Privacy Architecture

NewTon DC Tournament Manager: total privacy by design.

Overview

NewTon DC Tournament Manager's privacy model is simple: your data lives in your browser, period. This isn't a privacy policy you have to trust — it's an architectural guarantee. Your tournament data physically cannot leave your device unless you explicitly export and share it.

All tournament data stored in browser localStorage only
No analytics, no telemetry, no tracking
No external dependencies or CDN calls
Works 100% offline — even without internet
Demo site operates identically — your data still never leaves your device

Privacy by architecture, not by policy. The system is designed so that even if we wanted to collect your data, we couldn't.

How It Works: Browser LocalStorage

What Is LocalStorage?

LocalStorage is a browser feature that stores data on your computer, isolated per website domain. When NewTon DC Tournament Manager saves your tournament, it goes into your browser's localStorage — a sandboxed area that:

Exists only on your device — not sent to any server
Domain-isolated — only NewTon DC Tournament Manager can access its own data
Persistent — survives browser restarts and reboots
Private — stored in your browser's profile directory on your hard drive

Technical Details

Storage location examples:

Chrome/Edge (Windows): %LocalAppData%\Google\Chrome\User Data\Default\Local Storage
Firefox (Linux/Mac): ~/.mozilla/firefox/[profile]/storage/default
Safari (Mac): ~/Library/Safari/LocalStorage

Most browsers allow 5–10 MB per domain. NewTon DC Tournament Manager uses ~1–2 MB for typical tournaments. A 32-player tournament with full history uses around 110 KB.

Who can access your data:

✅ You — through NewTon DC Tournament Manager's interface or browser developer tools
❌ Nobody else — not even NewTon's authors

What This Means in Practice

When you run a tournament:

You open tournament.html (locally or on the demo site)
NewTon DC Tournament Manager loads data from your browser's localStorage
All processing happens in your browser
Changes are saved back to your browser's localStorage
Nothing is transmitted anywhere

Even on the demo site, the server only delivers the HTML/CSS/JavaScript files once. After that, all data stays in your browser.

What NewTon DC Tournament Manager Doesn't Do

No Analytics

No Google Analytics, no visitor tracking, no usage statistics, no page view counters.

No Telemetry

No error reporting to external servers, no performance metrics, no feature usage tracking.

No External Dependencies

No CDN calls, no external fonts from Google or Adobe, no JavaScript libraries loaded from external sources. All assets are served from the same domain or bundled directly in the HTML file.

No Cookies

No tracking cookies, no session cookies, no authentication cookies. Browser localStorage only — not cookies.

No User Accounts

No registration, no login, no passwords, no email addresses.

NewTon DC Tournament Manager cannot "phone home" even if it wanted to. There is no analytics endpoint, no telemetry server, no external service to send data to.

Storage Architecture

Per-Tournament Isolation (v4.0+)

Starting with version 4.0, each tournament stores its data in dedicated localStorage keys:

tournament_1729251357350         → Tournament data
tournament_1729251357350_history → Transaction history
tournament_1729456789123         → A different tournament
tournament_1729456789123_history → Its history
dartsTournaments                 → Tournament registry
dartsGlobalConfig                → Global settings
dartsSavedPlayers                → Saved player names

When you delete a tournament, all associated keys are removed — no residue, no contamination between tournaments.

Export Privacy

What's Included in Exports

When you export a tournament, the JSON file contains only:

Tournament name, date, status
Player names and match results (what you entered)
Bracket structure, placements, and transaction history (for undo)

What's not included: other tournaments' data, your browser information, your IP address, your global configuration, or any metadata beyond what you typed.

Sharing Exports

If you share an export file, recipients see only the tournament name, player names, match results, and final placements. No hidden metadata, no browser fingerprints.

Demo Site Model

The demo site at newtondarts.com follows the same privacy model as local use:

Server delivers HTML/CSS/JavaScript files — a one-time download
Your browser runs the application locally
All data stored in your browser's localStorage
Server never receives any tournament data

The REST API is disabled on the demo site (NEWTON_API_ENABLED=false), making it architecturally impossible for your data to leave your device.

