DA Science Bowl ("we", "us", or "our"), also referred to as "DA SciBowl", provides online tools to help users practice Science Bowl style questions. This website is not affiliated with the Davidson Academy of Nevada, the US Department of Energy, the US DOE Office of Science, or the National Science Bowl. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our website located at sciencebowl.org (the "Service"). We build on Google Cloud Platform ("GCP") and Firebase services. By using the Service, you agree to the practices described here.
1. Quick Summary
We minimize personal data. Core functionality currently uses Firebase Authentication (optional), Firestore, and a simple HTTPS Cloud Function for answer checking.
We do not sell personal information.
We use GCP / Firebase as infrastructure subprocessors; data may be processed in the United States or other regions Google operates.
We display ads via Google AdSense. Google may use cookies or similar technologies to serve, personalize (where permitted), and measure ads. You can opt out / adjust personalization (see Advertising & Cookies).
You can request deletion of your account data at any time (see Your Rights).
2. Scope
This Policy applies to information we process when you access or use the Service. It does not cover third-party sites that link to or from our Service.
3. Information We Collect
3.1 Provided Directly by You
Authentication Data: If you sign in (e.g., email/password, Google Sign-In, or other Firebase providers once enabled), Firebase stores basic profile data (display name, email, UID, provider data).
User-Generated Content: Practice preferences or progress metrics (if/when implemented) stored in Firestore.
Support Communications: Emails or messages you send to us.
3.2 Collected Automatically
Usage Logs: Standard HTTP request logs (IP address, user agent, referrer, timestamps, function invocation metadata) captured by Google Cloud for security and reliability.
Device / Technical Data: Browser type, operating system, pages viewed, approximate region inferred from IP (not stored by us separately but may appear in GCP logs).
Cookies / Local Storage: (a) Essential / functional: Firebase Authentication tokens, session state, UI preferences. (b) Advertising / measurement (third-party): Google AdSense may set or read cookies and similar identifiers (e.g., to prevent fraud, cap frequency, measure performance, and—where consent or applicable legal basis exists—personalize ads). See Advertising & Cookies.
Service Providers: Additional processors (if added later) for email delivery or performance monitoring (will be updated here).
Legal / Safety: To comply with law, respond to lawful requests, or protect rights, safety, or property.
Aggregated Insights: Non-identifying statistics (e.g., number of generated rounds) that cannot reasonably identify a user.
7. International Data Transfers
Data may be processed in the United States and other regions where Google operates infrastructure. Google’s data center locations and transfer safeguards (such as Standard Contractual Clauses) apply to Firebase services. Where required, we rely on appropriate safeguards under GDPR Art. 46.
8. Data Retention
Account profile data: retained until you request deletion or your account becomes inactive for an extended period (currently target 24 months of inactivity, subject to implementation).
Authentication logs and security logs: per Google’s default retention windows.
Support emails: retained as long as necessary to resolve the inquiry and maintain auditability.
We use Firebase and GCP security controls such as access control (IAM), Firestore security rules, TLS encryption in transit, and Google-managed encryption at rest. No method of transmission or storage is 100% secure; we strive to use industry-standard safeguards while minimizing stored personal data.
10. Your Rights & Choices
Depending on your jurisdiction, you may have rights to:
Access, correct, or export personal data.
Delete your account and associated personal information.
Object to or restrict certain processing.
Withdraw consent where processing relied on consent.
Non-discrimination for exercising privacy rights (California).
How to exercise: Email us at privacy@sciencebowl.org (or use an in-app feature when available). We may request verification (e.g., confirming control of the signed-in account).
11. Children’s Privacy
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us to request deletion.
12. Do Not Track
We do not respond to browser Do Not Track signals at this time. We limit tracking to essential operational logging and optional first-party analytics (if implemented later, this policy will be updated).
13. Advertising & Cookies (Google AdSense)
We display advertisements provided by Google AdSense. Google (and its advertising partners) may use cookies or similar technologies (e.g., local storage, device identifiers) to serve ads, detect fraud/abuse, and measure ad performance. Where required (e.g., EEA/UK), we will obtain user consent before Google sets non-essential advertising cookies or uses data for personalized ads.
13.1 What Data May Be Used for Ads
Ad cookies / identifiers (e.g., to avoid showing the same ad repeatedly, detect invalid traffic).
General location (coarse geolocation inferred from IP address) for appropriate ad serving.
Contextual page information (topic of the page you are viewing).
Existing Google ad personalization signals associated with your Google account (only if you are signed into Google and have not disabled ad personalization, and where legal basis exists).
13.2 Personalization vs. Non-Personalized Ads
In regions requiring consent (e.g., EEA/UK), if you decline advertising cookies or personalization, we will request that Google serve non-personalized ads (which rely on contextual information and basic geo). Outside those regions you can still opt out of personalized ads via Google settings (see below).
California (CPRA): AdSense participation could be interpreted as a “sale” or “sharing” of cross-context behavioral advertising identifiers. We do not exchange your direct account registration information (e.g., email) for money. To request non-personalized ads / opt out of “sale” or “sharing,” adjust Google Ad Settings and/or contact us at privacy@sciencebowl.org. We will honor user-enabled global privacy control (GPC) signals once the site-level mechanism is implemented.
Blocking Technologies: You may use browser settings, extensions, or built-in tracking prevention features; doing so may reduce ad relevance but the site’s core functionality should continue to operate.
13.4 Data Separation
We do not intentionally merge AdSense cookie data with directly identifying Firebase account data (such as your email) except in aggregated, non-identifying analytics or where we obtain a separate legal basis (e.g., consent).
13.5 Retention & Control
Advertising cookies are controlled by Google; retention and processing are governed by Google’s policies. We do not receive raw advertising cookie values; we may receive aggregated reporting (e.g., page-level impressions). For details see Google’s documentation linked above.
13.6 Future Consent / Preference Mechanism
If not already present, we plan to implement a consent / preference banner for regions requiring explicit choice. This Policy will be updated when that mechanism is live.
14. Changes to this Policy
We may update this Policy to reflect changes in features, legal requirements, or infrastructure. The “Last updated” date will change. Material changes will be highlighted for a reasonable period or communicated through the Service.