Privacy Policy

1. Introduction

PolyFriends ("we," "us," or "our") operates the PolyFriends web application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Account Information

• Display name
• Email address (for email/password and Google accounts)
• Hashed password (for email/password accounts)
• Google profile information (name, email, avatar) if you sign in with Google
• Guest recovery code (for guest accounts)
• Profile picture (if uploaded)

Usage Data

• Rooms created and joined
• Questions, outcomes, and bets placed
• Token balances and transaction history
• Achievement and activity data

Automatically Collected Information

• Browser type and version
• Device information
• IP address
• Pages visited and time spent
• Referring website

3. How We Use Your Information

• To create and manage your account
• To operate the prediction market features (rooms, questions, betting)
• To display your profile to other room members
• To track token balances and betting history
• To send important service-related notifications
• To improve and maintain the platform
• To detect and prevent fraud or abuse

4. Cookies and Session Data

We use essential cookies to operate the platform:

• Session cookies: Required for authentication (NextAuth.js session token). These keep you logged in.
• CSRF cookies: Required for security to prevent cross-site request forgery.

We do not use advertising cookies or third-party tracking cookies. We do not sell your data to advertisers.

5. Third-Party Services

• Google OAuth: If you sign in with Google, we receive your name, email, and profile picture from Google. See Google's Privacy Policy.
• Vercel: Our hosting provider. See Vercel's Privacy Policy.
• Neon: Our database provider stores your data securely. See Neon's Privacy Policy.

6. Data Sharing

We do not sell, trade, or rent your personal information. We may share your information only in the following cases:

• With other members of rooms you join (display name, avatar, betting activity within that room)
• With service providers necessary to operate the platform (hosting, database)
• If required by law or to protect our legal rights

7. Data Security

We implement industry-standard security measures including encrypted passwords (bcrypt hashing), HTTPS encryption, CSRF protection, and secure session management. However, no method of electronic transmission or storage is 100% secure.

8. Data Retention

We retain your account data for as long as your account is active. If you wish to delete your account and associated data, please contact us. Betting history may be retained in anonymized form for platform integrity.

9. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise these rights, contact us at the email below.

10. Children's Privacy

PolyFriends is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform. Your continued use of PolyFriends after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at support@polyfriends.app.