Privacy Policy
What we collect, why, and how you can control it.
1. Who We Are
SweepsCasinoFinder.com ("we", "our", or "us") is an independent review and comparison website for sweepstakes casinos operated in the United States. We are not a casino, gambling operator, or financial institution. We earn revenue through affiliate commissions when users sign up at casinos via our links.
2. Data We Collect
2a. Data you provide directly
- Email address โ collected when you subscribe to our newsletter or create an account. Used to send you daily coin alerts and account authentication links (magic links). Stored in our PostgreSQL database hosted on Railway. Shared with Resend (our email provider) for sending only โ never sold.
- Display name โ optional name you set in your dashboard. Displayed on community leaderboards if you participate.
- Casino preferences โ the list of casinos you choose to track in your dashboard ("My Casinos"). Stored as a JSON array linked to your account.
- Player reviews โ if you submit a review on a casino page, your review text, star rating, and optional display name are stored. Reviews are moderated before publication.
2b. Data collected automatically
- Page events โ we log anonymous page views including: URL visited, referrer URL, device type (desktop/mobile), country code (from Cloudflare header), and a hashed visitor identifier. IP addresses are SHA-256 hashed immediately and the raw IP is never stored. Page events are retained for 1 year.
- Affiliate clicks โ when you click a "Claim Bonus" link we log the casino slug, timestamp, referrer, and your hashed visitor token. This tells us which casinos are popular. Retained for 1 year.
- Claim history โ if you have an account, we record which casinos you claimed free coins at each day. Stored as a JSONB object on your account row. You can delete this by deleting your account.
- Daily check-in streaks โ if you use the streak/check-in feature, we log each check-in date and points awarded. Retained for 1 year.
- A/B test assignments โ we run occasional layout and copy experiments. When you visit the site you are deterministically assigned to a variant based on your visitor token. Assignments are stored to ensure consistency between visits. Deleted 6 months after the experiment concludes.
- Country โ derived from the
CF-IPCountryheader injected by Cloudflare. Used for aggregate analytics only (e.g., "% of visitors from CA"). Not stored per-user.
3. Cookies We Set
| Cookie Name | Purpose | Duration | Required? |
|---|---|---|---|
scf_user_token |
Your persistent visitor / account identifier (UUID v4). Used for streak tracking, claim history, A/B assignment, and account login. Never contains PII. | 1 year | Functional |
scf_subscribed |
Set to "1" after you subscribe to the newsletter. Prevents showing the newsletter signup form to existing subscribers. | 1 year | Functional |
scf_ec_dismissed |
Set to "1" after you dismiss the email capture modal. Prevents the modal from reappearing. | 30 days | Functional |
scf_cookie_notice_dismissed |
Set to "1" after you dismiss the cookie disclosure strip. Prevents the strip from reappearing. | 365 days | Functional |
session (Flask) |
Standard Flask session cookie used for CSRF token state. No personal data stored in it. | Session | Security |
We do not set advertising cookies, cross-site tracking cookies, or third-party analytics cookies (no Google Analytics, no Meta Pixel).
4. How We Use Your Data
- To operate the site โ show you personalized daily coin offers, track your streak, remember your casino preferences.
- To send emails you requested โ daily digest, welcome email, onboarding tips. Every email includes a one-click unsubscribe link.
- To improve content and UX โ aggregate analytics tell us which pages and features are used most. We never build individual behavioral profiles for ad targeting.
- To run A/B tests โ test changes to layout and copy to make the site better. Results inform product decisions only.
- To monitor affiliate health โ we scan Reddit and other sources for mentions of casinos we review. No personal data from Reddit users is stored.
- We do not sell your data. We do not share your data with advertisers. We do not run third-party ad networks.
5. How Long We Keep Data
| Data Type | Retention Period |
|---|---|
| Email address (account) | Until account deletion |
| Claim history | Until account deletion |
| Streak events | 1 year rolling |
| Page events / click events | 1 year rolling |
| Email send records | 2 years rolling |
| A/B test assignments | 6 months after experiment concludes |
| Promo code votes | 6 months rolling |
| Player reviews | Until manually deleted by admin or account deletion request |
Retention is enforced by an automated weekly cleanup job that runs every Sunday at 2 AM ET.
6. Third-Party Services
Resend (Email Delivery)
We use Resend to send transactional and marketing emails. Your email address is transmitted to Resend when we send you an email. Resend processes it under their own privacy policy. We do not share any other personal data with Resend.
Railway (Hosting & Database)
Our application and PostgreSQL database are hosted on Railway. All data stored in our database (emails, tokens, events) is stored on Railway infrastructure. Railway processes this as a data processor under a standard service agreement.
Cloudflare (DNS, CDN & DDoS Protection)
All traffic to SweepsCasinoFinder.com passes through Cloudflare. Cloudflare may log request metadata (IP addresses, headers) per their own privacy policy. Cloudflare injects a CF-IPCountry header we use for country-level analytics. We do not receive raw IP addresses from Cloudflare in our application logs โ they are SHA-256 hashed on arrival.
Reddit API (Promo Monitoring)
We use the public Reddit JSON API to scan sweepstakes casino subreddits for community mentions and promo code submissions. We read public posts only โ we do not authenticate as users, we do not access private messages, and we do not store Reddit usernames. Post content is used only to import community casino reviews (pending moderation) and to identify link-building opportunities.
Affiliate Networks (Casino Partners)
When you click a "Claim Bonus" or "Play at [Casino]" link on our site, you are redirected to a sweepstakes casino's website via an affiliate tracking link. The casino and their affiliate network may set their own cookies and track your visit per their own privacy policies. We have no control over data collection by those third parties.
7. Your Rights โ Export & Deletion
If you have an account, you have two self-service data rights available from your Dashboard โ Settings:
Emails you a complete JSON export of all data we hold: your account row, claim history, streak events (last 90 days), email send records (last 90 days), A/B assignments, and newsletter subscription status.
Permanently anonymizes your account: email address is removed, your user token is replaced with a new random UUID, claim history is cleared, and your newsletter subscription is deactivated. This cannot be undone.
You may also email us at our contact page to request data export or deletion manually. We will respond within 30 days.
8. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how we use it (see Sections 2โ4 above).
- Access your personal information โ use the Export button in your dashboard.
- Delete your personal information โ use the Delete Account button in your dashboard.
- Non-discrimination โ we will not discriminate against you for exercising these rights.
We do not sell personal information as defined by the CCPA. We do not share personal information with third parties for cross-context behavioral advertising.
9. Children
SweepsCasinoFinder.com is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted information to us, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this policy as our practices evolve. The "Last updated" date at the top of this page will always reflect the most recent revision. Significant changes will be noted in our blog or emailed to newsletter subscribers.