Privacy Policy

Version 2026-05-08

VoteGOAT is a second-screen companion for reality television. This policy explains what we collect when you rate, score, or post hot takes on the show you're watching, how we use it, and the rights you have over it. It applies alongside our Terms of Service.

Age requirement.VoteGOAT is for adults only — you must be at least 18 to create an account or use the service. We don't knowingly collect personal information from anyone under 18.

What we collect

Account data:email, display name, and — for email/password accounts — a bcrypt hash of your password (we never store the password itself). For accounts created through a supported OAuth provider (currently GitHub) we also store the provider's user id and tokens needed to keep you signed in.
Activity data: the ratings, scores, hot-take notes, moment reactions, discussion comments, and timestamps you submit while using the app, plus your points balance and history, prediction wagers, and any fantasy leagues you create or join. Public submissions (moment comments and discussion comments) are checked at write time for slurs, profanity, and obvious violence keywords; submissions that fail the check are rejected and never stored.
Terms acceptance: the version of the Terms you accepted and the timestamp of acceptance.
Optional demographics: birth year, gender, country, region, postal code — only if you provide them.
Technical data: a session cookie issued by our auth library so you stay signed in, and short-lived server logs (request paths, status codes, and the requesting IP address — used transiently for rate-limiting and abuse prevention). We do not run third-party advertising or cross-site tracking.

How we use it

To run the service and let you see your own history.
To compute community aggregates shown on episode pages.
To detect and prevent abuse — vote manipulation, scraping, spam, and account-takeover attempts.
To produce — now or in the future — anonymized, aggregated reports and data products for brand, network, production, and talent-agency partners. No individual user is identifiable in these outputs.

We do not sell or rent identifiable personal information, we do not run third-party advertising on the site, and we do not use your Contributions to train third-party AI models.

Who we share it with

Hosting and infrastructure: the providers we use to run the service (database and application hosting). They process data on our behalf only.
OAuth providers you choose: if you sign in with GitHub, GitHub receives the standard OAuth handshake and we receive your GitHub profile (id, name, email). Choosing not to use OAuth avoids this entirely.
When the B2B product ships: aggregated, anonymized segment statistics to paying partners. We will never sell data tied to your name, email, or account id.

Your rights

Access: sign in and visit your profile to download a JSON export of everything we have tied to your account. You can also hit GET /api/user/export directly.
Correction: edit your display name and demographic fields from your settings, or email support for anything you can't change yourself.
Deletion: sign in and use the Delete account page. Personally- identifiable rows are removed immediately via cascading delete; anonymized aggregates already produced may persist.
Opt out of demographic collection: leave the optional fields blank at signup, or use Clear all in your settings to remove anything you previously entered.

Retention

We keep account and activity data for as long as your account exists. When you delete your account, personally-identifiable rows are removed immediately via cascading delete. Server logs (request paths, status codes, IPs) are short-lived — retained only as long as needed for rate-limiting and abuse investigation, subject to our hosting provider's default retention, and never used to build a long-term profile of you. Anonymized, aggregated outputs we produced before deletion may persist — no individual user is identifiable in those outputs.

Security

Passwords are stored as bcrypt hashes — we never see the plaintext. Connections to the site use HTTPS. No system is perfectly secure; if we discover a breach affecting your account, we'll notify you as required by applicable law.

International users

VoteGOAT is operated from the United States and your data is processed there. By using the service you consent to that transfer. If you're in the EU, UK, or another jurisdiction with statutory privacy rights (e.g. GDPR, UK GDPR, CCPA/CPRA), the access, correction, deletion, and opt-out rights described above are available to you regardless — email support@votegoat.appif you can't complete a request through your profile.

Changes to this policy

If we materially change how we collect or use your data, we'll bump the version above and ask you to re-accept before you continue using the service.

Contact

Privacy questions or data-rights requests? Email support@votegoat.app.

Version 2026-05-08

Age requirement.VoteGOAT is for adults only — you must be at least 18 to create an account or use the service. We don't knowingly collect personal information from anyone under 18.

What we collect

Account data:email, display name, and — for email/password accounts — a bcrypt hash of your password (we never store the password itself). For accounts created through a supported OAuth provider (currently GitHub) we also store the provider's user id and tokens needed to keep you signed in.

Activity data: the ratings, scores, hot-take notes, moment reactions, discussion comments, and timestamps you submit while using the app, plus your points balance and history, prediction wagers, and any fantasy leagues you create or join. Public submissions (moment comments and discussion comments) are checked at write time for slurs, profanity, and obvious violence keywords; submissions that fail the check are rejected and never stored.

Terms acceptance: the version of the Terms you accepted and the timestamp of acceptance.

Optional demographics: birth year, gender, country, region, postal code — only if you provide them.

Technical data: a session cookie issued by our auth library so you stay signed in, and short-lived server logs (request paths, status codes, and the requesting IP address — used transiently for rate-limiting and abuse prevention). We do not run third-party advertising or cross-site tracking.

How we use it

To run the service and let you see your own history.

To compute community aggregates shown on episode pages.

To detect and prevent abuse — vote manipulation, scraping, spam, and account-takeover attempts.

To produce — now or in the future — anonymized, aggregated reports and data products for brand, network, production, and talent-agency partners. No individual user is identifiable in these outputs.

We do not sell or rent identifiable personal information, we do not run third-party advertising on the site, and we do not use your Contributions to train third-party AI models.

Who we share it with

Hosting and infrastructure: the providers we use to run the service (database and application hosting). They process data on our behalf only.

OAuth providers you choose: if you sign in with GitHub, GitHub receives the standard OAuth handshake and we receive your GitHub profile (id, name, email). Choosing not to use OAuth avoids this entirely.

When the B2B product ships: aggregated, anonymized segment statistics to paying partners. We will never sell data tied to your name, email, or account id.

Your rights

Access: sign in and visit your profile to download a JSON export of everything we have tied to your account. You can also hit GET /api/user/export directly.

Correction: edit your display name and demographic fields from your settings, or email support for anything you can't change yourself.

Deletion: sign in and use the Delete account page. Personally- identifiable rows are removed immediately via cascading delete; anonymized aggregates already produced may persist.

Opt out of demographic collection: leave the optional fields blank at signup, or use Clear all in your settings to remove anything you previously entered.

Retention

International users