Privacy Policy

Last updated: April 18, 2026

This Privacy Policy explains what information Pickerway (pickerway.com) collects, how we use it, and what choices you have. We try to keep this document short and to the point - no boilerplate.

What we collect

When you create an account, we collect:

  • your email address
  • your name, if you choose to provide one
  • a passkey public key (if you sign up with a passkey), a password hash (if you sign up with a password), or a Google account identifier (if you sign in with Google)
  • a session cookie so we can keep you signed in

When you run a draw, we collect:

  • the social media post URL you paste
  • a snapshot of the public comments or likes used in the draw
  • the filters you selected
  • the resulting winner list and the cryptographic proof hash

We also log basic server-level information (IP address, user agent, request time) for a short period so we can detect abuse and investigate bugs.

What we do with it

We use the information we collect to operate the Service: to authenticate you, run the draws you request, credit and debit your token balance, send you transactional email (signup verification, password reset, draw confirmations), and detect fraud or abuse.

We do not sell your personal information. We do not use it for advertising. We do not build profiles about you for third parties.

Who we share it with

We rely on a small number of third-party vendors to operate Pickerway. Each one only sees what it needs:

  • Cloudflare hosts the Pickerway application and database and routes network traffic to us
  • Resend delivers our transactional emails
  • Google handles authentication when you choose Sign in with Google and sees the email address of your Google account
  • RapidAPI and the underlying social platform (for example, Instagram) provide the public post, comment, and like data we use to run your draws

We share information with these vendors only as needed for them to perform their function. They may process data in countries outside your own; we rely on their standard security and privacy commitments.

We may disclose information when required by law, to protect the rights and safety of Pickerway or its users, or as part of a corporate transaction (sale, merger, reorganization). In the last case we will require the receiving party to honor this policy.

Cookies

Pickerway uses cookies only where they are necessary to deliver the Service: an authentication session cookie, a theme preference cookie, and a short-lived OAuth state cookie when you use Sign in with Google. We do not use advertising or analytics cookies. See our Cookies page for details.

Data retention

Account information is kept for as long as your account is open. When you delete your account, we remove your personal information within 30 days, except where we are required to keep it longer to comply with law or to resolve disputes.

Comment snapshots associated with a draw are kept with the draw result so the fairness proof remains verifiable. You can ask us to delete a specific draw from your dashboard; deleting it removes the snapshot as well.

Your rights

Depending on where you live, you may have rights under data protection law including the right to access, correct, export, or delete the personal information we hold about you, and the right to object to or restrict certain processing. You can exercise most of these rights directly from your dashboard, or contact us for help.

Children

Pickerway is not intended for children under 13. If you are a parent or guardian and believe your child has created an account, contact us and we will remove it.

Security

We use industry-standard measures to protect your information: encrypted transport (HTTPS), server-side password hashing with PBKDF2, passkey-first authentication, and a least-privilege approach to internal access. No system is perfectly secure; if we ever suffer a breach that affects you, we will notify you as required by law.

Changes

We may update this policy to reflect changes in the Service or in applicable law. When we make material changes, we will update the Last updated date above and, where appropriate, notify you by email.

Contact

Questions or requests? Reach us via the contact page.