The demo banner says "Everything you do is stored locally in your browser. Your data never leaves your device." — this is an architectural guarantee, not a policy statement. Even the server administrator cannot access your tournament data because it never reaches the server.

Self-Hosting & the REST API

NewTon DC Tournament Manager includes an optional REST API for self-hosters who want to share tournaments across devices. This is the only exception to the "data never leaves your device" model.

What the API Does

Upload tournament exports to your server
Download shared tournaments from your server
Delete tournaments from your server
List available shared tournaments

Uploading requires an explicit action — NewTon DC Tournament Manager never uploads anything automatically.

Any file uploaded to the server must pass the Tournament Manager's import validation before it can be loaded. Files that don't match the expected tournament structure are rejected by the client — they cannot affect your tournament data.

Privacy Implications

If the REST API is enabled on your self-hosted instance, only tournaments you explicitly upload are sent to the server. Tournaments you don't upload, your localStorage content, and all configuration remain entirely local.

You control the server — self-hosted means you own the data. No telemetry or analytics are ever sent anywhere, regardless of API settings.

For the full API reference including endpoints, request/response format, and security practices, see REST API Documentation.

Recommended Configurations

Maximum privacy (public deployments):

environment:
  - NEWTON_API_ENABLED=false  # Block all API endpoints
  - NEWTON_DEMO_MODE=true     # Show privacy banner

Private self-hosting (trusted environment):

environment:
  - NEWTON_API_ENABLED=true   # Allow tournament sharing
  # Data stays on your server, under your control

Offline Operation

NewTon DC Tournament Manager works completely offline because:

No external dependencies — everything is bundled in the HTML file
No API calls required — all processing is local
LocalStorage doesn't need internet — it's a browser-native feature
No CDN calls — fonts and libraries are included

Typical offline workflow: Download tournament.html while you have internet, copy to a USB drive, open on the tournament laptop at the venue, run the entire tournament, export results when done.

Frequently Asked Questions

Can NewTon DC Tournament Manager track me if I run it locally?

No. When you open tournament.html directly from your file system, there's no network connection for data to travel over.

Can the demo site see my tournament data?

No. The server only delivers the application files once. All data is stored in your browser's localStorage, which the server cannot access.

What if I use browser sync (Chrome sync, Firefox sync)?

If you have browser sync enabled, your browser may sync localStorage data across your devices — depending on browser settings. This is a browser feature, not a NewTon DC Tournament Manager feature. Your data still doesn't go to NewTon; it goes to Google's or Mozilla's sync servers if you've enabled that. To avoid sync: use a profile without sync, use private/incognito mode, or disable localStorage sync in browser settings.

What about browser extensions?

Browser extensions with storage permissions can theoretically access localStorage. This is true for any website — it's a browser security model limitation. For maximum privacy, use a clean browser profile without extensions.

Does NewTon DC Tournament Manager comply with GDPR?

GDPR doesn't apply to NewTon DC Tournament Manager in most cases because no data is processed by the software — data stays on your device — and no personal data is collected by NewTon's authors. If you collect player names for your own club records, you are the data controller (same as using a spreadsheet).

Can I verify these privacy claims?

Yes — NewTon DC Tournament Manager is open source. View the source code at github.com/skrodahl/NewTon, inspect network requests in browser DevTools (should be zero outbound), and examine localStorage directly. Don't trust — verify.

What if I delete my browser data?

Your tournaments are deleted. LocalStorage is part of browser data. Export your tournaments regularly and keep the files somewhere safe — treat exports as your permanent backup and localStorage as working storage.

Summary

What NewTon DC Tournament Manager guarantees:

✅ Your data stored in your browser's localStorage only
✅ No analytics, telemetry, or tracking of any kind
✅ No external dependencies or network calls
✅ Works 100% offline without internet
✅ Complete data deletion when you delete a tournament
✅ Export files contain only the data you entered
✅ Demo site operates with the same privacy model
✅ Open source — verify the claims yourself

The only exception:

⚠️ The optional REST API (disabled by default on the demo site) can upload exports to a self-hosted server — only when you explicitly trigger it, and only to your own server

Privacy by architecture. NewTon DC Tournament Manager is designed so your data cannot leave your device unless you explicitly export and share it. This isn't a promise — it's how the system is built.