Privacy Policy
Last revised:
Overview
OpenSourceSports is operated by Digi Logic Labs. We believe in transparency about how we handle your data. This policy explains what we collect, why, and how you can control it.
What We Collect
Account information
When you sign in via Keycloak (our authentication provider), we receive your name and email address. We store a user record to associate your favorites, preferences, votes, and submissions with your account. If you contribute content (e.g. submitting a custom sport), your display name is shown publicly alongside that contribution and may appear in a public GitHub issue we auto-create for tracking — see Third-Party Services below.
Usage data
We use Cloudflare Web Analytics (server-side, privacy-first — no Google Analytics, no cross-site trackers, no cookies set for analytics) to count page views and infer country / device class from request metadata. Cloudflare anonymizes IP addresses and does not store personal identifiers for analytics. We also record in-app interactions (favorites, votes, proposals, recently-viewed sports) in our own database to power recommendations — interaction records auto-expire after 6 months, recently-viewed after 1 year.
Tool saves & shares
When you use the tools (bracket generator, scoreboard, team generator, etc.), their setup state is saved either in your browser (anonymous) or in our database (signed in). If you explicitly publish a save as a share link, anyone with the URL can view it until you revoke it. Unlisted shares work the same way but aren't linked from anywhere.
Donation information
If you support us financially, payments are processed by Stripe. We store the donation tier, amount, and Stripe customer identifier so we can apply per-account benefits (see support page), but we never see or store your full card number.
Email (optional)
If you opt in to the weekly or monthly digest in your preferences, we send rule-update summaries via Resend. Digests are off by default; you can disable them at any time.
Ad slot metrics (free pages only)
Free / anonymous viewers see one curated ad slot on rules pages and tool pages. We pick every advertiser by hand — no programmatic networks, no third-party ad scripts, no pixels, no cookies. When the slot renders for you, the client posts a single line to our own server with three values: which ad rendered, on which surface, and whether it was an impression or a click. We store daily aggregate counts only — never your IP, never your user id, never a per-event row that could tie back to you. Supporters and Patrons never see ads and never generate ad metrics.
What We Do Not Do
- ✓We do not sell your data to advertisers or third parties
- ✓We do not use cross-site advertising trackers, fingerprinting, or behavioral profiling
- ✓We do not share your email with marketing services or newsletter partners
- ✓We do not run programmatic / RTB / ad-network code, set ad cookies, or load third-party ad scripts. Free pages may show one hand-curated, sport-specific ad — supporters and patrons see none.
How We Store Your Data
All data is stored on our self-hosted infrastructure on Hetzner Cloud (Ashburn, VA, USA). We use PostgreSQL for structured data, Redis for caching, and Cloudflare R2 for backups. Connections are encrypted in transit (TLS). Database backups run automatically to Cloudflare R2 storage.
Cookies & Local Storage
We use essential cookies for authentication (session management via Auth.js) and theme preference. Our analytics (Cloudflare Web Analytics) runs server-side at the edge and does not set cookies or localStorage for tracking. We do not use advertising cookies.
Your Rights
Most data-rights actions are now self-service from your preferences page:
- Access (Article 15): Download a complete JSON archive of every row we hold about you — profile, preferences, favorites, votes, donations, tool saves, and submissions. Download my data under “Privacy & data.”
- Erasure (Article 17): Request account deletion with a 14-day grace window so accidental clicks are reversible. Submissions are hidden during the window and permanently removed at the end of it. Delete my account under “Privacy & data.”
- Notifications (Article 21): Fine-grained per-type and per-channel opt-out matrix. Manage notifications — the email-digest cadence is off by default.
- Recent activity: Clear your server-synced viewing history at any time from the same panel.
For anything not covered by self-service — display-name scrubbing on already-published custom sports, restriction-of-processing requests, or follow-on archives for slices that exceed the 5,000-row export cap — contact [email protected]. Manual requests are handled within 30 days. Note that content you've published (e.g. a custom sport) may remain in our public GitHub data repository after deletion; we scrub your display name on request.
Third-Party Services
| Service | Purpose |
|---|---|
| Keycloak (self-hosted) | Authentication |
| Stripe | Payment processing |
| Resend | Email delivery (digests, feedback) |
| Cloudflare | DNS, CDN, storage, server-side analytics |
| GitHub | Sport data hosting + submission tracking |
Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated via a banner on the site. The “last updated” date at the top reflects the most recent revision.