Skip to main content
TirageAuSort.io

Privacy Policy

Last updated: 3 May 2026 · Effective date: 3 May 2026

This policy explains what data TirageAuSort.io collects about you when you use the site, what it is used for, who has access to it, how long it is kept and what rights you have to control it.

It is written to be read, not to discourage you. If anything remains unclear, write to us at contact@tirageausort.io and we will explain it.

This policy simultaneously complies with:

  • the European General Data Protection Regulation (GDPR);
  • Quebec Law 25 on the protection of personal information;
  • the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA);
  • the California Consumer Privacy Act (CCPA) for California residents.

1. Data controller

TirageAuSort.io editorial team

Based in Quebec, Canada.

Contact: contact@tirageausort.io

The site is operated by a single person. There is no formally appointed Data Protection Officer (DPO) — this is not legally required given the size and nature of the site — but all GDPR or Law 25 requests are handled personally at the address above.

2. Guiding principle: minimisation

Before getting into the detail, here is the logic that shapes everything else: the random-draw tools offered on the site do not process any personal data. When you flip a coin, spin the wheel or roll the dice, the calculation happens directly in your browser, with no round-trip to our servers. This is explained in detail in the article Under the hood of TirageAuSort.io.

The data described below therefore concerns only:

  • anonymous audience measurement of the site;
  • advertising displayed by our ad platform;
  • optional user accounts (currently being rolled out).

You can use all the tools on the site without creating an account, and even without accepting non-essential cookies. In that case, no personal data leaves your device.

3. Data collected and purposes

3.1 Data stored locally (no transmission)

Some preferences are stored in your browser's localStorage — a local storage area that never leaves your device:

  • display theme (light / dark);
  • sound preference (on / off);
  • history of draws performed;
  • cookie consent choice for non-essential cookies.

This data is never transmitted to us and we cannot access it. You can erase it at any time via your browser settings.

3.2 Essential cookies

A few cookies are strictly necessary for the site to function (storing your consent choice, language preference, spam prevention on forms). They do not require your consent, in accordance with Article 5(3) of the ePrivacy directive.

Name Purpose Duration
cookieConsent Remember your cookie choice 6 months
theme Theme preference Permanent
soundEnabled Sound preference Permanent

3.3 Audience measurement (Google Analytics 4)

Purpose. Understand which pages of the site are viewed, from which countries and on which devices, in order to guide editorial priorities.

Data collected. Truncated (anonymised) IP address, pages visited, visit duration, device type, browser, traffic source. No data is used to identify you individually.

Legal basis. Explicit consent via the cookie banner. If you refuse, GA4 is not loaded at all.

Duration. 14 months maximum on Google's side, in line with the settings recommended by the French CNIL.

3.4 Advertising (Ezoic and its partners)

Purpose. Cover the site's hosting and development costs through advertising orchestrated by Ezoic, a US-based ad-monetisation platform.

Main subprocessor. Ezoic Inc. (United States), which acts as the ad platform and orchestrates third-party partners (Google AdSense, Criteo, Index Exchange, OpenX, Magnite, and other programmatic auction networks) to display the most relevant ads.

Data collected. When advertising is enabled, Ezoic and its partners may set cookies to measure ad performance and, if you consent, personalise the ads shown to you. The full detail is documented in Ezoic's privacy policy and in the IAB partner list they use.

Legal basis. Explicit consent via the cookie banner. If you refuse personalised advertising, Ezoic will display non-personalised ads based solely on the page context.

Duration. Variable depending on the cookie, generally between 30 days and 13 months. See the Ezoic documentation for details.

3.5 User account (Supabase, optional)

An optional account system is being rolled out to allow bug reporting, game suggestions, saving favourites and consulting your draw history. As long as you do not create an account, none of the data below is collected.

If you create an account (via email magic link or Google OAuth), we store:

  • your email address (login identifier);
  • a nickname you choose (editable at any time);
  • your language preference among the seven supported;
  • the account creation and last modification dates;
  • your favourites, reports and proposals if you submit any.

No password is stored — authentication works via single-use magic links or Google OAuth.

Legal basis. Performance of the service you requested by creating an account (Article 6.1.b GDPR).

Duration. As long as your account exists. Account deletion is immediate upon your request, from your profile page. Audit logs are kept for two years and anonymised once the account is deleted.

3.6 Reporting and moderation data

If you report content, suggest a game or propose an improvement, we keep your submission and the identifier of your account (if you were signed in) so we can process the report and prevent abuse. A Turnstile captcha system (Cloudflare) protects these forms from bots; it does not collect personally identifiable data.

