Legal
Privacy Policy
Includes Cookie Policy
Last updated: May 3, 2026
Overview
Different Baits is operated by Paul Sturgill (“we”, “us”, or “our”). This policy explains what personal data we collect, why we collect it, and how we use and protect it.
We are based in Massachusetts USA. If you have questions, contact us at paul@differentbaits.com.
1. Data We Collect
a) Account Data (Google Sign-In)
When you sign in with Google we receive your name and email address from Google’s OAuth 2.0 service. We store these in our database solely to identify you within the Site. We do not receive your Google password.
b) Vote Data
We record which image you voted for in each battle, linked to your email address. This is required to enforce the one-vote-per-battle rule and to display vote counts.
c) Payment Data (Advertisers only)
If you purchase an advertising slot, payment is processed directly by Stripe, Inc. We receive a confirmation of your purchase but we do not store your card number or payment details on our servers. Please see Stripe’s Privacy Policy.
d) Server Logs
Our hosting provider, Vercel, Inc., automatically collects standard server log data (IP address, request time, browser user-agent) to operate and secure the service. See Vercel’s Privacy Policy.
2. How We Use Your Data
- To authenticate you when you sign in.
- To record and display your vote in active battles.
- To enforce voting rules (one vote per battle).
- To send transactional emails if you purchase an ad slot (via Stripe).
- To moderate the Site and detect abuse.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
3. Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google OAuth | Sign-in authentication | policies.google.com |
| Supabase | Database & file storage | supabase.com/privacy |
| Stripe | Ad slot payment processing | stripe.com/privacy |
| Vercel | Hosting & edge delivery | vercel.com/legal |
4. Data Retention
We retain your account data and vote history for as long as you have an account. If you would like your data deleted, please contact us at paul@differentbaits.com and we will process your request within 30 days .
5. Security
Your data is stored in Supabase with row-level security policies. Access to the database is restricted to our application server using a service-role key that is never exposed to the browser. We use HTTPS for all data in transit.
No method of transmission over the Internet is 100% secure. If you believe your data has been compromised, please contact us immediately.
6. Your Rights
Depending on your location you may have rights including:
- Accessing the personal data we hold about you.
- Requesting correction of inaccurate data.
- Requesting deletion of your data.
- Objecting to or restricting certain processing.
To exercise any of these rights, contact us at paul@differentbaits.com.
7. Cookie Policy
We use a small number of cookies that are strictly necessary to operate the Site. We do not use advertising or tracking cookies.
| Cookie | Purpose | Expiry |
|---|---|---|
| next-auth.session-token | Keeps you signed in between pages | 30 days |
| next-auth.csrf-token | Prevents cross-site request forgery attacks | Session |
| next-auth.callback-url | Remembers where to redirect after sign-in | Session |
You can disable cookies in your browser settings but sign-in will not work without the session cookie.
8. Children’s Privacy
Different Baits is not directed at children. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. The updated date at the top of this page will always reflect when changes were last made. Your continued use of the Site after changes are posted constitutes acceptance.
Questions? Contact paul@differentbaits.com.