Privacy Policy

Last updated: April 2025

Trailblazers & Jailbreakers ("we", "us", or "our") is committed to protecting your personal information. This policy explains what we collect, why we collect it, how we use it, and your rights — in plain English, as required by Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Who we are

Trailblazers & Jailbreakers is an independent fan site dedicated to women's sports. It is operated by Katrina Hawkins, based in British Columbia, Canada.

Questions about this policy or your personal data can be directed to our privacy contact listed at the bottom of this page.

2. What personal information we collect

We collect only what is necessary for the purposes described below:

Email address — when you create an account or subscribe to our newsletter.
Your name — optionally provided at sign-up; stored only in your own browser (we do not store names on our servers).
IP address at the time of sign-up — recorded once as part of the consent audit trail required by PIPEDA, then not used for any other purpose.
Consent record — the exact wording you agreed to, the date and time, and the stated purposes.
Session tokens — temporary cryptographic tokens used to keep you signed in for up to 30 days.

We do not collect passwords, payment information, or any sensitive personal information.

3. Why we collect it and how we use it

We collect your email address for the following purposes, which you consent to at sign-up:

Passwordless sign-in — we send you a one-time magic link so you can access your account without a password. These links expire after 15 minutes and can only be used once.
Newsletters and articles — we may send you updates about women's sports coverage on the site. You can unsubscribe at any time.
General communications — occasional site announcements, if applicable.

We do not use your information for advertising, profiling, or any automated decision-making.

4. Who we share your information with

We do not sell or rent your personal information. We share it only with the service providers necessary to operate the site:

Cloudflare, Inc. (United States) — hosts our website and stores the email database under Cloudflare's Data Processing Agreement. Data is stored on servers in the Western North America region.
Resend, Inc. (United States) — delivers sign-in and newsletter emails on our behalf under Resend's Privacy Policy.

    Cross-border transfers: Both service providers are based in the United States.
    By creating an account or subscribing, you acknowledge that your email address and related
    data may be processed on servers located outside Canada. Both providers maintain contractual
    data protection obligations equivalent to Canadian standards under PIPEDA.
  

5. How long we keep your information

Subscriber records — kept for as long as you have an active account or newsletter subscription. If you unsubscribe, your record is deactivated but retained for legal and audit purposes for up to 2 years, then deleted.
Sign-in tokens — expire automatically after 15 minutes and are purged regularly.
Session tokens — expire after 30 days of inactivity.
Consent records — retained for the duration of your subscription plus 2 years, as required for accountability under PIPEDA.

You may request immediate deletion of all your data at any time (see Section 6).

6. Your rights under PIPEDA

As a Canadian resident, you have the following rights regarding your personal information:

Right of access — you can request a copy of all personal data we hold about you.
Right of correction — you can ask us to correct any inaccurate information.
Right of erasure — you can request permanent deletion of all your personal data.
Right to withdraw consent — you can unsubscribe from emails at any time using the unsubscribe link in any email we send, or by contacting us directly.

If you have an account, you can view and delete your own data at any time by signing in and visiting /api/my-data. To exercise any other right, or if you need assistance, contact us using the details below.

If you are unsatisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

7. Security

We take reasonable steps to protect your personal information from unauthorized access, disclosure, or misuse:

All data is transmitted over HTTPS (TLS encryption).
Sign-in tokens are cryptographically random and single-use.
Passwords are never stored — we use passwordless authentication only.
API keys and admin credentials are stored as encrypted secrets, never in source code.

8. Cookies and local storage

We do not use tracking cookies or advertising cookies. We store the following in your browser's local storage to keep you signed in and remember your preferences:

tj_session — your current session token and email address, so you stay signed in.
tj_users — your display name and favourite teams, stored locally on your device only.

This data lives only in your browser. Clearing your browser's local storage will sign you out and reset your preferences.

9. Children's privacy

This site is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. If changes are significant, we will notify active subscribers by email. Continued use of the site after changes are posted constitutes acceptance of the updated policy.

11. Contact us

For any privacy-related questions, access requests, or complaints:

Trailblazers & Jailbreakers

Privacy Contact: Katrina Hawkins

Email: [privacy@trailblazersjailbreakers.com]

Location: British Columbia, Canada

We will respond to all privacy requests within 30 days, as required by PIPEDA.