Back to home
Terms of UsePrivacy PolicyCode of Conduct

Privacy Policy

Last updated: April 7, 2026

1. Data Controller

Sloppify is the data controller for personal data processed through this Platform.

2. Information We Collect

Account Information

When you sign in via GitHub OAuth, we receive your GitHub username, email address, and avatar URL. We store this in your user profile.

Lawful basis: Legitimate interest (providing the service) and your consent (signing in).

Voting Data

With your explicit consent, we collect a browser fingerprint hash and session identifier for anonymous voting. These are used solely to prevent duplicate votes, stored as one-way hashes, and not linked to your identity. Fingerprinting only occurs after you consent via an in-app prompt. You may decline, in which case anonymous voting is unavailable.

Lawful basis: Explicit consent (Article 6(1)(a) GDPR, ePrivacy Directive Article 5(3)).

User-Generated Content

Proposals, comments, and reactions you create are stored and publicly visible. They are associated with your username and avatar.

Lawful basis: Contract performance (providing the service you signed up for).

3. Data Minimization

We only collect data that is necessary for the Platform to function. We do not collect browsing history, location data, or any data beyond what is described in this policy.

4. How We Use Your Information

  • To provide and maintain the Platform
  • To display your username and avatar on proposals and comments
  • To prevent voting abuse
  • To enforce our Terms of Use and Code of Conduct
  • To moderate content via AI (proposals are sent to OpenAI for safety review)

5. Data Sharing

We do not sell your personal data. Data is shared with:

  • GitHub — for authentication (OAuth)
  • OpenAI (US-based) — proposal title and description are sent for automated safety moderation. This content is not linked to your account or identity. OpenAI may process this data under their data processing terms.
  • Supabase — database hosting and authentication infrastructure
  • Law enforcement — only if required by law or court order

6. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure— request deletion of your data ("right to be forgotten")
  • Portability — receive your data in a structured format
  • Object — object to processing based on legitimate interest
  • Complaint — file a complaint with your local data protection authority

7. Data Retention

Account data is retained as long as your account exists. Voting fingerprint hashes are retained for the duration of the relevant round. You may request deletion of your account and all associated data at any time.

8. Cookies

We use only essential cookies for authentication session management and terms acceptance tracking. No tracking, analytics, or advertising cookies are used.

9. International Transfers

Some of our service providers process data outside the EEA:

  • GitHub (Microsoft, US) — authentication data. Covered by EU-US Data Privacy Framework.
  • OpenAI(US) — proposal content for moderation. Covered by Standard Contractual Clauses under OpenAI's data processing agreement.
  • Supabase (US) — database and authentication infrastructure. Covered by Standard Contractual Clauses.

We rely on adequacy decisions and Standard Contractual Clauses as appropriate for each transfer.

10. Contact

For privacy-related inquiries, data subject requests, or to exercise any of your GDPR rights, please open an issue on our GitHub repository or contact us directly at the email listed in the repository.