Privacy Policy

Effective: 18 May 2026

1. Introduction

Bridge Base On Line, LLC (“Bridge Base Online”, “BBO”, “we”, “us”, “our”) and its family of websites and mobile applications (the “BBO Properties”) promote the game of bridge throughout the world, providing free and premium/fee-based bridge games, contests, sanctioned tournaments, and other services (collectively the “Services”). 

BBO respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use BBO Properties.

Access to this Privacy Policy is provided at the time of account registration, and users are encouraged to review it before creating a BBO account.

This Policy applies only to BBO Properties. It does not cover third-party sites or services we do not control.

Need to contact us? privacy@bridgebase.com or Bridge Base On Line, LLC – 9030 W. Sahara Avenue #710 – Las Vegas, NV 89117 – USA.

2. Summary: Notice at Collection

We collect the following personal information for the purposes and retention periods shown below.

We do not knowingly collect data from children under 13. Our Services are for users 18 and older.

Category Examples Purpose (why we use it) Retention
Identifiers Username, email, IP address, device IDs Account creation, login, gameplay, security, fraud prevention Life of account + up to 3 years after closure/inactivity
Contact Info Name, address, phone (if you make purchases or contact support) Purchases, support communications, account recovery 7 years (accounting/legal)
Payment Info Card details (processed by payment providers) Purchases (e.g., BB$, subscriptions) Not stored by BBO (tokenized by provider)
Gameplay & Integrity Hands played, results, table events, Bridge Organization IDs; anti-cheat signals Rankings, tournaments, fair play and rules enforcement As needed for historical records & integrity (see §10)
Communications Public & private chats, support tickets Community features, moderation, safety Typically, 2 years (longer if under review)
Profile Country, skill level, avatar/photo, bio Display to other players and matchmaking Until deletion or account closure
Device/Technical Browser/OS, cookies, crash logs Functionality, analytics, security Logs ~100 days; security logs may be longer
Marketing Preferences Newsletter opt-in/out, channels Send/stop marketing Until opt-out
Eligibility Data Name, Date of birth, gender, country, membership number, master point balance (received from Bridge Organizations) Verify eligibility for restricted events; not used for any other purpose Duration of Event + Up to 3 years for integrity records

Legal Basis for Processing (for EEA/UK/Swiss Users)

Where we process personal information, our legal bases under the GDPR/UK GDPR include:

  • Legal Obligations (Art. 6(1)(c)) – to comply with accounting, tax, anti-fraud, and regulatory requirements.
  • Contract (Art. 6(1)(b)) – to provide our Services, including account management, gameplay, purchases, and support.
  • Legitimate Interests (Art. 6(1)(f)) – to secure our Services, prevent cheating/fraud, maintain fair play, conduct analytics, and preserve historical records.
  • Consent (Art. 6(1)(a)) – where required for optional features (e.g., marketing communications, use of cookies/SDKs for targeted advertising).

3. Sources of Personal Information

  • You (account registration, profile, chats, gameplay, purchases, support).
  • Your device (cookies, SDKs, telemetry, crash logs).
  • Payment processors (confirmation and tokens; we do not store full card numbers).
  • Advertising/analytics partners (limited identifiers; see §8).
  • The American Contract Bridge League (ACBL) and other bridge organizations (see §6).
  • Other users (reports and integrity flags).

4. How We Use Personal Information

  • Provide, personalize, and operate the Services.
  • Authenticate and secure accounts; prevent fraud/cheating.
  • Process purchases and manage BB$ (virtual in-game currency).
  • Operate tournaments, leaderboards, results, and eligibility checks.
  • Moderate chats and enforce Terms of Service and game rules.
  • Communicate about updates, features, promotions (with your preferences).
  • Perform analytics, improve performance, and fix bugs.
  • Comply with legal obligations and cooperate with lawful requests.

5. Disclosures of Personal Information

We disclose personal information to:

  • Service providers (hosting, payments, customer support, analytics and others) under contracts that limit their use to our instructions. For integrity analysis providers engaged by Bridge Organizations, see §6.5.
  • Advertising/analytics partners (limited identifiers; see §8 and your choices in §9).
  • Tournament organizers and bridge bodies (see §6).
  • Law enforcement/regulators, when legally required, or to protect the users and BBO.
  • Corporate affiliates/successors in case of merger, acquisition, or reorganization.

We do not sell personal information for money. Some states treat certain ad/analytics disclosures as “sharing” for targeted advertising—see Your Choices (§9).

6. Bridge Organization Data

BBO cooperates with the American Contract Bridge League (ACBL) and other Zonal/National Bridge Organizations (collectively, "Bridge Organizations") for several interconnected purposes. This section describes each purpose, the data involved, the legal basis by which the data is processed and the safeguards in place.

