Draft

Privacy Policy

Last updated: March 2026

1. Data We Collect

Account Data

  • Email & password (if you create an account) — stored securely via Supabase Auth with bcrypt hashing.
  • Display name — chosen by you, visible to other draft participants.

Guest Sessions

  • A locally-generated guest ID (e.g. guest-timestamp-random) stored in your browser's localStorage.
  • No personal information is collected for guest users.

Draft & League Data

  • Draft rooms, team names, Pokémon picks, bid history, wishlist items, match results.
  • Room codes and participation records linking you to drafts.

Technical Data

  • Error reports — sent to Sentry for debugging (includes stack traces, browser info, URL). No personal data is intentionally included.
  • Connection timestampslast_seen used for online/offline status during drafts.

2. How We Use Your Data

  • To provide the drafting and league management service.
  • To show real-time draft state to all participants.
  • To track error reports and improve the Service.

3. Data Storage

All data is stored in Supabase (PostgreSQL) with Row Level Security policies. Data is hosted in Supabase's cloud infrastructure. We do not sell, share, or rent your data to third parties.

4. Cookies & Local Storage

We use browser localStorage for:

  • Theme preference (pokemon-draft-theme)
  • Guest user session ID
  • Draft participation records
  • Image display preference

We do not use advertising or third-party tracking cookies.

5. Third-Party Services

  • Supabase — database, authentication, and real-time features.
  • Sentry — error tracking and monitoring.
  • PokéAPI / Pokémon Showdown — Pokémon data and sprite images (no user data sent).
  • Vercel — hosting and deployment.

6. Data Retention

  • Active draft and league data is retained as long as the draft/league exists.
  • Inactive draft data may be deleted after 90 days.
  • Account data is retained until you delete your account.

7. Your Rights (GDPR)

You have the right to:

  • Access your data — visit Settings to download your data.
  • Delete your account and associated data by contacting us.
  • Export your data in JSON format via the Settings page.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect data from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the date at the top of this page.

10. Contact

For privacy-related questions, please open an issue on our GitHub repository.

Terms of Service · Back to Home
Privacy Policy - Pokémon Draft League | Pokémon Champions Draft League