Reseed.gg
Privacy Policy
Effective date: April 24, 2026
Reseed.gg (“Reseed”, “we”, “our”) is an individual-run project based in Texas, United States. We operate the website at reseed.gg as a scheduler for low-population multiplayer game sessions. This policy explains what personal data we collect, how we use it, and the rights you have over it. It applies to everyone who visits the site, whether you're signed in or browsing anonymously.
If anything here is unclear, email privacy@reseed.gg.
Summary
- You can use Reseed anonymously — no account required to post a session or RSVP. In that mode, we give your browser a random identifier and store it in a signed cookie so you can manage your own posts.
- If you sign in, we rely on Clerk for account handling and mirror a minimal profile into our database (username, display name, avatar, and linked Discord/Twitch identifiers that Clerk passes through).
- We do not run ad trackers, product-analytics tools, or third-party fingerprinting. We do not sell your data.
- Reseed is open to users who are at least 16 years old.
- You have the right to access, correct, delete, export, or object to our processing of your data. Email privacy@reseed.gg and we'll respond within 30 days.
1. Who is responsible for your data
Reseed.gg is operated as an individual project. The data controller is the owner of the project, reachable at privacy@reseed.gg. We do not currently have a designated Data Protection Officer because this is a small, hobby-scale operation that does not meet the thresholds in Article 37 GDPR.
2. Data we collect
We only collect data we actively use to run Reseed. The full inventory:
When you browse anonymously
- Anonymous identifier — a random string (
reseed_anon_v1_<uuid>) minted in your browser the first time you create a session, RSVP, comment, or post to the Pulse feed. We store it in a first-party cookie and also store an HMAC-signed copy in an HttpOnly cookie (reseed_anon_sig) so we can verify that requests to modify your posts really come from the original author. Lifetime: 180 days. - IP address — used in memory only, to rate-limit session creation, RSVPs, and comments. We do not log IPs to disk or associate them with your content.
When you create an account
Clerk handles the sign-in flow. We receive and store in our database:
- A user ID (Clerk's identifier, used as your primary key here).
- Your chosen username (permanent once claimed via onboarding).
- Your email address, if present on the Clerk account.
- A display name and profile picture URL, as Clerk provides them.
- If you sign in with Discord: your Discord user ID, Discord username, and Discord locale.
- If you sign in with Twitch: your Twitch user ID and Twitch username.
- Visibility toggles controlling which linked identifiers appear on your public profile.
When you use the service
- Sessions you host: title, description, scheduled time, duration, platform, region, player caps, Discord channel URL, server IP and password, required mods, and setup steps — as you enter them.
- RSVPs and reminder preferences:the session you're attending, the tier (confirmed / likely / maybe), optional reminder email, and per-channel notification toggles (email, Discord, browser).
- Comments, flags (reports), and Pulse events you submit.
- Push notification subscription: if you opt in, the endpoint URL your browser issues, the cryptographic keys your browser generates, and the user-agent string.
- Game interest signals:which games you've marked as wanting to play.
Cookies
reseed_anon— first-party, not HttpOnly, 180 days. Your anonymous identifier, readable by the page so the UI can show “this RSVP is yours”.reseed_anon_sig— first-party, HttpOnly, HMAC-signed, 180 days. The authoritative copy used to verify ownership on the server.- Clerk session cookies — managed by Clerk, required for sign-in.
We do not set analytics, advertising, or cross-site cookies.
3. Legal basis for processing (GDPR Article 6)
| Data | Purpose | Legal basis |
|---|---|---|
| Anonymous cookie + HMAC signature | Authorize actions on anonymous content you authored | Legitimate interest — strictly necessary to the feature you requested |
| Account profile | Provide account features, display a public profile | Contract |
| Sessions, RSVPs, comments, flags, Pulse, interest | Run the core service and power public listings | Contract |
| Reminder email + notification prefs + push subscription | Send reminders you asked for | Consent (per channel) and Contract |
| IP address (in memory) | Rate limiting against abuse | Legitimate interest in platform stability |
| Discord / Twitch identifiers | Let you link presence to those accounts on your profile | Consent given at the Clerk OAuth prompt |
| Moderation (session-flag review) | Keep the platform safe | Legitimate interest |
4. How we use your data
- To run the service: show your sessions to other players, deliver RSVP reminders, display your profile, and protect against spam and abuse.
