Privacy Policy

Effective date: [TBD pending legal review and launch]

Nothing To Lose (“N2L”, “we”, “us”) builds tools that help hosts run live events. This Privacy Policy explains what data we collect when you use our service at nothingtolose.live and how we use it.

What we collect

  • Account data: your email address and authentication tokens, handled by Supabase when you sign up or sign in.
  • Session data: the sessions you create as a host (categories, answer keys, questions) and the join codes, display names, and gameplay activity of players who join your sessions.
  • Gameplay analytics: anonymized product events sent to PostHog — sign-up events, page views, and gameplay event counts — used to understand which features work.
  • Error reports: stack traces and session IDs sent to Sentry when something breaks. We do not send personally identifying information to Sentry as a matter of policy.

What we don’t collect

Photos taken during Human Bingo never leave the player’s device. Player photos are stored only in the browser’s local IndexedDB on the device that captured them. They are not uploaded to our servers, our analytics, or any third party.

How we use your data

  • To run the game — keep your sessions alive, sync players, and show scores.
  • To improve the product — understand which features get used and which break.
  • To communicate with you — confirmations, security notices, and material policy changes.

We never sell your data to third parties.

Sub-processors

We share data with a small set of infrastructure providers that run parts of the service. Each has its own privacy policy:

  • Supabase database hosting and authentication
  • Vercel web hosting and product analytics
  • Upstash Redis cache for session reads
  • PostHog anonymized product analytics
  • Sentry error monitoring

Retention

  • Session data: retained for [TBD pending legal review] months after the session ends, then deleted.
  • Account data: retained while your account is active, then deleted [TBD pending legal review] days after you close it.

Your rights

You can request a copy of the data we hold about you, or ask us to delete it. Email privacy@nothingtolose.live and we will respond within a reasonable window.

Children

N2L is intended for ages 13 and up. We do not knowingly collect data from children under 13.

[Legal review note: GDPR’s stricter age threshold is 16+. Confirm target jurisdiction for the final figure before launch.]

Updates to this policy

If we make material changes to this policy, we will notify you by email and via an on-site banner before the changes take effect.

Contact

Questions about privacy? Email privacy@nothingtolose.live.

Terms of Service →

Last updated: [TBD pending legal review]