Privacy Policy

1. Information We Collect

TakoBot collects and stores the following information:

• Account Information: Username, password (hashed with bcrypt), email address, and role (admin/user)
• Raffle Data: Reddit links, participant names, spot assignments, payment status, raffle configurations
• Reddit Usernames: Parsed from Reddit comments for raffle participation tracking
• Name Mappings: Reddit username to real name mappings (stored in browser localStorage)
• Gmail OAuth Credentials: If you enable email scanning (stored encrypted per user in PostgreSQL)
• Activity Logs: Actions performed within the Application for audit and troubleshooting purposes
• Session Data: Node.js session cookies for authentication

2. How We Use Your Information

Your information is used to:

• Authenticate and authorize access to your account
• Display and manage your active raffles and raffle history
• Parse Reddit comments to identify raffle participants and spot requests
• Scan Gmail for PayPal payment notifications (if enabled by you)
• Map Reddit usernames to real names for easier participant identification
• Provide analytics, activity tracking, and dashboard statistics
• Generate raffle reports and export data
• Improve the Application and troubleshoot issues

3. Data Storage and Security

All data is stored in a PostgreSQL database hosted on AWS EC2 infrastructure. Security measures include:

• Password Hashing: All passwords are hashed using bcrypt with salt rounds
• Session-Based Authentication: Node.js sessions (no JWT tokens in headers)
• Encrypted OAuth Storage: Gmail OAuth credentials are stored securely per user
• Database Backups: Regular automated backups are performed
• Role-Based Access Control: Admin features are restricted to authorized users only
• HTTPS: All communications are encrypted in transit (when deployed with SSL)
• User-Specific Data Isolation: Each user's data is isolated using user_id columns

4. Third-Party Services

TakoBot integrates with the following third-party services:

• Reddit: To fetch and parse raffle comments from PokemonRaffles community posts
• Gmail (Google): To scan for PayPal payment notifications (optional, requires your OAuth consent)
• OpenAI API: To parse complex Reddit comments using AI natural language processing (if configured)

Each service has its own privacy policy and terms of service. We recommend reviewing their policies:

• Reddit Privacy Policy: reddit.com/policies/privacy-policy
• Google Privacy Policy: policies.google.com/privacy
• OpenAI Privacy Policy: openai.com/policies/privacy-policy

5. Data Sharing

We do NOT sell, trade, or rent your personal information to third parties. Your data is only accessible to:

• You: The account owner with full access to your own data
• Administrators: For support, moderation, and system maintenance purposes

We may disclose your information only if required by law or to protect the rights, property, or safety of TakoBot, its users, or the public.

6. Data Retention

Your data is retained as follows:

• Account Data: Retained indefinitely until you request account deletion
• Raffle History: Stored indefinitely unless manually deleted
• Activity Logs: Retained for system monitoring and troubleshooting
• Gmail OAuth Credentials: Stored until you delete them via Settings page
• Name Mappings: Stored in browser localStorage (can be cleared anytime)

7. Your Rights

You have the right to:

• Access: View all personal data stored about you in the Application
• Correction: Update or correct inaccurate account information via Profile page
• Deletion: Request deletion of your account and associated data
• Export: Download your raffle data as CSV or JSON files
• Revoke Access: Remove Gmail OAuth credentials at any time via Settings page
• Opt-Out: Disable optional features like Gmail scanning

8. Cookies and Tracking

TakoBot uses session cookies only for authentication purposes. We do NOT use:

• Third-party tracking cookies
• Advertising cookies
• Analytics cookies (e.g., Google Analytics)
• Social media tracking pixels

Session cookies are automatically deleted when you log out or close your browser.

9. Local Storage

TakoBot uses browser localStorage to store:

• Reddit username to real name mappings
• Dark mode preferences
• UI preferences

This data is stored locally on your device and is NOT transmitted to our servers. You can clear localStorage at any time through your browser settings.

10. Children's Privacy

TakoBot is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information.

11. International Users

TakoBot is hosted on AWS EC2 infrastructure. By using the Application, you consent to the transfer and processing of your data in accordance with this Privacy Policy.

12. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify you promptly via email and through the Application interface.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify users of significant changes by:

• Updating the "Last Updated" date at the top of this page
• Displaying a notification within the Application

Continued use of the Application after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

• TakoBot administrators through the PokemonRaffles community
• Visit the Help page within the Application for support resources

15. Compliance

TakoBot is designed to respect user privacy. While we are not subject to specific privacy regulations (as we are a community tool, not a commercial service), we strive to follow best practices aligned with privacy principles.