6.1 Eligibility Verification for Restricted Events

Certain games, tournaments or competitions sanctioned by Bridge Organizations ("Events") are restricted by gender, age, country of eligibility, or master point holding. To operate these Events lawfully and fairly, BBO receives eligibility data from Bridge Organizations and uses it solely to verify whether a player qualifies to participate.

Data received from Bridge Organizations for this purpose:

  • Name and Bridge Organization membership code
  • Date of birth (for age-restricted Events, e.g., junior or senior categories)
  • Gender (for gender-restricted Events, e.g., women's or mixed Events)
  • Country of eligibility or residence (for country-restricted Events)
  • Current master point total (for master point-restricted Events)

How we use it: We use this data exclusively to perform the eligibility check at the time of Event registration. It is not used for profiling, marketing, or any other secondary purpose.

Legal basis: Contract necessity (Art. 6(1)(b) GDPR) to perform the agreement between BBO and the player to access a specific Event, and legitimate interests (Art. 6(1)(f) GDPR) in ensuring fair and rule-compliant competition. Where date of birth or gender is processed, BBO applies appropriate safeguards given the sensitivity of this data, and it is accessed only by personnel with a demonstrable need for the Event's administrative purposes.

Retention: Eligibility data is retained for the duration of the relevant Event and for up to 3 years thereafter to support integrity reviews, appeals, or dispute resolution.

6.2 Disclosure of Player Names to Other Participants

In accordance with the official rules of some sanctioned Events, BBO must disclose participants' names to all other players at the table and in the same Event, where required by the sanctioning Bridge Organization.

Data disclosed: Player name as registered in the Bridge Organization's roster, which may include real name or screen name, depending on the player's membership registration.

To whom: All other participants in the same Event.

Legal basis: Contract necessity (Art. 6(1)(b) GDPR), this disclosure is an inherent element of the service the player has requested, and legitimate interests (Art. 6(1)(f) GDPR) in complying with the rules of the sanctioning body, without which the Event cannot legally be run.

Note for players: By registering for a sanctioned Event on BBO, you acknowledge that your name may be visible to co-participants if required by the relevant Bridge Organization's rules. If you have concerns about the name displayed, contact your Bridge Organization directly.

6.3 Reporting Tournament Results and Master Point Awards to the Bridge Organization

Following the conclusion of Events sanctioned by the relevant Bridge Organization, BBO is required to report official results and master point awards back to the Bridge Organizations so that player records can be updated and competitive standings maintained.

Data disclosed to Bridge Organization:

  • Player identifiers (name, Bridge Organization membership number)
  • Event participation data (Event name, date, session)
  • Final results and placing
  • Master point awards are calculated in accordance with the Bridge Organization rules

Legal basis: Contract necessity (Art. 6(1)(b) GDPR) reporting results is a condition of hosting certain Events and an element of the service BBO provides — and legitimate interests (Art. 6(1)(f) GDPR) in maintaining the integrity of competitive records. For North American players, this processing is also consistent with BBO's agreement with the ACBL as a host platform for their sanctioned games.

Retention: BBO retains a copy of reported results as part of gameplay history, which is retained indefinitely for historical and competitive integrity purposes (see §10). The Bridge Organization retains master point records in accordance with its own privacy policy, which players are encouraged to review.

6.4 Cross-Database Sharing for Player Reactivation and Retention

BBO and the Bridge Organization may share derived, non-contact analytical data about players and members for:

  • enhancing the player experience;
  • improving overall player engagement;
  • reactivation of lapsed players, and
  • optimize retention messaging.

This activity is conducted under a data-sharing arrangement governed by a formal agreement between BBO and the Bridge Organization.

How this works: Each party analyses its own player/member database to identify individuals who may benefit from re-engagement outreach (for example, a player who was active on BBO but has not played recently, or a Bridge Organization member who has not registered for an online Event). Each party then uses that analytical data to send its own communications to its own players or members using its own contact information.

Critical limitation – no contact data exchange: BBO does not provide any player contact details (such as email addresses or phone numbers) to the Bridge Organization, and the Bridge Organization does not provide member contact details to BBO. Each party contacts its own audience exclusively through its own systems. The data exchanged is limited to anonymized, pseudonymized, or aggregated signals (such as activity flags, engagement scores, or segment identifiers) that allow each party to identify which of its own users to target.

Data exchanged: Activity signals, engagement indicators, segment or cohort identifiers, and other derived analytics – all at a level of abstraction that does not directly identify individuals to the receiving party without cross-reference to that party's own records.

