Privacy Policy

This Privacy Policy explains how StintIQ (“we,” “us,” “our”) collects, uses, and shares information when you use the StintIQ website at stintiq.app, its associated APIs, and the StintIQ Discord bot (together, the “Service”). StintIQ is a sole-proprietorship project operated by an individual based in the State of Michigan, United States.

If you have questions, email [email protected].

1. What we collect

We collect three categories of information.

Information you provide via Discord

When you sign in, Discord shares the following under your OAuth authorization:

• Your Discord user ID, username, display name, and avatar
• Your email address on file with Discord, used as a unique account identifier; we do not send marketing email

When you use the Discord-Connect flow for a team, Discord additionally shares the list of guilds you administer. We use it only to populate the guild picker and do not retain it past the connection step.

Information you generate on the Service

This includes everything you create as you plan races: race plans, stints, driver availability, team rosters, stint-mode preferences, race-day notes, and your timezone (auto-detected on first sign-in via your browser’s Intl.DateTimeFormat().resolvedOptions().timeZone API; you can change or clear it in Settings).

Technical information collected automatically

When you load any page or make any API request, our servers and edge network log your IP address, your browser user-agent string, the URL you requested, the HTTP status returned, and the timestamp. These logs are used for security and operational debugging and are retained for up to 30 days.

We also use small browser cookies to keep you signed in: a short-lived access token cookie and a longer-lived opaque refresh token cookie. Both are set with Secure, HttpOnly, and SameSite=Lax attributes. Without them, you cannot remain signed in.

2. How we use it

We use information to:

• Authenticate you and keep your session secure
• Show you your teams, plans, and the planning data your teammates have shared with you
• Send messages from the StintIQ Discord bot to channels and threads you and your team have explicitly configured
• Operate, maintain, debug, and improve the Service
• Show advertising via Google AdSense (see §4)

We do not sell your data. We do not use your data to train AI models. We do not perform automated decision-making that produces legal or similarly significant effects on you.

3. Who we share with

We share data only with the service providers required to operate StintIQ.

We may also disclose information when required to comply with a valid legal request or to protect the rights, property, or safety of StintIQ, our users, or the public.

4. Advertising (Google AdSense)

We use Google AdSense to display advertisements. Google and its advertising partners may use cookies, web beacons, and similar technologies to serve ads based on your prior visits to this and other websites.

You can opt out of personalized advertising by visiting Google’s Ads Settings: google.com/settings/ads. You can also opt out of third-party-vendor use of cookies for personalized advertising at the NAI opt-out page: optout.networkadvertising.org.

Google’s privacy practices are described at policies.google.com/technologies/ads.

5. Data retention

We retain your account and the data you create:

• For as long as your account exists
• For up to 30 days after you request deletion, to fulfill the deletion across backups and downstream caches

Operational logs (IP, user-agent, request URL) are retained for up to 30 days from the time of the request.

If you stop using StintIQ but do not request deletion, we may retain your data indefinitely so that you can resume.

6. Your rights

You can:

• Access the personal data we hold about you by emailing [email protected]
• Correct inaccurate personal data by editing it in the Service or emailing us
• Delete your account and associated data by emailing [email protected] — we will honor the request within 30 days

A self-service “Delete my account” button is planned as a future feature; until it ships, email is the way.

Residents of the European Economic Area, the United Kingdom, and certain US states (including California, Virginia, Colorado, Connecticut, and Utah) may have additional rights under their local laws. Email us to exercise any such right.

7. Children

StintIQ is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. (Discord’s own Terms of Service require users to be at least 13, so Discord OAuth provides a practical floor.) If you believe a child under 13 has provided us with information, email [email protected] and we will delete it.

8. International users

StintIQ is operated from the United States. If you use the Service from outside the United States, your data will be transferred to, stored, and processed in the United States and in the regions where our service providers operate (see §3).

9. Security

We use industry-standard security measures including TLS (Cloudflare Full strict mode), HttpOnly secure cookies, password-less authentication via Discord OAuth, and a role-of-least-privilege model on the database. No service can guarantee perfect security; if we discover a breach involving your data we will notify you as required by law.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. If the changes are significant, we will provide additional notice (such as a notice in the web app on your next sign-in).

11. Contact

For privacy questions, data requests, or anything else covered by this policy:

Email: [email protected]

12. Governing law

This Privacy Policy is governed by the laws of the State of Michigan, United States, without regard to its conflict of law principles.