Paddle Supernova
Legal

Privacy Policy

Last updated: 16 May 2026

1. Who we are

Paddle Supernova ("we", "us", "our") operates the website at paddlesupernova.com. For the purposes of data protection law, we are the data controller. Our contact address for data-related queries is privacy@paddlesupernova.com.

2. Data we collect

Account data: When you register, we collect your email address and, if you choose to set one, a display name or handle. If you register via Google, we receive the email address and name associated with your Google account.

Activity data: We record predictions you place, your points balance, and your position in the leaderboard. This data is core to the operation of the Service.

Technical data: Our infrastructure provider (Supabase) logs standard web server data including IP addresses and browser user-agent strings for security and diagnostic purposes. These are retained for up to 30 days.

Communications data: If we send you a transactional email (e.g., account confirmation, prediction settlement notification), we record delivery status. We do not send marketing emails without explicit opt-in.

3. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR / EU GDPR:

  • Contract performance — account data and activity data are processed to provide the Service you have signed up for.
  • Legitimate interests — technical and security logging.
  • Legal obligation — where required by applicable law.

4. Data processors (sub-processors)

We use the following third-party processors, each bound by a Data Processing Agreement:

ProcessorPurposeLocation
Supabase, Inc.Database, authentication, file storageUSA (EU region available)
Brevo (Sendinblue)Transactional email deliveryFrance / EU
Google LLCOAuth sign-in (Google Sign-In)USA
Vercel, Inc.Web application hosting and CDNUSA (edge: global)
Sentry, Inc.Error monitoring and diagnosticsUSA

Where data is transferred outside the UK / EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms.

5. Retention

Account and activity data is retained for the life of your account plus 12 months. If you request deletion of your account, we will purge your personal data within 30 days, except where retention is required by law or legitimate business interest (e.g., aggregated analytics with no personal identifiers).

6. Your rights

Under UK GDPR / EU GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request erasure ("right to be forgotten")
  • Object to processing or request restriction
  • Receive a machine-readable copy of your data (portability)
  • Withdraw consent where processing is consent-based

To exercise any right, email privacy@paddlesupernova.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies and consent

On your first visit we show a consent banner with three equally-weighted options: Reject all, Customize, or Accept all. No analytics or error-monitoring SDKs load, and no preconnect to our database backend fires, until you make a choice.

The Customize option opens a preferences panel where you can independently enable or disable each of the four cookie categories below. Your choice is stored in your browser and persists across sessions; you can change it any time via the Cookie settings link in the footer.

CategoryUsed forDefault
Strictly necessaryLogin, security, session, anti-CSRFAlways on
FunctionalTheme, language, saved filtersOff
AnalyticsPostHog product analytics (EU region)Off
Error monitoringSentry crash + perf telemetryOff

See our Cookie Policy for the full per-cookie inventory.

8. Changes to this policy

We may update this policy periodically. Material changes will be notified by email or by a prominent notice on the Service. The date at the top of this page indicates when it was last revised.