Privacy Policy

• Account: email, username, country, age confirmation.
• Play data: button-press timestamps, entries, streaks, referral activity.
• Device: push notification token, approximate IP (for abuse prevention).
• Contact form: name, email, subject, message — retained so we can reply.

To run the game (track entries, run draws, notify winners), to prevent fraud, and to reply to enquiries. We do not sell your data. We do not run third-party advertising trackers on this site.

On Supabase (US-East-1) with row-level security enforced per user. Auth sessions are signed JWTs stored as httpOnly cookies. Push tokens are stored only on your profile row and revoked when you sign out.

You may request a data export or account deletion via the contact form at any time. We will action requests within 30 days.

Strictly necessary only: session cookie (Supabase auth) and CSRF token. No analytics or advertising cookies.

Questions? Use the contact form. Submissions are routed directly to the founder for a personal reply.