TRUST & PRIVACY
How this site handles your data
This page is maintained by the operators of the Haitian Reality Show fan site to answer common questions about security, privacy, and the data we hold. It is editable site content, not an independent audit or certification.
Important: this site is a fan page and is not affiliated with the show owners.
ACCESS
Authentication & admin access
The public site does not require an account to read pages or react to highlights. A single private admin area is used by the site operators to publish content; it lives behind a password-gated dashboard.
Admin credentials are stored as bcrypt password hashes, never in plain text. Admin tables (accounts, settings, login attempts, activity log) are not readable through the public API โ only the server-side admin code, running with a privileged service key, can read them.
HOSTING
Platform & hosting
The site is built and hosted on Lovable, which runs the application on managed edge infrastructure with HTTPS by default. The database and file storage are provided by Lovable Cloud (Supabase). These are platform capabilities provided by Lovable; this is not a Lovable certification of this site.
DATA WE COLLECT
What we store
The site stores the following kinds of data:
- Public show content: cast bios, photos, daily recaps, highlights, hosts, videos.
- Engagement counters: anonymous reaction and view counts on highlights and contestant vibes. These do not require an account and are not tied to individuals.
- Fan submissions: links and optional notes you send in. These are private to the admins and are not visible to other visitors.
- Season subscribers: an email address you provide if you opt in to be notified about the next season. Stored in a private table that no other visitor can read.
- Admin activity log: a server-side record of administrative actions (who changed what), used for operational integrity. Not exposed publicly.
ACCESS CONTROL
How data is protected
Database row-level security is enabled on every table. Public, anonymous, and signed-in visitors are explicitly denied read access to admin tables, the activity log, fan submissions, and the subscriber list. Reads of those tables only happen through server-side code that the operators control.
Photos and uploaded assets live in a private storage bucket and are served through a controlled image route, not direct public links.
EMAIL & NOTIFICATIONS
If you subscribe
If you submit your email to be notified about the next season, your address is stored only for that purpose and is not shared, sold, or shown publicly. Email format and length are validated when submitted.
To request removal of your email, contact the site operators using the contact details on the homepage and we will remove it.
THIRD PARTIES
Embedded services
Some pages embed third-party content (for example a YouTube live player and embedded chat). When you interact with those embeds, the third party (e.g. YouTube/Google) may set cookies and process data under their own privacy policies.
SCOPE
What this page does not promise
This page describes current practices visible in the app and on the platform. It is not a guarantee against all security incidents, and it does not claim SOC 2, ISO 27001, HIPAA, PCI, or GDPR certification. Operators of the site, the Lovable platform, and visitors each have shared responsibility for keeping accounts and devices secure.
CONTACT
Reporting a security issue
If you believe you have found a security issue or want your data removed, please reach out via the contact links on the homepage. We aim to respond as soon as we can.
This content is maintained by the site operators and may be updated over time.