Privacy Policy

Who we are

SumoGuesser is a non-commercial fan project operated by an individual. The site is hosted on Hetzner Cloud in Helsinki, Finland (EU). Contact: contact@sumoguesser.com.

What data we collect

• Account data: email address, display name, and optional country code — all provided by you at registration.
• Game data: classic and daily challenge scores. Only stored server-side for registered users.
• Photo submissions: uploaded images, wrestler selection, body part tag, and source URL. Requires an account.
• Photo flags: the reason you selected, optional detail text, and a one-way hash of your IP address. Available to anonymous users for abuse prevention.
• Feedback: your message, optional email, page URL, and a one-way hash of your IP address.
• Technical: a session cookie used for authentication. No tracking or analytics cookies.
• Your browser's localStorage holds scores and daily challenge completion for anonymous play. This data never leaves your device.

Why we collect it (legal basis)

• Account and game data: legitimate interest in providing the service, plus your consent given at registration (GDPR Art. 6(1)(a) and (f)).
• Hashed IP addresses in flags and feedback: legitimate interest in preventing abuse (Art. 6(1)(f)). IPs are one-way hashed and cannot be reversed.
• Session cookies: strictly necessary for authentication and exempt from consent under the ePrivacy Directive.

Who has access

Only the site operator has access to your data. It is never shared, sold, or transferred to any third party. There are no analytics or advertising services in use.

Where data is stored

All data is stored on a Hetzner Cloud server located in Helsinki, Finland (EU). No data is transferred outside the European Union.

How long we keep it

• Account data: retained until you delete your account.
• Game scores: retained until you delete your account.
• Photo submissions: retained after account deletion (shown as "anonymous") unless you request removal. Submission image files are deleted when you delete your account.
• Hashed IP addresses: retained for abuse prevention and are not linked to any account.
• Server backups: retained for 30 days, then automatically deleted.

Your rights

Under GDPR Articles 15–22 you have the following rights:

• Access — You can view all personal data tied to your account from your profile page.
• Rectification — You can edit your display name and country on your profile page at any time.
• Erasure — You can delete your account from your profile page. This removes your account, scores, and submitted photo files.
• Data portability — Email contact@sumoguesser.com for a machine-readable export of your data.
• Objection — Email contact@sumoguesser.com to object to any processing based on legitimate interest.
• Complaint — You have the right to lodge a complaint with your local data protection authority.

Cookies

We use only a strictly necessary session cookie for authentication. No tracking, analytics, or advertising cookies are set. Because no consent-requiring cookies exist, there is no cookie consent banner.

Children

This service is not directed at children under 16 and we do not knowingly collect data from children. If you believe a child has registered, please email us so we can remove the account.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision.