Privacy Policy

1. Who we are

This Privacy Policy describes how MostOverplayed.com (“we,” “us,” or “our”) handles information when you use our website and services at www.mostoverplayed.com (the “Service”). It should be read together with our Terms of Service.

2. Information we collect

2.1 Account and authentication

If you create an account, we use Supabase Auth to process sign-up and sign-in. That typically includes your email address and credentials you choose (for example, a password), and authentication tokens stored in cookies so you can stay signed in. Supabase processes this data on our behalf as a service provider.

2.2 Guest sessions and voting

If you vote without an account, we may store a random identifier in your browser’s local storage so we can apply daily voting limits and associate votes with your session. This identifier is not your name or email.

When you vote, we record data needed to operate rankings, such as which song you voted for, the date of the vote (in our configured timezone), and either your account identifier or your guest session identifier.

2.3 Favorites and profile-related data

If you are signed in and save favorites (songs, artists, stations, or cities), we store those choices in our database associated with your account.

2.4 Search and technical data

When you use search or other features, your queries are sent to our systems and database to return results. We may also receive technical data such as IP address, browser type, and request timestamps. We use IP addresses in part to enforce rate limits and protect the Service from abuse.

2.5 Cookies and similar technologies

We use cookies (including authentication-related cookies set by Supabase) and, for guests, browser local storage as described above. You can control cookies through your browser settings; disabling certain cookies may limit sign-in or guest features.

3. How we use information

We use the information above to:

• Provide, operate, and improve the Service (including rankings and search).
• Authenticate users and maintain sessions.
• Enforce voting rules, daily limits, and rate limits.
• Protect the security and integrity of the Service and our users.
• Comply with law and respond to lawful requests.
• Communicate with you about the Service (for example, email verification at sign-up).

We do not sell your personal information for money.

4. Legal bases (EEA, UK, and similar regions)

Where the GDPR, UK GDPR, or similar laws apply, we rely on appropriate legal bases, such as: performance of a contract (providing the Service you request); legitimate interests (security, abuse prevention, improving the Service), balanced against your rights; consent where required (for example, certain cookies or marketing, if we add them); and legal obligations.

5. Sharing and subprocessors

We share information with vendors who help us run the Service, including Supabase (authentication and database hosting) and our hosting/infrastructure provider (for example, Vercel). Those providers process data under contractual terms and only as needed to provide their services. We may also disclose information if required by law or to protect rights, safety, and security.

6. International transfers

We and our vendors may process data in the United States and other countries. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.

7. Retention

We retain information for as long as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Account and voting data may be kept for the life of the account or as needed for rankings and integrity. Guest session data may be retained with vote records; clearing local storage may limit future guest recognition but may not delete records already stored on our servers.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us at the email below. You can update some account information through your account settings where available, or delete your account through Supabase-related flows we provide.

California residents: we describe our practices above. You may have additional rights under the CCPA/CPRA, including to know, delete, and opt out of certain sharing (we do not “sell” personal information as defined by those laws).

9. Children

The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will take steps to delete it.

10. Security

We use reasonable technical and organizational measures to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the “Last updated” date. For material changes, we may provide additional notice where appropriate.

12. Contact

For privacy-related questions or requests, email support@MostOverplayed.com.