ClosedBolt Login

Privacy Policy

Version 2.0 · Effective April 3, 2026

Sprague Systems LLC ("Company," "we," "us," or "our") operates ClosedBolt (the "Platform"). This Privacy Policy explains how we collect, use, store, and protect information when you use the Platform.

ClosedBolt is intended for individuals 18 years of age or older.

1. Information We Collect

A. Information You Provide

When you create and use an account, you may provide:

  • Username
  • Email address
  • Password (stored only in hashed form)
  • Optional profile information (first name, last name, bio, discipline, location, avatar/photo)
  • External profile links (such as PractiScore, Facebook, Instagram)
  • Posts, comments, submissions, photos, and videos
  • Communications sent to us (including support or deletion requests)

You control what information you choose to provide and publish.

B. Information Collected Automatically

When you use the Platform, certain technical data may be processed for operational and security purposes, including:

  • Session authentication data
  • Browser and device type information
  • IP address at the time you accept the Terms of Service
  • Push notification device tokens (if you enable push notifications)

IP addresses are stored in our database only at the time of Terms of Service acceptance. We do not log IP addresses for general browsing, posting, or login activity.

2. Profile and Content Visibility

ClosedBolt is a login-required platform.

Profiles and user-generated content are viewable only by registered users who are logged in. Content is not intended for public indexing.

Other logged-in users may see the content you choose to post. You should not share information you do not wish other members to view.

3. Cookies and Essential Technologies

We use only essential first-party cookies required to operate the Platform, including:

  • Session authentication cookies
  • CSRF security cookies
  • Two-factor authentication device cookies (if enabled)

We also use Cloudflare Turnstile for bot prevention during account creation and password reset. Turnstile may process technical data, including IP address, to verify legitimacy.

We do not use advertising trackers or marketing pixels.

4. How We Use Information

We use information to:

  • Operate and maintain user accounts
  • Provide posts, comments, and challenge submissions
  • Maintain leaderboards and platform features
  • Enforce our Terms of Service and Community Standards
  • Prevent abuse, spam, and automated attacks
  • Send transactional emails (verification, password reset)
  • Diagnose errors and maintain system reliability

We do not sell personal information.

5. Media Storage

Photos and videos are stored using private cloud storage.

Media files are accessed through time-limited signed URLs, which typically expire after approximately one hour.

Temporary upload files are automatically deleted after short retention periods as part of routine system cleanup.

6. Abuse Prevention and Security Processing

To protect the Platform:

  • IP addresses may be temporarily processed and stored in a hashed form in an in-memory cache (Redis) for rate limiting and abuse prevention.
  • These records automatically expire (typically within one hour).
  • Cloudflare provides network-level security and bot mitigation.

We implement reasonable administrative, technical, and organizational safeguards to protect user data. However, no system can be guaranteed 100% secure.

7. Push Notifications

If you choose to enable push notifications in the mobile app, we collect and store a device token provided by Apple Push Notification service (APNs). This token is used solely to deliver notifications to your device (such as comments, likes, mentions, and achievement updates).

We store device tokens in our database, associated with your user account. Device tokens are:

  • Used only to send push notifications you have opted into
  • Not shared with third parties or used for advertising
  • Automatically deactivated when Apple reports they are no longer valid
  • Deactivated when you unregister your device or disable push notifications; inactive device token records are periodically deleted after a limited retention period (typically about 30 days)
  • Permanently deleted when you delete your account

You can control which types of notifications you receive through the notification preferences in the app settings. You can disable push notifications entirely through your device's system settings at any time; when you do, the associated device token is deactivated and may be deleted later as part of our routine cleanup process.

8. Third-Party Service Providers

We rely on trusted service providers to operate the Platform:

  • Amazon Web Services (AWS) — infrastructure and file storage
  • Apple Push Notification service (APNs) — delivery of push notifications to iOS devices
  • Mailgun (Sinch) — transactional email delivery
  • Cloudflare — content delivery, DDoS protection, bot prevention
  • Sentry — error monitoring and debugging

When application errors occur, Sentry may receive technical data and limited user identifiers (such as username or email address) necessary to diagnose issues.

These providers process information on our behalf in accordance with their own privacy policies.

9. Moderation and Enforcement Data

We may store and process information related to moderation, including:

  • User reports
  • Submission review decisions
  • Mute or ban status
  • Administrative notes related to enforcement

This data is used solely to maintain community standards and enforce the Terms of Service.

10. Data Retention

We retain information for as long as reasonably necessary to:

  • Operate the Platform
  • Maintain security and integrity
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

Temporary operational data (such as draft content and upload staging files) may be automatically deleted after short periods.

Database Backups

We maintain automated database backups for disaster recovery purposes. Backups are retained for up to 7 days. Deleted data may persist in backups for up to seven (7) days before permanent removal.

11. Account Deletion

You may delete your account at any time from your profile settings page or via our API. Deletion is immediate and permanent.

When you delete your account, the following data is permanently removed:

  • Your profile and personal information
  • All posts, comments, and likes
  • All uploaded photos and videos
  • All drill submissions, badges, and match records
  • All push notification device tokens and notification preferences
  • All session and authentication data

Deleted data may persist in automated database backups for up to seven (7) days before permanent removal.

You may also contact us at [email protected] for assistance with account deletion.

12. Age Restriction

The Platform is intended for users 18 years or older. We do not knowingly collect information from minors.

13. International Users

ClosedBolt is operated from the United States (Nevada). If you access the Platform from outside the United States, your information may be transferred to and processed in the United States.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Platform after changes become effective constitutes acceptance of the revised policy.

15. Contact Information

Sprague Systems LLC
2735 Ashland Ave., Sparks, NV 89436
[email protected]