Privacy Policy

Pocko is designed with privacy in mind. We collect the minimum data necessary to operate the Service. This policy explains what we collect, how we use it, and your rights regarding that data.

Session data. When you create or join a session, we store a session name, the card values you choose, and participant votes in-memory (and optionally in Redis). This data is ephemeral and is deleted when the session is closed or expires after 24 hours.

Display name.The name you enter to join a session is stored in your browser's localStorage under the key velo-user-name. It is never sent to our servers outside of an active session.

Google profile (optional). If you sign in with Google One Tap, we receive your first name and profile picture URL from Google's API. These are used only to display your avatar to other session participants and are not stored beyond the session lifetime.

Webhook URLs. If you configure Slack or Microsoft Teams integrations, the webhook URL you provide is stored in Redis. It is used solely to send session notifications to your channel.

• We do not require account registration or email addresses.
• We do not use advertising trackers or sell data to third parties.
• We do not store payment information (all billing is handled by our payment processor).
• We do not use cookies beyond those strictly necessary to operate the Service.

Google Identity Services. If you use Google One Tap, your sign-in is processed by Google. Refer to Google's Privacy Policy for details.

Redis Labs (Upstash/RedisLabs). Session state and integration settings may be persisted in a managed Redis instance. Data is encrypted at rest and in transit.

Vercel. The Service is hosted on Vercel, which may collect server logs including IP addresses for security and performance purposes. See Vercel's Privacy Policy.

Session data is automatically deleted after 24 hours of inactivity. Webhook URLs are retained until you explicitly disconnect the integration. Browser-local data (display name, picture URL) persists until you clear your browser storage.

You may clear your personal data at any time by clearing your browser's localStorage. To request deletion of webhook configuration data stored on our servers, contact us via the GitHub issue tracker.

If you are located in the European Economic Area (EEA), you have rights under the GDPR including access, rectification, erasure, and data portability. Please contact us to exercise these rights.

We take reasonable measures to protect the data we process, including TLS encryption for data in transit and encrypted storage for data at rest. However, no method of transmission over the internet is completely secure.

We may update this Privacy Policy from time to time. The “last updated” date at the top of this page will reflect any changes. Continued use of the Service after changes constitutes acceptance of the revised policy.

For privacy-related questions, please open an issue on our GitHub repository.