Privacy Policy

1. Information We Collect

We collect the following information when you use BJJ Database:

• Email address - Used for account authentication
• Password - Securely hashed by Supabase (we never store plain text passwords)
• User-generated gameplans - The gameplans you create and save

2. How We Use Your Information

Your information is used to:

• Authenticate your account and maintain your session
• Store and display your gameplans
• Provide the core functionality of the service

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Consent - You provide your email and password when creating an account
• Contract performance - Processing is necessary to provide the service you requested

4. Cookies

We use only essential authentication session cookies required for you to stay logged in. We do not use any analytics, tracking, or advertising cookies.

5. Third-Party Services

We use the following third-party services:

• Supabase - Database and authentication - Privacy Policy
• Vercel - Hosting - Privacy Policy

6. Data Storage & Security

We take the security of your data seriously:

• All data is transmitted over HTTPS
• Passwords are securely hashed using industry-standard algorithms
• Data is stored on Supabase infrastructure with encryption at rest

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access - Request a copy of your personal data
• Rectification - Request correction of inaccurate data
• Erasure - Request deletion of your data ("right to be forgotten")
• Portability - Request your data in a portable format
• Withdraw consent - Withdraw your consent at any time

To exercise any of these rights, please contact us by deleting your account or reaching out directly.

8. Data Retention

We retain your personal data until you delete your account. Upon account deletion, all associated data (including gameplans) will be permanently removed.

9. Children's Privacy

BJJ Database is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

10. What We Don't Do

• We do not use analytics or tracking
• We do not display advertising
• We do not sell your data to third parties

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date.