Privacy Policy

Last updated: April 19, 2026

What this policy covers

This is the privacy policy for picklefriend.net, which includes the pickle-mixer web app and the Android app. It describes what we collect, why, and who else gets to see it.

Account data we collect

When you create an account we store the following. We only store what's needed to run the service; not every field is set for every account.

Required:

  • Username
  • Email address
  • Password (stored only as a salted hash — we cannot read it)

Optionally populated:

  • Full name
  • Timezone (detected from your browser)
  • Email-preference flags (which you can toggle in settings)
  • Referral code (only if you signed up via a referral link)
  • Last-login timestamp

Player data you add

When you add players to your roster, we store:

  • Name (required)
  • Email (optional)
  • Rating (optional)
  • Gender (optional)
  • Notes (optional)
  • An internal opt-out token used to power one-click unsubscribe links in player emails

Cookies

We use two cookies, both essential:

  • auth_token — keeps you logged in between visits
  • PHPSESSID — session state

That is all. No tracking cookies. No third-party cookies.

Analytics (pageviews)

We use self-hosted Matomo. IP addresses are truncated to the first three octets before storage. No personal identifiers (name, email) are sent. No cookies. We honor the Do Not Track browser signal.

Product analytics (how the mixer is used)

When you generate a mix we record the mixer settings and counts (players, courts, game number), a truncated IP address, and a basic flag for whether the request looks like a bot. This stays on our servers; we use it to improve the mixer. It is never sold or shared.

Email delivery logs

We log sends, bounces, and opens for account emails and game-reminder emails so we can keep deliverability healthy. The operator can see bounce counts and masked addresses (e.g. j***@g***.com) on an internal dashboard.

Diagnostic data

If the app hits an error we log the error message, stack trace, URL, and browser user-agent. These logs are not tied to your account.

Service providers

We use one third-party service:

  • Cloudflare Turnstile — bot protection at signup. Cloudflare receives a one-time challenge token and your IP address, used only to decide whether the signup looks legitimate.

Outbound email (verification, password reset, game reminders) is sent from our own server through the standard mail infrastructure provided by our hosting provider. We do not use a third-party email-sending service such as SendGrid, Mailgun, or Amazon SES.

No other third parties are used. We do not use Google Analytics, Firebase, advertising SDKs, or any social-login providers.

Player emails

Player email addresses you enter are stored so you can reach those players through the service. Game-reminder emails are sent only when you, as the organizer, schedule an event and choose to notify players. Every reminder includes a one-click unsubscribe link. We do not sell, share, or use player emails for any other purpose.

Children

This service is not intended for people under 13. We do not knowingly collect data from children under 13. If we find out a child under 13 has an account we will delete the account and its data.

Data retention

  • Sessions are cleaned up after 30 days of inactivity.
  • Diagnostic logs (client errors, cron history) are pruned by our daily cleanup job after 14 days. Append-only application logs are rotated by size.
  • Queued email records are pruned after 30 days.
  • Account data is kept until you ask us to delete it.

Where data is stored

Our servers are located in Canada, hosted by Web Hosting Canada (GloboTech Communications) in Montréal, Québec. By using the service you consent to data processing in Canada.

Security

  • All traffic is encrypted in transit with TLS.
  • Passwords are stored using a salted hashing algorithm — never in plain text.
  • Session cookies are HttpOnly and Secure.
  • Admin access is gated behind an IP allow-list.

Your rights

You have the right to:

  • Access your personal data
  • Correct your personal data
  • Erase your personal data
  • Port your personal data to another service
  • Object to processing of your personal data
  • Restrict processing of your personal data

To exercise any of these rights, email privacy@picklefriend.net.

Changes to this policy

We will update the "last updated" date below when this changes. Material changes will be called out on sign-in.

Last updated: April 19, 2026