Authentication
KrazyPickles uses managed authentication, including magic-link and supported social sign-in flows. Passwords are not stored by the KrazyPickles application itself.
Security and privacy
KrazyPickles stores contact details, private group context, and match history, so access control is product behavior, not a decorative policy page. These are the current practices and the channel for reporting concerns.
Last reviewed July 12, 2026
KrazyPickles uses managed authentication, including magic-link and supported social sign-in flows. Passwords are not stored by the KrazyPickles application itself.
Application data is stored in Supabase. Access checks and row-level policies are used to limit sensitive operations, with elevated service credentials kept on the server rather than shipped to browsers.
Detailed match recaps, personal context, and weekly krewe reports are intended for the relevant krewe members or match participants. Public pages focus on appropriate scores, product information, and court research.
Production is served over HTTPS through Vercel. Secrets are managed as server-side environment variables, admin actions are permission-checked, and security-focused tests are added around sensitive workflows.
Email a clear description, affected URL or account, and reproduction steps. Please do not include passwords, API keys, or another player’s sensitive information in the message.
matches@krazypickles.com