1. Information We Collect
1.1 Information You Provide
When you sign in with Google, we collect:
| Data Type |
What We Collect |
Purpose |
| Display Name |
Your Google account display name |
To personalize your experience and identify your account |
| Email Address |
Your Google account email |
For account identification and potential communication |
| Profile Picture |
Your Google account profile photo URL |
To display your avatar in the application |
| Saved Posts |
Reddit posts you choose to save (ID, title, permalink, subreddit, score, save date) |
To provide your personal saved posts collection |
1.2 Information Automatically Collected
We automatically collect certain technical information:
- Usage Data: Rate limiting counters, request timestamps
- Authentication Data: Sign-in timestamps, account creation date
- Technical Data: Browser type, device type (for responsive design)
- Error Logs: Application errors for debugging and improvement
1.3 Information We Do NOT Collect
- Your browsing history outside of RedditRoulette
- Personal files or documents
- Financial information or payment details
- Location data or GPS coordinates
- Contacts or social connections
- Device identifiers beyond basic browser information
2. How We Use Your Information
2.1 Primary Uses
- Account Management: To create and maintain your user account
- Service Functionality: To provide saved posts feature and personalization
- Security: To protect against abuse and ensure fair usage through rate limiting
- Service Improvement: To fix bugs and enhance user experience
2.2 We Do NOT Use Your Information For
- Selling to third parties
- Advertising or marketing
- Profiling or behavioral analysis
- Cross-platform tracking
- Spam or unsolicited communications
3. Data Storage and Security
3.1 Where Your Data is Stored
- User Data: Stored securely in Google Firebase Firestore
- Authentication: Handled by Google Firebase Authentication
- Rate Limiting: Stored locally in your browser's localStorage
3.2 Security Measures
🛡️ Our Security Practices
- Firebase Security Rules: Strict database access controls ensuring users can only access their own data
- HTTPS Encryption: All data transmission is encrypted
- Input Sanitization: All user inputs are sanitized to prevent XSS attacks
- Rate Limiting: Protection against abuse and DoS attacks
- No Plaintext Storage: We never store passwords or sensitive credentials
3.3 Data Retention
- Active Accounts: Data retained as long as account is active
- Inactive Accounts: Data may be deleted after 2 years of inactivity
- Deleted Accounts: Data permanently deleted within 30 days of account deletion
- Rate Limiting Data: Automatically expires and is cleaned up
4. Third-Party Services
4.1 Google Services
We use Google services for authentication and data storage:
- Google OAuth: For secure sign-in (governed by Google's Privacy Policy)
- Firebase: For data storage and authentication (Google Cloud Platform)
Your interaction with Google services is also governed by Google's Privacy Policy.
4.2 Reddit Content
We fetch content from Reddit's public API:
- We do not store Reddit content on our servers
- Reddit content is subject to Reddit's own privacy policy
- We only access publicly available, non-NSFW content
4.3 CORS Proxy Services
To access Reddit's API from browsers, we use CORS proxy services:
- These services temporarily process Reddit API requests
- No personal data is sent through these proxies
- Only Reddit post data passes through these services
5. Your Privacy Rights
5.1 Access and Control
You have the right to:
- Access: View all data we have about you through the app interface
- Modify: Update your Google account information (managed by Google)
- Delete: Remove individual saved posts or your entire account
- Export: Request a copy of your saved posts data
5.2 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights under GDPR:
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your personal data
- Right to Restrict Processing: Limit how we process your data
5.3 CCPA Rights (California Users)
If you are a California resident, you have rights under CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of the sale of personal information (we don't sell data)
- Right to non-discrimination for exercising CCPA rights
6. Cookies and Local Storage
6.1 What We Store Locally
- Authentication Tokens: To keep you signed in (managed by Firebase)
- Rate Limiting Data: To track usage limits and prevent abuse
- Application Preferences: To remember your topic and sort preferences
6.2 No Tracking Cookies
We do not use:
- Analytics or tracking cookies
- Advertising cookies
- Cross-site tracking
- Social media tracking pixels
7. Children's Privacy
RedditRoulette is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately so we can delete such information.
8. International Data Transfers
Your data may be stored and processed in:
- Google Cloud: Data centers worldwide (governed by Google's data protection measures)
- Firebase: Multi-region storage for reliability and performance
All transfers comply with applicable data protection laws and use appropriate safeguards.
9. Data Breaches
In the unlikely event of a data breach:
- We will investigate and contain the breach immediately
- Affected users will be notified within 72 hours
- Relevant authorities will be notified as required by law
- We will provide clear information about what data was affected and what actions to take
10. Changes to This Privacy Policy
We may update this Privacy Policy periodically. When we do:
- We will update the "Last Updated" date
- Significant changes will be highlighted in the application
- We may send email notifications for material changes
- Continued use of the service constitutes acceptance of changes
11. Contact Us
12. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Consent: You provide consent when signing in with Google
- Legitimate Interest: To provide and improve our service
- Legal Obligation: To comply with applicable laws and regulations
📞 Need Help?
If you have any questions about your privacy or this policy, don't hesitate to contact us. We're committed to protecting your privacy and will respond promptly to your concerns.
RedditRoulette is operated by Gym Partners Ltd in the United Kingdom.