created for recovery purposes. Under the current configuration, up to 30 daily backups are retained and older backups are deleted automatically. Account data is stored until the account is deleted. Support and security data is retained only for as long as handling, evidence, service protection, or statutory obligations require.
15. Recipients and international transfers
Recipients are authorized persons involved in operation and moderation as well as ALL-INKL.COM as the technically necessary hosting and email provider. If Google reCAPTCHA is enabled with consent, Google may receive the technical data described above and process it in third countries. Apart from this optional service, no transfer to a third country is currently planned. If further external analytics, advertising, payment, cloud, or email services are added later, this policy must be updated before they are used.
16. Your rights
Subject to the statutory requirements, you have rights to access, rectification, erasure, restriction, data portability, and objection. Consent may be withdrawn with future effect. To exercise your rights, send a message to kontakt@webfix-studios.de.
17. Right to lodge a complaint
You may lodge a complaint with a data-protection supervisory authority. For the registered office in Düsseldorf, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestraße 2–4, 40213 Düsseldorf, is particularly relevant.
18. Changes
This privacy policy will be updated when features, service providers, or legal requirements change.