Privacy Policy

Last updated: January 23, 2026

1. Introduction

This privacy policy explains how the Olympic Medal Pool ("we", "us", "our") collects, uses, and protects your personal information in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

The Olympic Medal Pool is a free, non-commercial fantasy sports game for the Milano Cortina 2026 Winter Olympics. There are no entry fees and no prizes.

2. Data Controller

The data controller responsible for your personal information is:
Olympic Medal Pool
Contact: kencorless@yahoo.com

3. What Personal Data We Collect

We collect the following personal information when you register:

  • Email address - Used for account identification and login
  • Phone number - Used for SMS-based authentication when logging in from new devices
  • Name - Your real name for identification purposes
  • Team name - Displayed publicly on the leaderboard
  • Country picks - Your selected countries for the contest

We also automatically collect:

  • Session cookies - To keep you logged in across visits
  • Registration and login timestamps - For security and account management

4. Legal Basis for Processing

We process your personal data based on your consent when you voluntarily register for the contest. By creating an account, you agree to the collection and use of your information as described in this policy.

5. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To authenticate you when you log in
  • To display your team name and contest picks on the public leaderboard
  • To calculate and display your score during the Olympic Games
  • To send SMS verification codes when you log in from new devices

We do not use your data for marketing, profiling, or any commercial purposes.

6. Data Sharing and Third Parties

We share your data with the following third-party service providers:

  • Twilio (SMS service provider) - We use Twilio to send SMS verification codes to your phone number. Twilio processes your phone number and verification codes in accordance with their privacy policy. Twilio may process this data outside the EU (see Section 12 below).
  • Railway (hosting provider) - Your primary personal data (email, name, team name, picks) is stored on servers located in the European Union. Railway acts as a data processor and does not access your data except for infrastructure maintenance.

We do not sell, rent, or share your personal data with any other third parties.

7. Public Information

The following information is displayed publicly on the leaderboard:

  • Your team name
  • Your real name
  • Your selected countries and their medal counts
  • Your total score

Your email address and phone number are never displayed publicly.

8. Data Retention

We retain your personal data for the duration of the Milano Cortina 2026 Winter Olympics contest (until March 31, 2026) plus a reasonable period afterwards for record-keeping.

You may request deletion of your account at any time (see "Your Rights" below).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data transmission is encrypted using HTTPS/TLS
  • Passwords are never stored (we use passwordless SMS authentication)
  • SMS verification codes are hashed before storage
  • Session cookies are HttpOnly and secure
  • Database access is restricted to authorized administrators only

10. Cookies

We use essential session cookies to keep you logged in. These cookies are necessary for the operation of the application and cannot be disabled.

We do not use analytics, advertising, or tracking cookies.

11. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights:

  • Right of access - You can request a copy of all personal data we hold about you.
  • Right to rectification - You can update your name, email, phone number, or team name by contacting us.
  • Right to erasure ("right to be forgotten") - You can request deletion of your account and all associated data at any time.
  • Right to restrict processing - You can ask us to restrict how we use your data.
  • Right to data portability - You can request your data in a structured, machine-readable format.
  • Right to object - You can object to processing of your personal data.
  • Right to withdraw consent - You can withdraw your consent and delete your account at any time.

To exercise any of these rights, please email us at kencorless@yahoo.com.

12. International Data Transfers

Your primary personal data is stored within the European Union. The application database containing your email, name, team name, and contest picks is hosted on Railway servers located in the EU.

Limited data transferred outside the EU: When you log in from a new device, we send an SMS verification code to your phone number using Twilio, a service provider based in the United States. This means your phone number and verification codes are temporarily processed outside the EEA.

We ensure that these transfers comply with GDPR requirements through the use of Standard Contractual Clauses and adequate safeguards provided by Twilio.

13. Children's Privacy

This service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date.

15. Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local data protection authority in the EU.

16. Contact Us

For privacy-related inquiries, data subject access requests, or to exercise your GDPR rights, please contact us:

Privacy Contact:
Email: kencorless@yahoo.com

We will respond to your request within 30 days as required by GDPR.

← Back to Home