Privacy Policy

Last updated: March 2025

1. Introduction

The Prediction Paddock (“we”, “our”, or “the Service”) respects your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights when you use our website and services (predictions, pools, leaderboards, profiles, and related features).

2. Who is responsible

The Service is operated by the developer (KasperOfzeau). For privacy-related questions you can contact via the project repository linked in the footer or on the Terms of Service page.

3. Data we collect

We collect data necessary to provide and improve the Service:

  • Account data: When you register, we collect email address, password (stored in hashed form), and optionally full name and username. Username and profile details (e.g. avatar, display name) are used for your public profile and leaderboards.
  • Predictions and pool data: Your race and season predictions, pool memberships, and pool-related actions (e.g. invites, role) are stored so we can run the game, calculate scores, and show leaderboards.
  • Notifications: We store in-app notifications (e.g. pool invites, results) and whether you have read them.
  • Usage and technical data: We may receive technical information such as IP address, browser type, and device information through our hosting and authentication provider (e.g. Supabase) for security and operation. We do not track you across other websites for advertising.

4. How we use your data

We use the data we collect to:

  • Create and manage your account and authenticate you.
  • Provide predictions, pools, leaderboards, and notifications.
  • Calculate and display scores and rankings.
  • Display your profile (username, avatar, stats) to other users where the Service design requires it.
  • Send you transactional emails (e.g. password reset, email confirmation) via our auth provider.
  • Improve, debug, and secure the Service and comply with legal obligations.

We do not sell your personal data. We do not use your data for third-party advertising.

5. Legal basis (EEA/UK)

If you are in the European Economic Area or the UK, we process your data on the basis of: (1) performance of a contract (providing the Service you signed up for), (2) your consent where we ask for it (e.g. optional profile features), and (3) our legitimate interests (security, improving the Service, legal compliance) where appropriate.

6. Third-party services

We use Supabase for authentication, database, and hosting. Supabase processes your account and app data on our behalf. Their privacy and data processing terms apply to that processing. We may use other providers for hosting (e.g. Vercel) that process technical data (e.g. IP, logs) necessary to serve the site. We choose providers that respect privacy and, where required, offer appropriate safeguards for international transfers.

7. Cookies and similar technologies

The Service uses cookies and similar technologies where necessary for: (1) keeping you logged in (session/auth cookies), (2) security (e.g. CSRF), and (3) site operation. We do not use cookies for advertising or cross-site tracking. You can control or delete cookies via your browser settings; some features may not work if you disable essential cookies.

8. Data retention

We retain your account and related data (predictions, pools, notifications) for as long as your account is active or as needed to provide the Service and comply with law. If you delete your account, we will delete or anonymise your personal data in line with our procedures and legal obligations. Some data (e.g. in backups or for legal claims) may be kept longer where required.

9. Data security

We take reasonable steps to protect your data (e.g. HTTPS, secure authentication, access controls). No system is completely secure; you are responsible for keeping your password safe and logging out on shared devices.

10. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data (subject to legal exceptions).
  • Object to or restrict certain processing.
  • Data portability (e.g. a copy of your data in a common format).
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority (e.g. in your country).

To exercise these rights, contact us (e.g. via the GitHub link in the footer). You can also update or delete your account and profile from the Service where we provide those options.

11. Children

The Service is not directed at children under 13 (or the applicable age of digital consent). We do not knowingly collect personal data from such users. If you believe we have collected data from a child, please contact us and we will delete it.

12. International transfers

Your data may be processed in countries outside your residence (e.g. where our or Supabase’s servers are located). We ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) where required by law.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. We encourage you to review it periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact

For privacy questions or requests, you can reach out via the project repository: KasperOfzeau on GitHub.

← Back to home