Last updated: 29 January 2026
This privacy notice for Last 4 Leaderboard describes how and why we might collect, store, use, and/or share your information when you use our services, such as when you visit our website and make a donation.
If you have any questions about this policy or about how your personal data is handled, you can contact us by:
We do not collect sensitive information, and we do not knowingly collect information from people less than 18 years old. The information that we do collect is as follows:
In all cases, the data collected is only the minimum required to conduct our business in a way that has a valid legal basis (see below).
We process your information to provide, improve, and administer our services, to arrange payment for our services, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
Technical data that is automatically collected may be used by us to analyse how the website is performing. It is not used by us to build a personal profile.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we will always rely on one of the following legal bases to collect and process your personal information:
We may share your data with third-party vendors, service providers, contractors, or agents (‘third parties’) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. They commit to protect the data they hold on our behalf. The categories of third parties we may share personal information with are as follows:
We do not sell your data to third parties or allow third parties to contact you without your permission.
From Stripe, this website receives and stores limited information for each successful donation:
This information is used solely to operate the website’s leaderboard functionality and for basic record-keeping. The leaderboard displays aggregated totals publicly and does not display names, email addresses, or full card numbers.
No third-party analytics or marketing tracking tools are used. Stripe may set its own cookies or similar technologies as necessary to process payments securely and prevent fraud.
Hosting providers and payment processors may process personal data outside the UK or European Economic Area, including to the United States.
Where international transfers occur, appropriate safeguards are relied on, such as adequacy decisions or standard contractual clauses, in accordance with UK data protection law, such as the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework.
Further details are available in Vercel’s and Stripe’s own privacy documentation.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We have implemented appropriate and reasonable technical and organisational security measures to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.
In the European Economic Area (EEA) and the United Kingdom (UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by using the contact details provided below to contact us. We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the UK and you believe we are unlawfully processing your personal information, you also have the right to complain to the Information Commissioner’s Office. You can find their contact details here: https://ico.org.uk/make-a-complaint/.
If you are located in the EU and want to make a complaint, see this list of European Data Protection Supervisors.
If you are located in Switzerland and want to make a complaint, here are the contact details of the Data Protection Commissioner.
This policy may be updated from time to time to reflect changes in the operation of the website or in legal requirements.
Any updates will be indicated by revising the “Last updated” date at the top of this page. Continued use of the website after changes take effect means the updated policy will apply to future processing.