Privacy policy
Last updated: [date — set when you publish]
This policy explains what personal data NameBraid processes and why. We keep it to a minimum: no advertising, no third-party trackers, no analytics SDKs, and fonts are served from our own server.
Controller
The controller responsible for the processing is the operator named in the Legal notice.
For any question about your data or to exercise your rights, contact: mail@namebraid.com.
What we process and why
We only process what a round actually needs:
- Participant token: a random value in your browser's localStorage that keeps your seat in a round. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- Display name (optional): labels your side of the result. Art. 6(1)(b).
- Names and votes in a round: the core function of the service. Art. 6(1)(b).
- Coarse country: derived once from your IP address by our hosting platform's edge network. We receive and store only the two-letter country code, never the IP address itself, and use it solely for aggregate usage statistics. Legitimate interest in understanding where the service is used (Art. 6(1)(f)).
- IP address (transient): used for a moment as a rate-limit key to prevent abuse, then discarded; it is never written to storage. Legitimate interest in security (Art. 6(1)(f)).
- Language preference: a functional cookie that remembers your chosen language.
Cookies
We use only one strictly necessary cookie: your language preference. Because we set no advertising or analytics cookies, no consent banner is required.
How long we keep data
- Rounds are automatically deleted 30 days after they are created; there is no long-term storage.
Hosting and processors
The application is hosted on Vercel and the database on Neon, acting as our processors under data processing agreements. Where processing may involve servers outside the EU, appropriate safeguards (EU Standard Contractual Clauses) apply. [Confirm EU regions and signed agreements before launch.]
Your rights
Under the GDPR you have the right to:
- access, rectification and erasure of your data,
- restriction of and objection to processing,
- data portability,
- and to lodge a complaint with a data protection supervisory authority.
Exercising your rights
To exercise any of these rights — including deleting a round's data before it expires — contact us at mail@namebraid.com and we will act on your request.
Data security
Optional round passwords are hashed with scrypt and a per-password salt, and all traffic is served over HTTPS.
Changes to this policy
We may update this policy as the service changes. The current version, dated above, always applies.
Optional account
The app is fully usable without an account. If you voluntarily create one, we additionally process: your display name, your email address, a password hash (scrypt with salt — your password itself is never stored), and login sessions (hashed, with expiry).
This data is kept until you delete your account, which you can do yourself at any time in the profile (“Delete account”); this removes the account and login sessions and unlinks your round participations. Legal basis: Art. 6(1)(b) GDPR (providing the account feature).
Rounds in which at least one person participates with their account are, as an exception to the 30-day rule, kept until that account is deleted — after which the normal deletion period applies again. If you rate names in your personal name list, those ratings are likewise stored until account deletion.