What we collect
When you create or join a room, we store the name you provide, your chosen role, and the votes you cast during a session. We also generate a random anonymous identifier and store it in your browser's session storage to recognise you across page refreshes. We do not collect email addresses, passwords, or any other personally identifiable information, and we do not require you to create an account.How we use your data
The information you provide is used solely to run your planning session. Your name and votes are shared with other participants in the same room in real time. Nothing is used for advertising, profiling, or any purpose beyond operating the app.Session storage
We use your browser's sessionStorage to hold your anonymous user ID, name, and role. This data lives only in your browser tab and is automatically cleared when you close the tab. We do not use cookies, local storage, or any persistent tracking mechanism.Data retention
Room data and player records are stored in our database while a session is active. When the last participant leaves a room, the room and all associated data are deleted automatically. Voting history entries may persist within a room until it is removed.Third-party services
We use Supabase to store room data and deliver real-time updates. Data transmitted to Supabase is subject to their privacy policy. We do not use any analytics providers, advertising networks, or other third-party tracking services.Data security
All communication between your browser and our servers is encrypted via HTTPS. We apply server-side validation on all inputs and use a service-role key that never reaches your browser. However, no system is completely secure and we cannot guarantee absolute security.Your rights
If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have rights regarding your personal data under applicable law (including the GDPR and CCPA). These include the right to access, correct, or erase your data; the right to restrict or object to processing; the right to data portability; and the right to withdraw consent. Because we do not link any data to your real identity and sessions are ephemeral by design, there is generally no persistent data for us to action. If you have a specific request or question, please contact us at [email protected] and we will respond within 30 days.Changes to this policy
We may update this policy from time to time. The date at the top of this page reflects the most recent revision. We will notify users of any material changes by posting a prominent notice in the app before the changes take effect.