- To communicate with you: transactional emails like reminders you opted into. We will never send marketing email without a separate opt-in, and we do not run marketing email today.
- To moderate content: when another user flags a session or comment, we review it with the linked user identifier so we can contact the author or remove content.
We do not use your data for advertising, do not sell it, and do not share it with anyone other than the sub-processors listed below.
5. Sub-processors and third parties
| Party | What they see | Why |
|---|---|---|
| Clerk (clerk.com) | Sign-in credentials, email, linked OAuth identities | Account authentication |
| Supabase (self-hosted) | All application data | Primary database — we operate the server |
| Resend (resend.com) | Your reminder email and reminder contents | Sending reminder emails |
| Discord (via our bot) | Your Discord ID and reminder message | Sending Discord reminders if you opt in |
| IGDB / Twitch | Nothing about you | Game metadata fetched server-side |
| SteamGridDB | Nothing about you | Cover-art fallback fetched server-side |
| Web Push services (Google / Mozilla / Apple, per browser) | The push payload we send to your endpoint | Delivering push notifications if you opt in |
If you sign in with Discord or Twitch, those providers also see your consent and issue tokens to Clerk; their own privacy policies apply.
6. Data retention
- Account data is kept while your account exists. On deletion, your account row and its identifiers (email, Discord ID, Twitch ID) are removed from our database. Sessions, comments, and other content you authored are anonymizedrather than deleted — the author becomes “Deleted gardener” so that other users' context (an upcoming session someone else has RSVPed to, a thread someone else replied to) is preserved. You may request full deletion of specific content at any time.
- Anonymous-identity cookies expire after 180 days. Content authored under an anonymous identity remains unless you delete it or ask us to remove it.
- Session data (sessions, RSVPs, flags, Pulse events, comments) is retained while relevant — typically indefinitely, so profiles can show historical activity. You can delete individual items from the UI or email us to remove them.
- Notification delivery logs are kept for up to 90 days to help debug delivery issues.
- In-memory data (IP addresses used by the rate limiter) is held only as long as the rate-limit window — a few minutes at most — and is never written to disk.
7. Data security
- All traffic is served over HTTPS with HSTS. Sign-in is handled by Clerk, so we never see or store passwords.
- Anonymous-identity cookies are signed with HMAC-SHA256 so a leaked cookie value cannot be used to impersonate another anonymous user.
- Sensitive columns (emails, provider identifiers, server passwords, anonymous keys) have column-level
REVOKEgrants from the public API, so they cannot leak through auto-generated REST endpoints even if a row-level security policy is misconfigured. - The database is self-hosted; we apply security updates on the host and restrict administrative access.
8. Your rights
Under GDPR and similar laws you have the right to:
- Access — get a copy of the data we hold about you.
- Rectification— correct inaccurate data. You can edit most of it from your profile; email us for anything you can't.
- Erasure — delete your account or specific content. Account deletion anonymizes your authored content as described in Section 6; if you need hard deletion of specific items, say so in your request.
- Portability — receive a machine-readable export of the data you provided.
- Restriction — ask us to pause processing while a dispute is resolved.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — turn off any notification channel at any time; unsubscribe links are in every email.
- Lodge a complaint with your local supervisory authority (EU/UK users).
To exercise any of these rights, email privacy@reseed.gg. We respond within 30 days, free of charge.
9. International transfers
Reseed is hosted in the United States. If you access the service from outside the US, your data will be transferred to and processed in the US. We rely on the European Commission's Standard Contractual Clauses where applicable and keep our sub-processor list minimal to limit the transfer footprint.
10. Children
Reseed is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has created an account or posted content, email privacy@reseed.gg and we'll remove it.
11. Changes to this policy
We'll update this page when we change how we handle data. Material changes (new sub-processors, new data categories, changed retention) will be called out with an updated effective date at the top. Continued use of Reseed after a change means you've accepted the new policy.
12. Contact
- Privacy questions or data requests: privacy@reseed.gg
- Legal notices: legal@reseed.gg
- General: hello@reseed.gg