4. Recipients of the data

Your data is never sold, never rented, never shared with data brokers. The only third parties with access are the following technical subprocessors, each bound by a GDPR-compliant data processing agreement (DPA):

Subprocessor Role Data location
Netlify, Inc. Site hosting (static frontend) United States
Supabase, Inc. Database, authentication, server functions Europe (eu-west region)
Google LLC Audience measurement (Google Analytics 4) United States (Data Privacy Framework)
Ezoic Inc. Advertising platform (orchestration of multiple partners: Google AdSense, Criteo, Index Exchange, OpenX, Magnite, etc.) United States (Data Privacy Framework)

Links to each subprocessor's privacy policy are available in our Legal Notice.

5. Transfers outside the European Union

Some data transits through servers located in the United States (Netlify, Google, Ezoic). These transfers are governed by:

  • the Standard Contractual Clauses approved by the European Commission for Netlify;
  • the EU–US Data Privacy Framework for Google and Ezoic.

User account data (Supabase) is stored in Europe (eu-west region).

6. Retention periods — summary

Category Duration
localStorage preferences Until you erase them via your browser
Consent cookies 6 months, then a new consent is requested
Analytics cookies (GA4) 14 months maximum
Advertising cookies (Ezoic and partners) Variable depending on the partner (30 days to 13 months). Details in the Ezoic policy.
Active user account As long as the account exists
Deleted user account Immediate erasure; anonymised audit logs kept for 2 years
Sessions (JWT) 1 hour (token) / 30 days (refresh)

7. Your rights

7.1 Rights granted by the GDPR (EU residents)

  • Access. Obtain a copy of the data we hold about you.
  • Rectification. Correct inaccurate data.
  • Erasure ("right to be forgotten"). Request the deletion of your data.
  • Portability. Recover your data in a structured, machine-readable format (JSON export via the profile page, feature being deployed).
  • Objection. Object to the processing of your data on grounds relating to your particular situation.
  • Restriction. Request the temporary suspension of processing.
  • Withdrawal of consent. At any time, without affecting the lawfulness of prior processing.

To exercise these rights, write to contact@tirageausort.io with "GDPR request" in the subject line. We respond within 30 days maximum, in accordance with the regulation.

You can also lodge a complaint with the supervisory authority of your country — for example the CNIL in France, the APD in Belgium, or the Federal Commissioner in Switzerland.

7.2 Rights granted by Quebec Law 25 (Quebec residents)

Quebec's Law 25 grants equivalent rights: access, rectification, withdrawal of consent, portability (since September 2024). To exercise them, the same address applies: contact@tirageausort.io. You can also file a complaint with the Commission d'accès à l'information du Québec.

7.3 PIPEDA rights (Canadian residents outside Quebec)

Canadian residents outside Quebec benefit from the rights provided by PIPEDA: access to and correction of their personal information. Complaints can be filed with the Office of the Privacy Commissioner of Canada.

7.4 CCPA rights (California residents)

California residents have the following rights: to know what data is collected, to request its deletion, to opt out of its sale (we do not sell any data). Requests go to the same address.

8. Minors

The site is not specifically aimed at children, but its tools (Coin Flip, Wheel, dice) are accessible to anyone. In accordance with the GDPR and Canadian practice, we do not knowingly collect personal data from children under 13 (16 in some EU member states, depending on local transposition).

If you are a parent or guardian and notice that a minor has submitted data via an account or form, contact us: we will delete it without delay.

9. Security

All communications with the site are encrypted via HTTPS. The database is protected by strict access rules (Row-Level Security) enforced at the Supabase level. No user password is stored, authentication relying on single-use magic links or Google OAuth. Audit logs keep an immutable trace of sensitive actions.

10. Cookies — practical summary

You manage your cookie preferences from:

  • the consent banner shown on your first visit;
  • the "Manage my cookies" link present in the footer of every page;
  • your browser settings (Chrome, Firefox, Safari, Edge — all let you block or delete cookies at any time).

Refusing non-essential cookies does not prevent you from using the site's tools.

11. Changes to the policy

This policy may be modified to reflect technical, regulatory or editorial developments. In the event of a substantial change (new category of data, non-equivalent new subprocessor, change of purpose), a notice will be displayed on the site for at least 30 days before it takes effect, and users with an account will be notified by email. The last update date appears at the top of this page.

12. Contact

TirageAuSort.io editorial team

contact@tirageausort.io

Quebec, Canada

See also our Contact page for other types of requests, and the Legal Notice for the formal details of the publisher and hosting provider.