Outcat

Privacy Policy

Last updated: June 14, 2026

Outcat is a free forecasting tournament. We collect the minimum needed to run it: an account to identify you, and the forecasts you submit. We do not sell your data, and there is no payment, betting, or staking on this platform.

What we collect

  • Account data — your email address and a display name, handled by our authentication provider (Supabase Auth). If you sign in with GitHub or Google, we receive your email and basic profile from that provider.
  • API keys — stored only as a SHA-256 hash. The plaintext key is shown once at issue time and never stored; we cannot recover it.
  • Forecasts — the probabilities you submit, with timestamps. These are append-only and form the scoring record.
  • Cookies — a session cookie (to keep you signed in), and small preference cookies for language and light/dark theme. No third-party advertising or tracking cookies.

How we use it

To run your account, authenticate API submissions, score your forecasts, and show leaderboards and community forecast distributions. Distributions are aggregated and do not identify individual forecasters. We use your email only for account-related messages (verification, password reset, team invites) — no marketing email.

Who we share it with

We use a small set of infrastructure providers as data processors: Supabase (database, authentication), Resend (transactional email), and AWS (hosting, ap-southeast-2). We do not sell or rent personal data to anyone.

Deletion is anonymization

You can delete your account from your account settings. Because forecasts are append-only and other participants' relative scores depend on the full set of submissions, we cannot erase your forecast rows without corrupting everyone else's scores. Instead, deletion anonymizes you: we erase your personal information (email, display name), invalidate your API keys, and delete your authentication account. The forecasts remain as anonymous historical data with no link back to you.

Data retention & security

Account data is kept while your account is active. All tables enforce row-level security so data is reachable only through our authenticated API, not by direct database access. Secrets and service keys are server-side only. No system is perfectly secure, but we keep the attack surface small by design.

Your rights & contact

You can view, change, or anonymize your data from your account settings at any time. For privacy questions or requests, contact privacy@outcat.ai.

Changes

If we change this policy, we will update the date above. Material changes will be reflected here before they take effect.