Data Policy
Everything we collect, why we collect it, and what happens to it. No surprises. Last updated: June 2026.
This page gives you a complete, plain-English picture of every bit of data our platform touches. We believe in radical transparency. If you want the shorter version, check our Privacy Policy. If you want the legal terms, see our Terms of Service.
1. Account Data (Discord OAuth)
When you sign in with Discord, we receive and store:
| Data | Purpose | Retention |
|---|---|---|
| Discord ID | Unique identifier to link your account | Until account deletion |
| Discord username | Displayed on your profile and team finder posts | Until account deletion |
| Email address | Communication, notifications, and team invites | Until account deletion |
| Display name | Shown on submissions and certificates | Until account deletion |
| Profile picture | Displayed alongside your posts and submissions | Until account deletion |
We also request the guilds and guilds.join Discord scopes so we can auto-join you to our Discord server when you sign up (if you consent).
2. Session & Location Data
Each time you log in, we automatically capture session metadata via Cloudflare:
| Data | Purpose | Retention |
|---|---|---|
| IP address | Rate limiting and abuse prevention | Session duration |
| Country, city, region | Anonymised stats on participant geography | Session duration |
| Timezone | Displaying times in your local timezone | Session duration |
| Browser, OS, device | Bug reports and platform compatibility | Session duration |
| Cloudflare data centre (colo) | Performance monitoring | Session duration |
This data is tied to your active session and is not used for advertising or profiling. We do not sell or share geolocation data with third parties.
3. Registration & Team Data
When you register for the hackathon:
| Data | Purpose | Retention |
|---|---|---|
| Display name / Team name | Identifying your entry on the platform | Until account deletion |
| Participation mode (solo/pair) | Determining team structure | Until account deletion |
| Teammate invite email | Sending an invite to your teammate | Until invite is accepted or expires |
| Reference ID | Anonymous judging identifier | Until account deletion |
4. Survey Data
During registration, you complete a skills survey. This is used for community stats and is never shared with judges or used for judging:
| Data | Purpose | Retention |
|---|---|---|
| Programming languages | Community stats and event planning | Until account deletion |
| Development areas | Understanding participant backgrounds | Until account deletion |
| Self-rated skill levels | Fun community stats (shown anonymously) | Until account deletion |
| "Proud of" response (optional) | Community showcases (with your consent) | Until account deletion |
5. Submissions & Project Data
When you submit your hackathon project:
| Data | Purpose | Retention |
|---|---|---|
| ZIP file (project code) | Judging and verification of original work | 6 months after hackathon ends |
| Video demonstration link | Judging and public showcase | Until account deletion |
| GitHub repository link | Judging, code review, and public showcase | Until account deletion |
| AI-generated summary | Assisting judges with quick project overviews | 6 months after hackathon ends |
ZIP files are stored securely in Cloudflare R2 and are only accessible to organisers and judges. They are deleted after the hackathon retention period.
6. Ideas & Team Finder
Data collected through the ideas board and team finder:
| Data | Purpose | Retention |
|---|---|---|
| Hackathon idea (title + description) | Required registration step, visible to organisers | Until account deletion |
| Team finder post details | Publicly visible to logged-in participants | Until post is deleted or hackathon ends |
| Skills and looking-for tags | Helping participants find compatible teammates | Until post is deleted |
| Ideas board posts | Community brainstorming (publicly visible) | Indefinite (community resource) |
7. Analytics & Session Recording (PostHog)
We use PostHog (EU-hosted) for product analytics. Here is exactly what we track:
| Data | Purpose | Retention |
|---|---|---|
| Page views and navigation | Understanding user flows and popular features | PostHog default (1 year) |
| Click and form interactions | Identifying UX issues and drop-off points | PostHog default (1 year) |
| Session recordings | Debugging issues and improving UX | 30 days |
| Feature usage events | Prioritising development work | PostHog default (1 year) |
| Error events | Identifying and fixing bugs | PostHog default (1 year) |
Session recordings: Password fields and sensitive inputs are automatically masked. Recordings are used exclusively by our development team to improve the platform.
Opt-out: You can decline non-essential analytics via the cookie banner. We also respect the Do Not Track browser setting. If you opt out, we will not record sessions or track feature usage.
8. Cookies
We use the following cookies:
| Data | Purpose | Retention |
|---|---|---|
| Authentication session cookie | Keeping you logged in (essential) | Session / 30 days |
| Cookie consent preference | Remembering your cookie choice | 1 year |
| PostHog analytics cookies | Anonymous analytics (non-essential) | 1 year |
Essential cookies (authentication) cannot be disabled as the platform won't work without them. Analytics cookies are only set if you accept them via the banner.
9. Bot Protection & Rate Limiting
| Data | Purpose | Retention |
|---|---|---|
| Cloudflare Turnstile token | Preventing spam and bot abuse on forms | Not stored (validated and discarded) |
| IP + path + timestamp (rate limit logs) | Preventing abuse and DDoS protection | 24 hours |
10. Notification Emails
If you sign up for notifications before registration opens:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Sending one notification when registrations open | Until notification is sent, then deleted |
| Verification token | Confirming email ownership | Until verified (max 48 hours) |
11. Third-Party Services
Your data may pass through or be stored by these services:
- Cloudflare (hosting, CDN, D1 database, R2 storage, Workers runtime) — all data processing
- PostHog (EU-hosted) — analytics and session replay
- Discord — OAuth provider and community platform
- Cloudflare Turnstile — bot protection (no data stored on our side)
We do not use Google Analytics, Facebook Pixel, or any advertising trackers. We do not sell or share your data with advertisers. Ever.
12. Your Rights
Regardless of where you live, you can:
- Access: Request a copy of all data we hold about you.
- Correct: Ask us to fix inaccurate information.
- Delete: Request full deletion of your account and associated data.
- Export: Get your data in a machine-readable format.
- Opt out: Decline non-essential analytics at any time via the cookie banner.
- Object: Object to specific processing of your data.
To exercise any of these rights, email contact@thecodingkitty.com. We will respond within 30 days.
13. Data Retention Summary
- Account data: Kept until you delete your account (removed within 30 days of request).
- Session data: Deleted when your session expires.
- Submission files: Deleted 6 months after the hackathon concludes.
- Analytics data: Retained for up to 1 year, then automatically purged.
- Session recordings: Automatically deleted after 30 days.
- Rate limit logs: Purged after 24 hours.
- Notification emails: Deleted after the notification is sent.
14. International Transfers
Our infrastructure runs on Cloudflare's global network. Your data may be processed in multiple countries depending on which Cloudflare edge node serves your request. PostHog data is hosted in the EU. We rely on Cloudflare's Data Processing Addendum and Standard Contractual Clauses for any transfers outside the EEA.
15. Children's Data
Our platform is not intended for anyone under 13. We do not knowingly collect data from children under 13. If we discover that a child under 13 has created an account, we will delete their data immediately. If you believe a child under 13 is using our platform, please contact us.
16. Changes to This Policy
We may update this policy as we add new features or change how we handle data. Material changes will be announced via the platform and/or Discord. The date at the top of this page tells you when it was last revised.
17. Contact
Questions, concerns, or data requests? Get in touch at contact@thecodingkitty.com