Purpose limitation: This data sharing is limited to optimizing the player/member user experience and improving reactivation/retention. It is not used for profiling for credit, insurance, employment, or any other purpose with significant legal or similarly significant effects on individuals.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), both BBO and the Bridge Organization have a legitimate interest in maintaining an active and engaged player community, and this sharing is conducted in a privacy-preserving manner that minimizes the data exchanged and does not involve third-party advertising. For California residents, BBO may treat the exchange of derived engagement signals as a "share" for cross-context behavioral purposes within the meaning of the CPRA; you have the right to opt out of this sharing (see §9).

Your choices: You may opt out of having your engagement data included in cross-database data sharing by contacting BBO at privacy@bridgebase.com with the subject line "Opt Out – Bridge Organization Data Sharing", including your BBO Username and email address associated with your BBO Account in the email body. This will not affect your ability to participate in Events on BBO, but it means you may receive communications less relevant to your BBO activity.

6.5 Integrity Analysis by Bridge Organization Providers

To support fair play in Events sanctioned by a Bridge Organization, BBO may transfer the following data to integrity analysis providers engaged by that Bridge Organization:

  • the player's BBO username;
  • the player's Bridge Organization membership number;
  • all playing data (e.g., bridge hands, bidding, card play) from sanctioned Events.

These providers perform statistical and behavioral analysis to identify patterns that may indicate cheating or collusion, and report their findings to the Bridge Organization.

BBO does not transfer player names, email addresses, postal addresses, phone numbers, IP addresses, chat content, payment information, or device identifiers to these providers. Decisions about any disciplinary action are made by the Bridge Organization, not by the integrity provider or BBO, and follow the Bridge Organization's procedures, which include the affected member's right to respond.

BBO has confidentiality agreements with both the relevant Bridge Organization and its integrity analysis provider governing this data disclosure. However, the provider processes the data it receives in accordance with the contractual and data protection arrangements stipulated in the provider's agreement with the Bridge Organization. Users may contact the relevant Bridge Organization for details of those arrangements.

Legal basis: Contract necessity (Art. 6(1)(b) GDPR) – operating sanctioned Events requires cooperation with the Bridge Organization's integrity processes, and legitimate interests (Art. 6(1)(f) GDPR) of BBO, the Bridge Organizations, and the broader player community in maintaining fair competition. This processing involves profiling within the meaning of Article 4(4) GDPR. It does not constitute solely automated decision-making under Article 22, because consequential decisions are made by Bridge Organization personnel following human review.

Retention: BBO retains hand records indefinitely as part of gameplay history (see §10). Retention by integrity providers is governed by their agreement with the relevant Bridge Organization; users may contact the Bridge Organization for details.

Junior participants: For sanctioned junior Events, the same data categories are transferred on the same basis. No additional categories of children's data are transferred.

6.6 Roles and Responsibilities

BBO and the Bridge Organizations generally act as independent controllers of their respective databases. Each publishes and retains competition records in accordance with its own policies. Users should review the Bridge Organization privacy policy for details on public player pages, photos, and master point records maintained by the Bridge Organization. Where BBO and the Bridge Organization act as joint controllers for any specific processing activity (such as the cross-database data sharing described in §6.4), the responsibilities of each party are governed by a written arrangement between them, a summary of which is available upon request by contacting privacy@bridgebase.com.

7. Account, Chats & Integrity

  • To ensure the security, integrity, and fair operation of the Services, BBO monitors and records gameplay activity and in-game communications (including public and private chats).
  • This processing is necessary to perform the contract with users (Article 6(1)(b) GDPR) and to pursue BBO’s legitimate interests (Article 6(1)(f) GDPR), including:
    • preventing fraud, cheating, and abuse;
    • enforcing game rules and Terms of Service;
    • ensuring player safety and competitive integrity.
  • Where monitoring applies, in-product notices are provided.
  • Users who do not wish to be monitored should not use the Services, as these measures are essential to their operation.
  • Reports submitted by other users and integrity flags raised during gameplay may be retained as part of a player's account record and used in moderation and anti-cheat review processes.
  • BBO uses automated systems to detect potential cheating, fraud, and abuse. These systems flag activity for human review; no automated system applies consequential actions – such as account suspension, tournament disqualification, or removal of playing privileges – without review and decision by BBO staff.
  • This processing does not rely on user consent and is not optional.

8. Cookies, SDKs & Advertising

We use cookies and similar technologies for login, preferences, analytics, and security. We also use limited identifiers with advertising/analytics partners to measure usage and (where enabled) deliver interest-based ads.

  • Mobile: You can reset/limit advertising IDs (IDFA/GAID) in your device settings.
  • Browsers: You can control cookies in your browser. Some features may not work without them.

9. Your Privacy Choices & State Rights

Depending on your location, you may have rights to access, delete, correct, appeal, portability, and to opt out of targeted advertising (“sharing”).

