Data Retention

• Account and profile data: Retained for as long as your account is active. Upon deletion, your profile is anonymized immediately.
• OAuth tokens: Retained while your account is active and the provider remains connected. Removed when you disconnect the provider or delete your account.
• Game history: Retained indefinitely in anonymized form after account deletion, to preserve historical leaderboards and Elo calculations for other players.
• Notifications: Retained for as long as your account is active and deleted when you delete your account.
• Feedback: Retained indefinitely in our database and mirrored to our GitHub repository issues for development tracking.
• Group join requests and invitations: Retained for as long as your account is active and deleted when you delete your account.

Cookies We Use

ScoreKeeper uses only essential cookies:

• Authentication cookies: Session tokens managed by Auth.js to keep you signed in (essential for the service).
• Privacy notice version: Tracks which privacy notice version you've acknowledged (expires after 365 days).
• Install prompt state: Remembers if you've dismissed the PWA installation prompt (expires after 30 days).
• Theme preference: Stores your dark/light mode preference for a better user experience.

All cookies are first-party cookies from ScoreKeeper itself. We do not use any third-party tracking cookies.

OAuth Providers

When you sign in using an OAuth provider, you're directly authenticating with that provider (GitHub, Google, Discord, Twitch, Pocket ID, or Homey). They may collect data according to their own privacy policies. ScoreKeeper receives only the information necessary for authentication: your email, display name, and profile photo.

Your OAuth access tokens are stored in our database to maintain your authentication session and allow re-authentication. You can disconnect any OAuth provider at any time from your Account Settings , as long as you maintain at least one connected sign-in method.

Account Deletion

You have the right to delete your account at any time from your Account Settings page.

What happens when you delete your account:

• Your account is immediately signed out.
• All connected OAuth providers are disconnected.
• Your profile is anonymized: name becomes a deleted-user placeholder and email is replaced with a deleted.local placeholder address.
• Your profile photo is removed.
• Your sessions are deleted.
• Your game history is retained (anonymized) to preserve the integrity of historical game scores and statistics for other players in your groups.

We retain anonymized game history because card games are inherently social activities where your past participation affects other players' statistics. Removing this data would corrupt historical leaderboards and Elo calculations.

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to access: You can view all your data at any time through the application interface and download a complete archive from your Account Settings .
• Right to rectification: You can update your display name and profile photo from your account settings.
• Right to erasure: You can delete your account at any time (with anonymization as described above).
• Right to data portability: You can download a structured JSON archive of your profile, linked auth providers, game history, group memberships, join requests, invitations, and notifications from the Account Settings section (Data & Privacy) of your account.
• Right to restriction of processing: You can contact the system administrator to request that processing of your data be restricted while any dispute is being resolved.
• Right to object: You can object to processing based on legitimate interests by contacting the system administrator.
• Right to withdraw consent: You can disconnect OAuth providers or delete your account at any time.
• Right to lodge a complaint: If you believe your data is being handled unlawfully, you have the right to lodge a complaint with the Norwegian Data Protection Authority ( Datatilsynet ).

Public Groups

When you create a public group or join one, your display name and profile photo are visible to other members of that group. Game scores within groups are visible to all group members. This is necessary for the social nature of the service.

Changes to This Privacy Information

If we make significant changes to what data we collect or how we use it, we will update this page and notify you through the application with an updated privacy notice banner.

Last updated: May 6, 2026

Questions or Concerns

If you have questions about your privacy or data, or if you wish to exercise any of your GDPR rights, please contact the system administrator.