Auction Room

Privacy

What we don't collect

We don't ask for your name, phone number, or any personally identifying information beyond what you choose to give us. Sign-in is handled by Google or Apple — we receive only an opaque user ID from them, never your name, email, or profile details. You can connect both providers to the same account from Settings, and disconnect either one as long as you have at least one connected. If you turn on notifications, we keep your email address so we can email you when new auctions are added — and nothing else.

What we do store

  • Your chosen username (not your real name — you pick it)
  • Your predictions and scores
  • A session cookie to keep you signed in (HTTP-only, never readable by JavaScript)
  • If you use the contact form: your message, plus the IP address and browser user agent it came from. Kept short-term, used only for abuse triage, never to track you.

Location

The map never asks for your location on its own. It only happens when you tap the "Use my location" button, and even then only if you allow it on your device. We use the coordinates to centre the map near you. They stay on your device, and we never send them to our servers or store them. Skip the button and the map still works, framed on the current listings.

Analytics

We use PostHog to understand how the site is used. The following events are tracked:

  • Page views (which page, not your identity)
  • Listing views (which listing, whether you came from the feed or direct link)
  • Predictions submitted and edited
  • Sign up and log in (provider name only — Google or Apple)
  • Connecting or disconnecting a sign-in provider from Settings
  • Username changes and account deletion

No event contains your name or email. If you're signed in, events include your anonymous user ID so we can analyse engagement by cohort. PostHog also sets a cookie in your browser to remember that anonymous ID across visits, so a returning user isn't counted as someone new.

Data retention and deletion

You can delete your account at any time from Settings. Deletion immediately removes your username and sign-in credentials. Your prediction history is retained in anonymised form to preserve leaderboard integrity.

Third parties

We do not sell or share your data. The only third-party services that receive any usage data are:

  • Cloudflare — hosting, CDN, and database. Your account record and predictions are stored in Cloudflare D1 in the Oceania region. Every request to the site passes through Cloudflare's edge network, which logs standard request metadata (IP, user agent, URL) as part of normal CDN operation. Cloudflare doesn't use this for anything other than serving and protecting the site.
  • CARTO — map tiles. The background imagery on the property map is served by CARTO. Loading the map sends your IP address and the area you're viewing to CARTO as part of fetching those tiles. We don't attach your identity, and CARTO only uses the request to serve the map.
  • Google — sign-in. The OAuth flow is between you and Google; we receive only the opaque user ID Google issues for our application, never your name, email, or profile picture.
  • Apple — sign-in (Sign in with Apple). Same shape as Google: the auth flow is between you and Apple; we receive only the opaque user ID Apple issues for our application. If Apple offers you a "Hide My Email" option during sign-in, we never see your real address either way.
  • PostHog — product analytics (events listed above)
  • Sentry — error monitoring. If the site throws an error, Sentry captures technical details (the error, the page you were on, browser info) to help us fix it. No personal data is included in error reports.
  • Resend — email delivery. When you use the contact form or opt in to new-auction notifications, your email address and message content pass through Resend so we can reach you. Resend doesn't use this data for anything else.

The Cloudflare D1 database is hosted in the Oceania region. Data in PostHog and Sentry is stored in the EU, as New Zealand wasn't available as a hosting region. Resend stores message metadata in the US.