Privacy Policy

When you create an account via Google OAuth, we collect your name, email address, and profile picture. During onboarding, you may also provide your country, website, social media handles, bio, and primary sport.

When you use the platform, we collect campaign data (clicks, registrations, affiliate link activity), billing metadata (invoice references, payment cycle status), and standard server logs (IP address, browser type, timestamps).

We do not collect financial credentials. All payment processing is handled by Stripe.

We use your data to operate the platform: authenticate your identity, attribute registrations to partners, calculate commissions, generate billing cycles, and send transactional emails (e.g., pending partner requests, pixel health alerts).

We may also use aggregated, anonymized data to improve the service and understand usage patterns. We never use your data for advertising or sell it to third parties.

BibSync uses first-party cookies only. These include session cookies for authentication and a locale preference cookie (NEXT_LOCALE) to remember your language setting.

We do not use third-party tracking cookies. The BibSync tracking pixel uses a first-party URL parameter (bs_id) to attribute partner-driven registrations. This parameter is set when a visitor clicks a partner link and is used solely for conversion attribution within the platform.

All payment processing is handled exclusively by Stripe, Inc. through Stripe Connect. BibSync never stores, processes, or has access to credit card numbers, bank account details, or any financial credentials.

When an organizer completes a billing cycle payment, or when a partner receives a payout, the transaction occurs entirely within Stripe's PCI-compliant infrastructure. For details on how Stripe handles your data, please refer to Stripe's Privacy Policy at stripe.com/privacy.

We do not sell your personal data. We share data only with the following service providers, strictly for platform operation:

• Stripe (payment processing and partner payouts)
• Supabase (database infrastructure and authentication)
• Transactional email provider (notification delivery)

We may also disclose data if required by law or to protect the rights and safety of BibSync and its users.

Account data is retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance).

Tracking data (clicks and registrations) is retained for the duration of the associated campaign lifecycle. Aggregated, anonymized statistics may be retained indefinitely.

Under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing activities

To exercise any of these rights, contact us using the details in Section 9 below. We will respond within 30 days.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, you can reach us at: