DRAFT — pending legal review. Not yet effective.
This is a working draft. Do not rely on it as a final policy.
Privacy Policy
Effective date: [TBD pending legal review and launch]
Nothing To Lose (“N2L”, “we”, “us”) builds tools that help hosts run live events. This Privacy Policy explains what data we collect when you use our service at nothingtolose.live and how we use it.
What we collect
- Account data: your email address and authentication tokens, handled by Supabase when you sign up or sign in.
- Session data: the sessions you create as a host (categories, answer keys, questions) and the join codes, display names, and gameplay activity of players who join your sessions.
- Gameplay analytics: anonymized product events sent to PostHog — sign-up events, page views, and gameplay event counts — used to understand which features work.
- Error reports: stack traces and session IDs sent to Sentry when something breaks. We do not send personally identifying information to Sentry as a matter of policy.
What we don’t collect
Photos taken during Human Bingo never leave the player’s device. Player photos are stored only in the browser’s local IndexedDB on the device that captured them. They are not uploaded to our servers, our analytics, or any third party.
How we use your data
- To run the game — keep your sessions alive, sync players, and show scores.
- To improve the product — understand which features get used and which break.
- To communicate with you — confirmations, security notices, and material policy changes.
We never sell your data to third parties.
Sub-processors
We share data with a small set of infrastructure providers that run parts of the service. Each has its own privacy policy:
Retention
- Session data: retained for [TBD pending legal review] months after the session ends, then deleted.
- Account data: retained while your account is active, then deleted [TBD pending legal review] days after you close it.
Your rights
You can request a copy of the data we hold about you, or ask us to delete it. Email privacy@nothingtolose.live and we will respond within a reasonable window.
Children
N2L is intended for ages 13 and up. We do not knowingly collect data from children under 13.
[Legal review note: GDPR’s stricter age threshold is 16+. Confirm target jurisdiction for the final figure before launch.]
Updates to this policy
If we make material changes to this policy, we will notify you by email and via an on-site banner before the changes take effect.
Contact
Questions about privacy? Email privacy@nothingtolose.live.
Last updated: [TBD pending legal review]