Privacy Policy

Version 2026-04-27

What we collect

• Account data:email, display name, and — for email/password accounts — a bcrypt hash of your password (we never store the password itself). For accounts created through a supported OAuth provider (currently GitHub) we also store the provider's user id and tokens needed to keep you signed in.
• Activity data: the ratings, scores, hot-take notes, and timestamps you submit while using the app, plus your points balance and history, prediction wagers, and any fantasy leagues you create or join.
• Terms acceptance: the version of the Terms you accepted and the timestamp of acceptance.
• Optional demographics: birth year, gender, country, region, postal code — only if you provide them.
• Technical data: a session cookie issued by our auth library so you stay signed in, and short-lived server logs (request paths, status codes, and the requesting IP address — used transiently for rate-limiting and abuse prevention). We do not run third-party advertising or cross-site tracking.

How we use it

• To run the service and let you see your own history.
• To compute community aggregates shown on episode pages.
• To produce anonymized, aggregated reports and data products sold to brand, network, production, and talent-agency partners. No individual user is identifiable in these outputs.

Who we share it with

• Hosting and infrastructure: the providers we use to run the service (database and application hosting). They process data on our behalf only.
• OAuth providers you choose: if you sign in with GitHub, GitHub receives the standard OAuth handshake and we receive your GitHub profile (id, name, email). Choosing not to use OAuth avoids this entirely.
• When the B2B product ships: aggregated, anonymized segment statistics to paying partners. We will never sell data tied to your name, email, or account id.

Your rights

• Access: sign in and visit your profile to download a JSON export of everything we have tied to your account. You can also hit GET /api/user/export directly.
• Correction:edit your display name and demographic fields from your profile, or email support for anything you can't change yourself.
• Deletion: sign in and use the Delete account page. Personally- identifiable rows are removed immediately via cascading delete; anonymized aggregates already produced may persist.
• Opt out of demographic collection: leave the optional fields blank, or clear them later from your profile.

Retention

We keep account and activity data for as long as your account exists. When you delete your account, personally-identifiable rows are removed immediately via cascading delete. Anonymized, aggregated outputs we produced before deletion may persist — no individual user is identifiable in those outputs.

Contact

Privacy questions? Email privacy@votegoat.example.

Note: this is placeholder demo text. It has not been reviewed by counsel and should not be relied on for any live deployment.