Effective 2026-05-07 · Last updated 2026-05-09
The short version.We only collect the data we need to run and improve Draft Democracy. We don’t sell your data, and if our practices ever change in a material way we’ll tell you in advance and give you a chance to opt out or delete your account before the change takes effect. You can ask us to delete your account at any time.
This Privacy Policy explains how Draft Democracy (“we”, “us”), operated by Gordon Fischer LLC (District of Columbia, USA), handles your information when you use the Draft Democracy application and website (the “Service”).
We use OAuth sign-in. When you create an account through one of our supported providers (currently Google and GitHub), we receive your name, email address, and profile image from that provider. We do not receive or store your password. We may add additional providers in the future and will update this list when we do.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We store the content you create or interact with in the Service: leagues, seasons, proposals, votes, comments, and league memberships. This information is associated with your account so the Service can function.
When you sign in, we record your IP address, user agent (browser and device type), and session timestamps. We use this to keep you signed in, prevent abuse, and debug problems. Each record in the Service is also tagged with creation and update timestamps.
We use a small number of cookies that are necessary to operate the Service: an authentication session cookie, and a preference cookie that remembers your light/dark theme choice. We do not use advertising cookies or third-party tracking cookies.
We recognize the Global Privacy Control (GPC) browser signal as a valid request to opt out of the sale or sharing of personal information. Because we do not sell or share personal information, no additional action is required when we receive a GPC signal. We do not allow third-party advertising trackers regardless of any signal.
We use Vercel Analytics, a privacy-friendly analytics tool built into our hosting platform. For each page view it may record: the URL visited, the referrer, filtered query parameters, approximate geolocation (country, region, and city), device OS and version, browser and version, and device type. Vercel Analytics does not use cookies. Visitors are identified by a short-lived hash derived from the incoming request; this hash is automatically discarded after 24 hours and cannot be used to reconstruct a browsing session or personally identify you. All data is used for aggregated statistics only and cannot be tied to an individual. It is processed by Vercel, Inc. in accordance with their Privacy Policy.
We do not use your data for advertising today, and we do not sell your data. We have no current plans to do either. If our practices ever change in this regard, we will update this Privacy Policy and notify active users with a reasonable opportunity to opt out or delete their account before the change takes effect.
We share data only with the service providers we need to run the Service, including:
We may also disclose data when we are required to by law — for example, in response to a valid subpoena or other lawful request. We do not share data with marketing partners or data brokers.
We have not sold or shared personal information with third parties for advertising or commercial purposes in the past 12 months. As described in “How we use your data” above, we have no current plans to do so, and we will provide advance notice and an opt-out path before any material change.
Draft Democracy is operated from the United States and your data is processed and stored there. We are not specifically targeting users outside the United States, but if you sign up from another country your data will be processed in the U.S. We extend the core privacy rights described below — access, correction, deletion, and export — to all users regardless of where they live.
If you are in the European Economic Area or the United Kingdom, the legal bases on which we rely to process your personal data under the GDPR and UK GDPR are:
Draft Democracy is intended for users 13 years of age and older. We do not knowingly collect information from children under 13. If we learn that an account belongs to someone under 13, we will delete the account and its data.
You can ask us to access, correct, export, or delete the personal data associated with your account. To exercise any of these rights, email privacy@draftdemocracy.com.
If you are in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.
If we decline a request you make under applicable state privacy law, you may appeal that decision by emailing privacy@draftdemocracy.com. We will respond in writing within a reasonable time.
To delete your account, email privacy@draftdemocracy.com from the address on your account.
When you delete your account:
We keep your account data for as long as your account is active. When you delete your account, we remove it from our active database immediately as described above; encrypted backup copies age out as backups rotate. We do not retain copies of deleted account data for analytics or marketing.
We use standard security practices: encryption in transit (HTTPS), authentication tokens issued by reputable OAuth providers, and scoped database access. No system is 100% secure, and we cannot guarantee absolute security.
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If a change materially affects how we use your data, we will make a reasonable effort to notify active users.
Questions about this policy or your data? Email privacy@draftdemocracy.com. You can also review our Terms of Service.