Privacy Policy

Sotto Games (sottogames.com) is operated as a free, independent service. This page describes exactly what data we collect and why.

What we collect

• The participant display name you choose when joining a group.
• A bcrypt-hashed version of your 4-digit PIN. The raw PIN is never stored.
• The group name, budget label, and reveal date the organizer sets.
• An anonymous local token in your browser's localStorage, used so you can find your existing games on return visits.
• Anonymous, aggregated traffic metrics through Vercel Analytics. No cookies, no cross-site tracking.

What we never collect

• Email addresses. There are no accounts and no email fields.
• Phone numbers.
• Social media identities.
• Payment information. Sotto is free.
• The mapping of Secret Santa assignments. Even Sotto's maintainers cannot query who got whom.

Where data lives

Data is stored in a managed Postgres database operated by Supabase and served through Vercel. Both vendors are bound by their own published security and privacy commitments.

Data deletion

To delete a game, message the organizer's contact email and include the 6-letter group code. Game data including all participant names is removed within 7 days.

Children

Sotto is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has joined a Sotto group, contact us and we will remove their entry.

Contact

Questions about this policy: see the contact page.