BB Dugout Toolkit

Privacy & Cookie Policy

Last updated: February 2026

1. Introduction

BB Dugout Toolkit ("the App") is a free tool for creating and managing Blood Bowl team rosters, leagues, tournaments, and live matches.

We are committed to transparency about how your data is handled. This policy explains what data we collect, how it is used, and your rights regarding that data.

2. User Accounts & Authentication

Registration is optional — the roster builder works without an account. If you choose to register, you can do so via email and password or through Google OAuth.

When you register with email, we store your email address, display name, and a securely hashed password (bcrypt). We never store your password in plain text.

When you register with Google OAuth, we receive your email address, display name, and Google account ID from Google. We do not receive or store your Google password.

Email verification is required to activate your account. A JSON Web Token (JWT) is stored in your browser's localStorage to keep you logged in.

3. Data We Collect & Store

Account data: email address, display name, and optionally your NAF (Nuffle Afficianados Football) coach name and number if you choose to link them.

Rosters: when logged in, your rosters are saved to our server so you can access them from any device. If you are not logged in, rosters are stored only in your browser's local storage.

Competitions: leagues and tournaments you create or join, including match results, standings, and player progression data.

Live matches: real-time game state and events during live match sessions.

Feedback: if you submit feedback through the App, we collect the feedback type, your message, the page URL, your browser's user agent string, and optionally your email address if you provide it.

4. Local Storage & Cookies

The App uses your browser's local storage and session storage. The following entries are stored:

• bb_cookies_accepted — records that you have accepted the cookie banner.

• bb_token — your authentication JWT (if logged in).

• bb_rosters — your roster data for offline use.

• bb_theme — your theme preference (dark or light).

• bb_lang — your language preference.

• Session storage is used for temporary live match state.

The App does not use any tracking cookies or advertising cookies.

5. Analytics

We use Google Analytics to collect aggregate, anonymous usage statistics. This helps us understand how the App is used and improve it over time.

Google Analytics may collect: pages visited, session duration, browser and device information, and approximate geographic location. No personally identifiable information is linked to analytics data.

You can opt out of Google Analytics by using your browser's privacy settings, enabling "Do Not Track", or installing the Google Analytics opt-out browser extension.

6. Third-Party Services

The App uses the following third-party services:

• Google Analytics — anonymous usage statistics (see Section 5).

• Google Fonts (Bungee, Inter) — typography. Google's font service may log standard web request data per their own privacy policy.

• Google OAuth — optional login method. Only your email, name, and Google ID are shared with us.

• Cloudflare Turnstile — CAPTCHA verification on login, registration, and feedback forms to prevent automated abuse. Cloudflare may process your IP address and browser data per their privacy policy.

• Resend — transactional email delivery (see Section 7). Your email address is shared with Resend solely for the purpose of delivering emails to you.

7. Emails We Send

If you register an account, we may send you the following transactional emails:

• Email verification — to confirm your email address upon registration.

• Password reset — when you request a password reset.

• Competition invitations — when another user invites you to a league or tournament.

• Match notifications — updates about scheduled matches in your competitions.

We do not send marketing emails or newsletters. All emails are transactional and related to your account activity.

8. Data Retention & Deletion

Your account data is retained for as long as your account exists. You may request deletion of your account and all associated data at any time by contacting us at admin@bbdugout.com.

Local storage data is entirely under your control — you can clear it at any time through your browser settings.

If you delete your account, all server-side data (rosters, competition data, match history, feedback) will be permanently removed.

9. Your Rights

You have the right to access your data at any time through your account page, roster exports (JSON/PDF), and competition views.

You have the right to request deletion of your account and all associated data by contacting admin@bbdugout.com.

You can clear all local storage data at any time through your browser's settings or "Clear site data" option.

You can opt out of analytics tracking as described in Section 5.

10. Contact

If you have any questions about this privacy policy, your data, or the App, you can reach us at admin@bbdugout.com.

This app is in beta — it may contain errors. I appreciate your feedback!
BB Dugout Toolkitby Hector del Baixv0.2.9-beta · Season 3
Buy me a coffee
Discord
Coded withClaude Codeby Anthropic

This site uses cookies and local storage to save your rosters and preferences.