RRS.org runs on Amazon Web Services (AWS), one of the most widely trusted cloud platforms in the world. All data is stored in encrypted databases within AWS that are accessible only through this application. Every connection to the site uses HTTPS with TLS encryption, the same standard used by banks and financial institutions, ensuring that all data transmitted between your browser and our servers is protected in transit.

Passwords are never stored in plain text. They are protected using bcrypt, an industry-standard one-way hashing algorithm, so even RRS.org administrators cannot read your password.

Access to event data is strictly limited. Only officials who have been explicitly added to an event by the PRO or Chief Judge can see the personal information for that event — specifically, competitor names, email addresses, and phone numbers. No one else, including other registered RRS.org users, can access that information.

The public-facing pages of an event show only the same information that would appear on a physical Official Notice Board: hearing schedules, decisions, scoring inquiries, and rule 42 penalties. Competitor contact details are never exposed publicly.

RRS.org collects the minimum information necessary to provide its services. For registered users this is a name and email address, with an optional phone number for SMS notifications. For competitors at an event, the same information is either provided by the competitor themselves when filing a protest electronically, or imported from the event entry system by the event organizer — the same information a paper protest form has always collected.

That data is used solely for communicating about the event: hearing schedules, decisions, scoring inquiries, rule 42 penalties, and check-in notifications. It is used for no other purpose.

RRS.org does not sell, rent, or share any user or competitor data with any third party, for any purpose. Data collected during an event is used exclusively to provide the services for that event. Once an event concludes, the data remains accessible to the appointed officials for records purposes but is never disclosed externally or transferred to other organizations.

The EU General Data Protection Regulation (GDPR) has been in effect since May 2018. RRS.org meets all GDPR requirements: we collect only the basic identity information needed to operate the service, do not process sensitive personal data, and provide clear disclosure of how data is used. The standard language in most event entry forms satisfies the GDPR disclosure requirement for competitors.

RRS.org also complies with the Children Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Our full Privacy Policy is linked in the footer of every page on the site.