# Privacy Policy

**CARS Ranked**
**Last updated: March 14, 2026**

CARS Ranked is a browser extension that adds competitive multiplayer matchmaking to MCAT CARS passages on jackwestin.com. This privacy policy explains what data we collect, how we use it, and your choices.

## Data We Collect

### Account Information
- **Email address** — used for account creation and login via Supabase Auth.
- **Display name** — chosen during sign-up, shown to opponents and on the leaderboard.
- **Password** — if you sign up with email/password. Passwords are hashed and stored by Supabase; we never have access to your plaintext password.
- **Google account info** — if you sign in with Google, we receive your email and profile name via Google OAuth. We do not access your Google contacts, calendar, or any other Google data.

### Game Data
- **ELO rating and rank** — calculated based on match outcomes.
- **Match history** — win/loss/tie results, accuracy percentages, completion times, and opponent display names for each match.
- **Streak data** — consecutive days played, used to display your daily streak.

### Website Content (jackwestin.com only)
- **Passage data** — the extension reads passage titles and URLs from the jackwestin.com page to identify available passages and synchronize both players to the same passage.
- **Accuracy results** — after you complete a passage, the extension reads your correct/incorrect/incomplete counts from the jackwestin.com results page to determine the match winner.

This data is read only from jackwestin.com and only during active use of the extension. We do not read content from any other website.

### Analytics (PostHog)
We use PostHog to understand how the extension is used and improve the experience. PostHog may collect:
- **Click and interaction events** within the extension popup (e.g., button clicks).
- **Session recordings** of extension popup interactions.
- **Custom events** such as matchmaking started, match completed, and game results (win/loss/tie).

PostHog data is associated with your user ID to provide per-user analytics. No data is collected from websites you visit outside the extension popup.

### Subscription Data
If you subscribe to a paid plan (Plus or Prime), payment processing is handled entirely by **Stripe**. We never receive or store your credit card number, bank account, or other payment method details. We store only:
- Your Stripe customer ID (an opaque identifier).
- Your subscription tier (Free, Plus, or Prime) and subscription status.

### Feedback
If you submit feedback through the extension, we collect the email address, category, description, and any file attachments you provide. Attachments are stored in Supabase Storage.

## How We Use Your Data

- **Account and game data** — to operate matchmaking, calculate ELO, display leaderboards, and show your match history and profile.
- **Website content** — solely to synchronize passages between matched players and determine match results. This data is not stored beyond the duration of the match (passage data is held in server memory and cleared when the room empties).
- **Analytics** — to understand usage patterns, identify bugs, and improve the extension.
- **Subscription data** — to manage your subscription tier and unlock paid features.
- **Feedback** — to respond to your reports and improve the product.

## Data Storage and Security

- Account data, match history, and profiles are stored in **Supabase** (hosted on AWS, us-west-2 region).
- Analytics data is stored by **PostHog**.
- Subscription data is managed by **Stripe**.
- Real-time game state (room data, passage selections) is held in server memory only and is not persisted after the match ends.
- Communication between the extension and our server uses encrypted WebSocket (WSS) and HTTPS connections.
- Server access is restricted by CORS to the extension's deterministic ID.

## Data We Do NOT Collect

- Browsing history or activity on any site other than jackwestin.com.
- Health or medical information.
- Location or GPS data.
- Personal communications (emails, messages).
- Credit card numbers or bank account details (handled by Stripe).
- Keystrokes, mouse movements, or screen content outside the extension popup.

## Data Sharing

We do not sell your personal data. Your data may be shared only with:
- **Other users** — your display name, rank, ELO, and subscription tier are visible to opponents and on the leaderboard.
- **Service providers** — Supabase (database/auth), PostHog (analytics), and Stripe (payments) process data on our behalf.

## Your Choices

- **Delete your account** — contact us to request account deletion. Your profile, match history, and associated data will be removed.
- **Opt out of analytics** — PostHog session recording and event tracking can be disabled upon request.
- **Cancel subscription** — manage or cancel your subscription anytime through the Stripe Customer Portal, accessible from the extension settings.

## Children's Privacy

CARS Ranked is not directed at children under 13. We do not knowingly collect personal information from children under 13.

## Changes to This Policy

We may update this policy from time to time. Changes will be posted at this URL with an updated "Last updated" date.

## Contact

If you have questions about this privacy policy or your data, contact us at: **nikam.m.rohit@gmail.com**

Create a free website with Framer, the website builder loved by startups, designers and agencies.