// PRIVACY POLICY

Last updated: April 18, 2026

RetroLive is a free, hobby basketball simulation site. We collect as little data as we can while still letting you log in, play, and have a working account. This page explains what we collect, why, and what your rights are.

What we collect

• Account data — your chosen login (3–25 letters/hyphens) and a securely hashed password. We never store passwords in plain text.
• Gameplay data — simulations you create or join, drafts, picks, sim settings, manager assignments, and game/playoff results. Tied to your account so we can show you your history.
• Server logs — your IP address, user agent, and request paths are written to standard server logs for debugging and abuse prevention. Logs roll over and are deleted automatically.
• Contact submissions — if you write to us via the contact form, we keep your name, message, IP, and user agent so we can respond and detect spam.

What we don’t collect

• No email address (yet) — we don’t ask for one and have no way to email you.
• No analytics, advertising, or tracking pixels (no Google Analytics, Meta Pixel, etc).
• No third-party cookies. The only cookie we set is a session cookie required for keeping you logged in.

How we use your data

• To run the site and let you play.
• To prevent abuse (rate limiting, spam detection, etc).
• To respond to messages you send us via the contact form.

Sharing

We do not sell, rent, or share your data with third parties. Other RetroLive users can see your public game data — your login name, your picks, your win/loss records, and your standings — because that’s the whole point of the site.

Your rights

• Access / Export — message us via the contact form and we’ll send you a dump of your account data.
• Deletion — you can permanently delete your account at any time from your account page (when logged in). This removes your account, your participation in simulations, and any simulations you personally created. Game history in shared sims you joined will retain a generic “(deleted)” marker.
• Correction — update your login or password from your profile page.

Cookies

We use exactly one cookie: a session cookie required to keep you logged in. It contains a signed identifier — no personal data. It expires when your browser closes (or when you log out). Because this cookie is strictly necessary for the site to function, we don’t show a cookie banner; if we ever add tracking or analytics cookies, we will.

Security

All traffic is served over HTTPS. Passwords are hashed using bcrypt. We follow standard Rails security practices for CSRF, session fixation, and SQL injection. No system is perfect, but we keep dependencies up to date and don’t hold anything we don’t need.

Changes

We may update this policy. The “last updated” date at the top will tell you when. If changes are material, we’ll post a notice on the home page.

Contact

Questions? Use the contact form.