Privacy
Sin the Bottle is a consent-first spin the bottle game. The bottle only lands on mutual matches. Your consent flags are private to you - no one else can see who you said yes or no to. Game data lives on our server while the game runs and is cleared when the game ends or expires.
Sin the Bottle stores game data while a game is live: your player profile (name, pronouns, age range, bottle look), the consent flags you set per activity per player, the spin history, the round pairings, and any safety reports you file. Consent flags are never shown to anyone but you; the bottle algorithm reads them server-side only. Hosts see counts and percentages, never names. Sign-in for hosts goes through Lotl Auth. Push notifications, surveys, and feedback are opt-in.
What we collect
We collect and store the following kinds of data, each with its own retention and legal basis:
- Player identity — The display name, pronouns, age range, bottle style/colour, and guest UUID token you use inside a game. Stored server-side while the game is live and discarded when the game ends or expires.
- Consent preferences — Consent flags are the per-activity, per-player yes/no choices you tick in the consent panel. They're the heart of the game's safety model: the bottle only lands on mutual matches, so what you privately set determines who you can be paired with. We treat them as the most sensitive data in the app. Only you can see your own flags. The bottle algorithm reads them server-side to compute eligible pairs and never reveals their contents to anyone, including the host. Hosts see anonymous match-density metrics (e.g. 'plenty of matches available'), never names. Flags are deleted when the game ends, the host removes you, or the game expires.
- Game roster — Who is in the current game: ordered list of player ids, host status, traffic light, and AFK timestamps. Visible to everyone in the game.
- Game history — Spin outcomes, pass actions, skip actions, heaven-room timer state, and the per-round pairing log for the current event. Used to render the activity feed and the round pairing card.
- Incident reports and debrief requests — If you file a safety report (yellow or red light, post-event report, or use the host's debrief flow) we store the report content so the host, cohosts, and the safety team can act on it during and after the event. Reports are kept across events so a player who's been flagged at one event can be recognised at the next; this is a deliberate harm-reduction trade-off and means incident records are retained longer than the rest of your data. Your identity as reporter is not shared with the subject of the report without your consent, except where we're legally required to. The host's event-health dashboard summarises recent traffic-light raises as a count — useful as a pacing signal but not a privacy shield, since the host already sees the individual reports in the incidents panel. To raise a concern or appeal a report, email safety@sinthebottle.com.
- Host account — Your sign-in identity is managed by Lotl Auth, our authentication service (auth.lotlsoft.com). Lotl Auth stores your email, your name if you provided one, and a hash of your password (argon2id). Sign-in issues a short-lived JWT access token (15 minutes) and a refresh token (30 days). Email verification and password resets go through transactional email (Resend).
- Event metadata — Event-mode settings owned by hosts: event name, start/end window, bottle count, cohost list, activity presets, broadcast banner copy, break-prompt snooze state. Visible to all players in the game.
- Activity suggestions — Free-text activity suggestions a player adds, plus upvotes from other players. Suggestions display the suggesting player's name to other players in the game.
- Survey responses — Post-game surveys collect a satisfaction rating and optional free-text feedback. Your response is stored linked to your guest session so you can't submit twice for the same game — that link exists at the database row but the host's summary view only ever shows aggregated rating and free-text snippets, never your individual response with your name. If you don't want to take the survey, skip it: nothing is recorded, and the host's summary just shows one fewer respondent.
- Product feedback — Free-text feedback you send via the in-app feedback dialog. Routed to the Sin the Bottle product inbox.
- Usage telemetry — Anonymous usage events, performance gauges, and error reports are sent to Lotl Observe, our observability service (observe.lotlsoft.com). Lotl Observe stores error messages, stack traces, request URLs, user-agent strings, telemetry events, and per-event metadata. It does not store the contents of your application data. We process this under legitimate interests: Lotl Observe is in-house, no third-party analytics or session replay is involved, and identifiers are pseudonymous. Account deletion removes your associated telemetry. Project-specific: telemetry never includes consent flags, incident detail, or player names.
- Host join links — Single-use claim tokens a host generates for slot-based events. Tokens carry the slot id and expire when the slot is filled or revoked.
- Push subscription — Web push subscription endpoint and keys you grant when you opt into nudges (your turn to spin, heaven-room timer warnings). Used only to send the in-game nudges you opted into.
Third parties
These external services receive some of your data:
- DigitalOcean — Server hosting for sin-the-bottle
- Resend — Transactional email (event reminders, RSVP confirmations) via Lotl SDK
Your rights
You can export everything we hold about you, and delete your account at any time. Both options live in your account settings. Deletion is immediate and unrecoverable.
Last updated: 2026-05-27.