atombowl ("we", "us", or "our") provides online tools to help users practice Science Bowl style questions. This website is not affiliated with the Davidson Academy of Nevada, the US Department of Energy, the US Department of Energy Office of Science, or the National Science Bowl. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our website at sciencebowl.org (the "Service"). We build on Google Cloud Platform ("GCP") and Firebase services. By using the Service, you agree to the practices described here.
1. Quick Summary
We minimize personal data. Core functionality currently uses Firebase Authentication (optional), Firestore, and a simple HTTPS Cloud Function for answer checking.
We do not sell personal information.
We use GCP / Firebase as infrastructure subprocessors; data may be processed in the United States or other regions Google operates.
We display ads via Ezoic. Ezoic and its partners may use cookies or similar technologies to serve, personalize (where permitted), and measure ads. You can adjust preferences via Ezoic's consent/prefs where available (see Advertising & Cookies).
You can request deletion of your account data at any time (see Your Rights).
2. Scope
This Policy applies to information we process when you access or use the Service. It does not cover third-party sites that link to or from our Service.
3. Information We Collect
3.1 Provided Directly by You
Authentication Data: If you sign in (e.g., email/password, Google Sign-In, or other Firebase providers once enabled), Firebase stores basic profile data (display name, email, UID, provider data).
User-Generated Content: Practice preferences or progress metrics (if/when implemented) stored in Firestore.
Support Communications: Emails or messages you send to us.
3.2 Collected Automatically
Usage Logs: Standard HTTP request logs (IP address, user agent, referrer, timestamps, function invocation metadata) captured by Google Cloud for security and reliability.
Device / Technical Data: Browser type, operating system, pages viewed, approximate region inferred from IP (not stored by us separately but may appear in GCP logs).
Cookies / Local Storage: (a) Essential / functional: Firebase Authentication tokens, session state, UI preferences. (b) Advertising / measurement (third-party): Ezoic may set or read cookies and similar identifiers (e.g., to prevent fraud, cap frequency, measure performance, and—where consent or applicable legal basis exists—personalize ads). See Advertising & Cookies.
Service Providers: Additional processors (if added later) for email delivery or performance monitoring (will be updated here).
Legal / Safety: To comply with law, respond to lawful requests, or protect rights, safety, or property.
Aggregated Insights: Non-identifying statistics (e.g., number of generated rounds) that cannot reasonably identify a user.
7. International Data Transfers
Data may be processed in the United States and other regions where Google operates infrastructure. Google’s data center locations and transfer safeguards (such as Standard Contractual Clauses) apply to Firebase services. Where required, we rely on appropriate safeguards under GDPR Art. 46.
8. Data Retention
Account profile data: retained until you request deletion or your account becomes inactive for an extended period (currently target 24 months of inactivity, subject to implementation).
Authentication logs and security logs: per Google’s default retention windows.
Support emails: retained as long as necessary to resolve the inquiry and maintain auditability.
We use Firebase and GCP security controls such as access control (IAM), Firestore security rules, TLS encryption in transit, and Google-managed encryption at rest. No method of transmission or storage is 100% secure; we strive to use industry-standard safeguards while minimizing stored personal data.
10. Your Rights & Choices
Depending on your jurisdiction, you may have rights to:
Access, correct, or export personal data.
Delete your account and associated personal information.
Object to or restrict certain processing.
Withdraw consent where processing relied on consent.
Non-discrimination for exercising privacy rights (California).
How to exercise: Email us at privacy@sciencebowl.org (or use an in-app feature when available). We may request verification (e.g., confirming control of the signed-in account).
11. Children’s Privacy
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.
12. Do Not Track
We do not respond to browser Do Not Track signals at this time. We limit tracking to essential operational logging and optional first-party analytics (if implemented later, this policy will be updated).
13. Advertising & Cookies (Ezoic)
We display advertisements via Ezoic. Ezoic (and its advertising partners) may use cookies or similar technologies (e.g., local storage, device identifiers) to serve ads, detect fraud/abuse, and measure ad performance. Where required (e.g., EEA/UK), we will obtain (or Ezoic will present) consent before non-essential advertising cookies are set or data is used for personalized ads.
13.1 What Data May Be Used for Ads
Ad cookies / identifiers (e.g., to avoid showing the same ad repeatedly, detect invalid traffic).
General location (coarse geolocation inferred from IP address) for appropriate ad serving.
Contextual page information (topic of the page you are viewing).
Signals from participating ad partners for personalization where enabled and lawful; if you disable personalization or withhold consent in regions requiring it, Ezoic will serve contextual or non-personalized ads.
13.2 Personalization vs. Non-Personalized Ads
In regions requiring consent (e.g., EEA/UK), if you decline advertising cookies or personalization, Ezoic will serve non-personalized ads (which rely on contextual information and basic geo). Outside those regions you can still adjust your preferences via Ezoic's privacy settings and partner opt-outs (see below).
13.3 Your Choices / Opt-Out
Ezoic Privacy Policy & Preferences: Learn more at ezoic.com/privacy-policy. Where available, use the on-site Ezoic consent/prefs to adjust choices.
California (CPRA): Participation in programmatic advertising via Ezoic could be interpreted as a “sale” or “sharing” of cross-context behavioral advertising identifiers. We do not exchange your direct account registration information (e.g., email) for money. To request non-personalized ads / opt out of “sale” or “sharing,” adjust on-site preferences where available and/or contact us at privacy@sciencebowl.org. We will honor user-enabled global privacy control (GPC) signals once the site-level mechanism is implemented.
Blocking Technologies: You may use browser settings, extensions, or built-in tracking prevention features; doing so may reduce ad relevance but the site’s core functionality should continue to operate.
13.4 Data Separation
We do not intentionally merge Ezoic advertising cookie data with directly identifying Firebase account data (such as your email) except in aggregated, non-identifying analytics or where we obtain a separate legal basis (e.g., consent).
13.5 Retention & Control
Advertising cookies are controlled by Ezoic and participating ad partners; retention and processing are governed by their policies. We do not receive raw advertising cookie values; we may receive aggregated reporting (e.g., page-level impressions). For details see Ezoic’s documentation linked above.
13.6 Future Consent / Preference Mechanism
If not already present, we plan to implement a consent / preference banner for regions requiring explicit choice. This Policy will be updated when that mechanism is live.
14. Changes to this Policy
We may update this Policy to reflect changes in features, legal requirements, or infrastructure. The “Last updated” date will change. Material changes will be highlighted for a reasonable period or communicated through the Service.