This Privacy Policy explains how Sousa Rewards ("we", "us", or "our") collects, uses, and protects your personal information when you use our website at sousarewards.onrender.com. By using our site, you agree to the practices described here.
1. Information We Collect
We collect the following types of information when you use Sousa Rewards:
- Discord Profile Data — When you sign in with Discord, we receive your Discord username, display name, user ID, and avatar image. We do not receive your email address, password, or payment information from Discord.
- Giveaway Entries — When you enter a giveaway, we store your display name, your X (Twitter) post or profile link, and your Discord user ID to verify eligibility and prevent duplicate entries.
- Session Data — We use encrypted session cookies to keep you signed in between visits. These cookies are stored in your browser and contain a session identifier only — not your personal data directly.
- Usage Data — Our hosting provider (Render) may automatically collect standard server logs including your IP address, browser type, pages visited, and timestamps. We do not actively analyse this data.
2. How We Use Your Information
We use the information we collect solely to operate and improve Sousa Rewards:
- To authenticate your identity via Discord OAuth
- To process and verify giveaway entries
- To prevent duplicate entries and fraudulent submissions
- To display your username on the site when you are signed in
- To contact winners of giveaways (via Discord or X)
- To maintain the security and functionality of the site
We do not use your data for advertising, sell it to third parties, or share it with any external services other than those listed in this policy.
3. Data Storage & Retention
Your data is stored in a secure PostgreSQL database hosted on Supabase, and session data is managed by our server on Render. We retain your data for as long as your account is active or as needed to operate the service.
Giveaway entry records are retained for a minimum of 90 days after the giveaway closes for record-keeping and dispute resolution purposes. After that period, entries may be anonymised or deleted.
If you would like your data deleted, please contact us and we will remove your account and all associated records within 30 days.
4. Cookies & Sessions
We use a single session cookie (sousarewards.sid) to keep you signed in. This cookie:
- Is HttpOnly and cannot be accessed by JavaScript
- Expires after 14 days of inactivity
- Is set to SameSite=Lax to prevent cross-site request forgery
- Is transmitted over HTTPS only in production
We do not use advertising cookies, tracking pixels, or analytics services such as Google Analytics.
5. Third-Party Services
We use the following third-party services to operate the site:
- Discord — For authentication via OAuth2. When you sign in, you are redirected to Discord's servers. Discord's own Privacy Policy governs that interaction.
- Render — Our web hosting provider. Render may log server-level request data.
- Supabase — Our database provider, used to store application data securely.
- Kick.com — We display live stream status from the Kick API. No personal data is shared with Kick.
- GlobalLeaderboards.net — Used to fetch wagering leaderboard data for Packy.gg and Chips.gg. No personal data is shared.
We are not responsible for the privacy practices of these third-party services. We encourage you to review their respective privacy policies.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right to Access — You can request a copy of the personal data we hold about you.
- Right to Deletion — You can request that we delete your account and all associated data.
- Right to Correction — If any data we hold is inaccurate, you can request a correction.
- Right to Object — You can object to the processing of your data at any time.
To exercise any of these rights, please contact us using the details below. We will respond within 30 days.
7. Children's Privacy
Sousa Rewards is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the site after changes are posted constitutes your acceptance of the updated policy.
9. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please reach out to us:
