Legal
Privacy Policy
DRAFT — pending review by licensed counsel.
1. Data we collect
Account data: email address you provide for the magic-link sign-in. That's it. We don't store a password.
Comment data: your email is associated with comments you post; your display name is shown publicly.
Usage data: page URL, referrer, user agent, IP address (truncated to /24 after ingestion), country code, timestamp.
Purchase data: if you buy from the Shop, Stripe collects payment details. We store only the order ID, SKU, and shipping address. Card numbers never touch our servers.
Click tracking: when you click a sponsored or affiliate link, we log the click to the `affiliate_clicks` table: timestamp, the link slug, the article you came from, device type, country code.
2. What we don't collect
We don't run Google Analytics, Facebook Pixel, TikTok Pixel, or any cross-site tracking script. We don't sell or rent your data. We don't build advertising profiles.
3. Why we collect
- To send you the content you signed up for (newsletter, comment replies).
- To measure which stories readers find valuable — using our own first-party analytics only.
- To prevent spam and abuse.
- To fulfill Shop orders.
- To report aggregate traffic to potential sponsors (e.g., "50,000 monthly readers, 60% rural states"), never individual data.
4. How long we keep it
- Account records: until you close the account. Then deleted within 30 days.
- Comments: we retain comments for the archival record of the article. You can request deletion of your comment record at any time.
- Usage logs: aggregated after 90 days; raw IPs truncated immediately on ingest.
- Purchase records: seven years for tax and warranty compliance.
5. Who we share with
- Stripe: payment processing for Shop purchases.
- Resend: transactional and newsletter email delivery.
- Cloudflare: site hosting and CDN. Cloudflare sees request metadata inherent to serving the Site.
- Affiliate partners (SeatGeek, Impact.com, Commission Junction, etc.): when you click an outbound affiliate link, they set their own cookie on the destination site. We do not share our data with them.
We do not share your data with ad networks, data brokers, or any third party not listed above.
6. Your rights
If you reside in California, Colorado, Virginia, Connecticut, Utah, or any other jurisdiction with a comprehensive consumer privacy law, you have the right to:
- Know what we've collected about you.
- Request deletion of your data.
- Opt out of any "sale" of your data (we do not sell data, but this right applies anyway).
- Correct inaccurate data.
- Port your data to another service.
To exercise any right, email privacy@buckinrodeo.com with "Privacy Request" in the subject line. We respond within 30 days (with one 45-day extension allowed under California law).
EU/UK readers: our data practices are aligned with the principles of the GDPR and UK GDPR — lawful basis (consent for newsletters, legitimate interest for analytics and fraud prevention), data-minimization, purpose-limitation, storage-limitation. Contact privacy@buckinrodeo.com for any data-subject request.
7. Children
We do not knowingly collect personal data from children under 13. If you believe a child has submitted data through our Site, email privacy@buckinrodeo.com and we will delete the record.
Our coverage of high-school and junior rodeo is limited to information published by the governing bodies (NHSRA, NLBRA, AJRA, etc.). We do not display face photographs of minors. We do not publish contact information for athletes under 18.
8. Cookies
See the Cookies Policy for a full list.
9. Security
We host on Cloudflare's infrastructure with TLS encryption enforced. Magic-link tokens are single-use and expire within 15 minutes. Database access is restricted and logged.
10. Changes
Material updates to this policy will be noted at the top of the page for thirty days. Date at the top of this page reflects the latest update.
11. Contact
Privacy questions: privacy@buckinrodeo.com.