  • Submit requests via privacy@bridgebase.com, including your BBO Username and email address associated with your BBO Account in the email body.
  • We will verify your identity before acting on a request. You may use an authorized agent as allowed by law.
  • We do not discriminate against you for exercising your rights.

Opt-out of targeted advertising (“sharing”)

  • Use CMP settings to set your preferences; and/or
  • Enable a Global Privacy Control (GPC) signal in your browser—we will honor it where required.
  • Mobile users can limit personalized ads in device settings.
  • To opt out of cross-database data sharing with Bridge Organizations for reactivation/retention purposes, contact privacy@bridgebase.com with the subject line "Opt Out – Bridge Organization Data Sharing", including your BBO Username and email address associated with your BBO Account in the email body. (see §6.4).

We do not use or disclose sensitive personal information (e.g., payment card numbers) for purposes that require a “limit” right under applicable law.

Your GDPR/UK Privacy Rights

If you are located in the EEA, UK, or Switzerland, you have additional rights under applicable law, including:

  • Right of access to your personal information.
  • Right to rectification of inaccurate or incomplete information.
  • Right to erasure (“right to be forgotten”).
  • Right to restrict processing in certain circumstances.
  • Right to data portability (to receive your data in a machine-readable format).
  • Right to object to certain processing, including for marketing.
  • Right not to be subject to automated decision-making producing legal or similarly significant effects.
  • Right to lodge a complaint with a supervisory authority.

10. Data Retention

For transparency, we apply the following retention periods consistent with our records of processing activities:

  • Account data: accounts are considered "inactive" after 3 years with no login; BB$ in inactive accounts may expire
  • Chat logs & moderation records: ~2 years (longer if under review)
  • Payment/invoice data: 7 years (accounting/tax)
  • Security logs: ~100 days (longer if investigating fraud/abuse)
  • Gameplay history & results: retained indefinitely for historical and competitive integrity
  • Eligibility data (date of birth, gender, country, master points): retained for duration of event plus up to 3 years for integrity and appeal purposes
  • Anti-cheat signals and flags: retained as part of gameplay history for competitive integrity purposes.

We may de-identify or aggregate data for analytics and service improvement. Payment and invoicing data is retained for seven (7) years to comply with applicable accounting, tax, and financial record-keeping obligations under U.S. federal and state law (Article 6(1)(c) GDPR).

During extended retention periods, such data is restricted to compliance purposes and access is limited to authorized personnel only.

11. Data Transfers

We process data in the United States and may transfer it to other countries. For EEA/UK/Swiss users, we rely on Standard Contractual Clauses and other safeguards for transfers.

Service Providers & Recipients

To operate our Services, we use trusted vendors, including:

  • Cloud hosting (e.g., AWS, U.S./EU)
  • Payment processors (e.g., PayPal, Stripe, Google/Apple In-App Billing)
  • Analytics/advertising partners (Google Analytics, Meta, etc.)
  • Customer support tools (Zendesk or similar)

All vendors above are bound by contract, and where applicable, EU Standard Contractual Clauses govern international data transfers.

12. Security

We use administrative, technical, and organizational measures, including encryption in transit and at rest, access controls, monitoring, and regular testing. No system is perfect. Please use strong passwords and notify us of any suspected unauthorized access.

13. Children’s Privacy

Our Services are intended for users aged 18 or older. We do not knowingly collect personal information from children under 13 (or under 16 where required by applicable law), except as follows: for officially sanctioned junior bridge competitions organized by the ACBL or other National Bridge Organizations, we may process limited eligibility data (date of birth, event registration, results) for players aged 13–17. This data is provided to BBO by the Bridge Organization, which is responsible for verifying age and obtaining any parental or guardian consent required under applicable law (including COPPA in the United States and Article 8 GDPR in the EEA/UK) as part of the player's membership and event registration.

Such processing is performed solely for competition eligibility verification and event operation, under the legal bases of contract necessity (GDPR Art. 6(1)(b)) and legitimate interests (GDPR Art. 6(1)(f)). Junior participants' data is not used for marketing, profiling, or the cross-database data sharing described in §6.4.

If you believe a child under 13 (or under 16 where required by applicable law) has provided personal information to BBO outside the junior competition pathway described above, contact privacy@bridgebase.com.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you via email or an in-product notice. The “Effective” date shows the latest version.

15. Contact Information

For any questions or concerns about Privacy Policy or any of our Services, contact us at privacy@bridgebase.com.

Bridge Base On Line, LLC 
9030 W. Sahara Avenue #710 
Las Vegas, NV 89117
USA

© 2026 Bridge Base On Line, LLC.
About  •  Privacy  • Terms of service
   •  Support