Privacy Policy

1. Information We Collect About You

1.1 Information Provided via GitHub (OAuth): We do not collect or store passwords. You log in strictly via GitHub OAuth. When you sign in, GitHub provides us with your:

• GitHub Username and ID
• Avatar / Profile Picture
• Email Address (primary and verified emails associated with your GitHub account)

1.2 Information You Provide Directly:

• Contest Information: If you win a prize, we may require additional identity verification, including your legal name, physical mailing address, and tax identification number (e.g., W-9 form) strictly for tax reporting and prize delivery.
• User Submissions: Code, audio, and visual assets you upload are public by default. Please do not embed personal information (like phone numbers or API keys) inside your source code.

1.3 Information Collected Automatically (Analytics & Voting): We use third-party analytics tools (PostHog) and server logs to collect:

• Device Data: IP address, browser type, operating system.
• Voting Activity: To calculate Elo ratings and prevent fraud, we record every vote cast, the timestamp, and the associated IP hash.
• Usage Data: Clickstreams and interaction data to help us improve the site performance.

2. How We Use Your Information

We use your information to:

• Authenticate You: To create your account and maintain your session without storing passwords.
• Operate the Contest: To calculate Elo rankings, detect "smurfing" (duplicate accounts), and verify fair play.
• Distribute Prizes: To legally transfer funds or goods to winners.
• Analyze Trends: To understand how users interact with visualizations using aggregated data.

3. Disclosure of Your Information & Service Providers

We do not sell your personal data. However, we share data with the following specific third-party vendors ("Sub-Processors") who assist in operating the Service. By using the Service, you consent to this data processing:

We may also disclose information if required by law (e.g., tax authorities for prize reporting) or to protect our rights (e.g., investigating a security breach).

4. Special Note on Third-Party Iframes

• Phishing Risk: Be vigilant. A malicious user could theoretically upload a visualization that looks like a login screen. We will NEVER ask for your credentials inside a visualization.
• Data Isolation: We use "sandboxing" to prevent these iframes from accessing your main account session, but we cannot control what data you voluntarily type into a visualization.

5. Data Security

• No Password Storage: Because we rely on GitHub OAuth, we do not store or manage your passwords. This significantly reduces the risk of credential theft from our servers.
• Encryption: All data is transmitted via HTTPS (TLS).
• Access Controls: Access to the database (Supabase) is restricted to authorized personnel.

6. Your Data Rights

You have the right to:

• Access/Portability: Request a copy of the data we hold about you.
• Deletion: Request that we delete your account. Note that we may retain certain hashed data (like IP hashes) solely for the purpose of preventing banned users from returning ("Ban Evasion").
• Revoke Access: You can revoke our access to your GitHub account at any time via your GitHub settings (though this will prevent you from logging in).

To exercise these rights, contact us at founders@tryshowandtell.com.

7. Age Limitation (18+)

Our Service is strictly for users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we discover that a user is under 18, we will immediately delete their account and remove their submissions and votes.

8. Changes to Our Privacy Policy

We may update this policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page or sending a notification to your registered email.

9. Contact Information

ShowAndTell, Inc. DBA Avora
founders@tryshowandtell.com