TableXP — Privacy Policy
Effective date: June 19, 2026
App: TableXP ("the App")
Provided by: Thomas Ross ("we", "us", "our")
Contact: tom@tablexp.app
TableXP lets you check in at real pool venues, log and confirm 8-ball matches, climb a rating, and see local leaderboards. This policy explains what personal information we collect, why, how we handle it, and the choices and rights you have. We follow Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Information we collect
a) Information you give us
- Account identity. You sign in with Apple or Google. From that sign-in we receive your name and email address, and a unique account identifier.
- Profile. Your first name, an optional leaderboard nickname, an optional profile photo, and optional social media handles (Instagram, TikTok, Snapchat, Facebook) you choose to add.
- Demographic information (optional). At sign-up we ask for your age range and gender. Answering is optional — you can choose "Prefer not to say." We use this only to understand our community and to view our usage analytics by demographic group. It is not shown to other players.
- Feedback. If you submit a bug report or feature idea, we collect the text you write, an optional contact (email or handle) if you provide one so we can reply, and basic device information (phone model, operating-system version, app version) to help us reproduce issues.
b) Information collected automatically when you use the App
- Location. With your permission, we use your device's GPS location to (i) confirm you are physically at a venue when you check in or log a match (this keeps ratings honest) and (ii) show pool venues near you. We use your location at the moment of these actions; we do not build or store a history of your movements. We store only which venue you are currently checked in to and the time of check-in.
- Activity / usage data. We record in-app activity such as check-ins, matches logged and confirmed, screen views, and shares. These records are tied to your pseudonymous account identifier and contain no contact information. We use them to operate the game (scores, leaderboards, streaks, achievements), to detect cheating/abuse, and to understand and improve the App.
- Device push token. If you enable notifications, we store the push token your device provides so we can send you notifications (e.g. when an opponent confirms a match). It is kept separate from your public profile.
c) Game and venue data
- Matches and ratings. The matches you log/confirm, scores, opponents, achievements, and venue check-ins are stored to provide the game and leaderboards.
- Venues you add. If you add a venue, it comes from a public Google Places business listing; we store the venue details and that you added it.
We do not collect payment information (the App is free), and we do not ask for your contacts, microphone, or photos beyond an optional profile picture you choose.
2. How we use your information
We use personal information only for these purposes:
- Run the App — sign-in, your profile, logging/confirming matches, ratings, leaderboards, check-ins, achievements, streaks, and referrals.
- Understand our community — the optional age range / gender you provide lets us see aggregate analytics by demographic group (e.g. which age ranges are most active). We do not use it to single you out.
- Verify fair play — confirm you are at the venue (location) and detect manipulation/abuse.
- Send notifications you've opted into.
- Respond to feedback you send us.
- Maintain, secure, and improve the App — diagnostics and pseudonymous usage analytics.
We do not sell your personal information. We do not use it for third-party advertising, and we do not track you across other companies' apps or websites.
3. Consent (PIPEDA)
We collect, use, and disclose your personal information with your consent. You give consent by creating an account and using the App, and—where the operating system asks—by granting specific permissions:
- Location permission is requested by your device before any location use; you can decline or revoke it in your device settings (some features, like checking in, won't work without it).
- Notifications permission is requested before we send any.
You can withdraw consent at any time by turning off these permissions, or by deleting your account (Section 7). Withdrawing some consents may limit features.
4. How we share information
We share personal information only with service providers who process it on our behalf to run the App, and only as needed:
- Google Firebase (Google LLC) — our backend: authentication, database, file storage, server functions, and notification delivery.
- Google Maps & Google Places — to show the map and let you search real venues.
- Apple / Google — to provide Sign in with Apple / Google sign-in.
- Expo (push notification service) — to relay notifications to Apple/Google delivery networks.
When you choose to share a card to Instagram, Facebook, or Snapchat, that action happens on your device through those apps; what you post is governed by their privacy policies.
We may also disclose information if required by law, to protect our rights or users' safety, or in connection with a business transfer—each consistent with PIPEDA.
5. Where your information is stored (cross-border)
Our service providers (notably Google Firebase) store and process data on servers located in the United States. This means your information may be transferred to, stored in, and processed in the United States, where it may be accessible to U.S. courts, law-enforcement, and regulatory authorities under U.S. law. By using the App you acknowledge this transfer. We use providers that contractually commit to protecting your information.
6. How long we keep it
We keep your account and profile information while your account is active. Pseudonymous usage-analytics and game records may be retained to operate and improve the App. When you delete your account, we remove your profile information as described below; some records (e.g. past match results) may be retained in an anonymized form that is no longer linked to you. Feedback you submit may be retained to track issues.
7. Your rights and choices
- Access & correction. You can view and edit your profile (name, nickname, photo, socials) in the App. To request a copy of, or correction to, other personal information we hold, contact us at tom@tablexp.app.
- Delete your account. In the App, go to Profile → Delete account. This permanently deletes your profile and personal identifiers; past matches are retained only as anonymous game records.
- Withdraw consent / permissions. Turn off Location or Notifications in your device settings at any time.
- Complaints. If you have a privacy concern, contact us first at tom@tablexp.app. You also have the right to complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca).
We respond to verified requests within the timeframes PIPEDA requires.
8. How we protect your information
We use industry-standard safeguards, including encryption in transit, authenticated access, and server-side security rules that keep sensitive data (contact details, push tokens, feedback, analytics) accessible only to our backend—not to other users. No method of transmission or storage is 100% secure, but we work to protect your information.
9. Children
TableXP is for users 13 and older and is not directed to children under 13 (or the minimum digital-consent age in your region). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, contact us and we will delete it. (Because the App centers on pool/bar venues, age-appropriate use is expected, and some venues may restrict entry by age under local law.)
10. Changes to this policy
We may update this policy as the App evolves. We will post the new version with a revised effective date and, for material changes, provide a more prominent notice in the App. Continued use after an update means you accept the revised policy.
11. Contact us
Questions, requests, or complaints about your privacy:
Thomas Ross — tom@tablexp.app
We are the party accountable for the personal information under our control (PIPEDA Principle 1 — Accountability).