Privacy Policy

[Company Name], LLC ("Company," "we," "us," or "our"), a Florida limited liability company, operates the Picks sports analysis platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service. This policy complies with applicable Florida law, including the Florida Information Protection Act (FIPA), and provides disclosures required by the California Consumer Privacy Act (CCPA/CPRA) for California residents.

BY USING THE SERVICE, YOU CONSENT TO THE COLLECTION AND USE OF YOUR INFORMATION AS DESCRIBED IN THIS POLICY. IF YOU DO NOT AGREE, DO NOT USE THE SERVICE.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Mobile phone number, password, display name.
• Payment Information: Billing details processed by Stripe. We do NOT store your credit card numbers, CVV, or full card details on our servers. We receive only a tokenized reference from Stripe.
• Telegram Information: When you link your Telegram account, we collect your Telegram user ID and username for the purpose of granting channel access.
• Communications: Any messages, feedback, or support requests you send to us.

1.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, timestamps of access, and interactions with the Service.
• Device Information: Browser type, operating system, device type, screen resolution, and language preference.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: We use essential cookies for authentication and session management. We do not use third-party advertising cookies. See Section 6 for details.

1.3 Information We Do NOT Collect

• Social Security numbers or government-issued ID numbers;
• Betting history, wager amounts, or gambling account information;
• Precise geolocation data (GPS);
• Biometric data;
• Information about children under 18.

2. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To create and manage your account, process subscriptions, deliver Content, and grant Telegram access.
• Billing: To process payments, issue receipts, manage subscriptions, and handle billing disputes through Stripe.
• Communications: To send you account-related notifications (e.g., OTP codes, subscription confirmations, billing alerts). We do not send promotional email unless you opt in.
• Security: To detect and prevent fraud, unauthorized access, and abuse of the Service.
• Service Improvement: To analyze usage patterns and improve the functionality, performance, and user experience of the Service.
• Legal Compliance: To comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

• Stripe (Payment Processor): Payment and billing data necessary to process your subscription. Stripe's handling of your data is governed by Stripe's Privacy Policy.
• Supabase (Infrastructure Provider): Account data stored in our database, hosted by Supabase. Supabase processes data under our instructions and in accordance with their data processing agreement.
• Telegram: Your Telegram user ID is used to manage access to private channels. We do not share your Telegram data with other third parties.
• Mux (Livestream Provider): If you access livestreams, your playback request is served by Mux. No personal information beyond IP address and standard request headers is shared with Mux.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. After account deletion or subscription termination:

• Account data: Deleted within 30 days of account deletion request, except as required for legal compliance.
• Billing records: Retained for 7 years as required by tax and financial reporting laws.
• Aggregated/anonymized data: May be retained indefinitely for statistical analysis purposes. This data cannot be used to identify you.
• Security and audit logs: Retained for up to 2 years for fraud detection and legal compliance.

5. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest;
• Secure authentication with password hashing and OTP verification;
• Row-level security (RLS) policies in our database to prevent unauthorized data access;
• Regular security reviews and access controls;
• Webhook signature validation for all third-party integrations.

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Data Breach Notification (FIPA Compliance)

In accordance with the Florida Information Protection Act (Fla. Stat. § 501.171), in the event of a data breach involving your personal information, we will notify affected individuals within 30 days of discovery, or as otherwise required by law. Notification will include the nature of the breach, the types of information involved, the steps we are taking, and guidance on how you can protect yourself.

6. Cookies and Tracking Technologies

We use the following types of cookies:

• Strictly Necessary Cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
• Analytics Cookies: We may use basic analytics to understand how the Service is used. These do not track you across third-party sites.

We do not use: Third-party advertising cookies, retargeting pixels, or cross-site tracking technologies. We do not share cookie data with advertisers.

7. Your Privacy Rights

7.1 All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you;
• Request correction of inaccurate information;
• Request deletion of your account and personal data (subject to legal retention requirements);
• Withdraw consent for non-essential data processing;
• Opt out of promotional communications.

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the CPRA:

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out, but you may still exercise this right.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact us at privacy@[yourdomain].com or through your account settings. We will verify your identity before processing requests. We will respond within 45 days, with one 45‑day extension if necessary.

7.3 Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. We honor DNT signals and do not track users who enable this feature.

8. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

9. International Users

The Service is operated in the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer and processing. We do not specifically target users in the European Economic Area (EEA) and do not currently offer GDPR-specific data subject rights beyond those described in Section 7.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last Updated" date above. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

[Company Name], LLC
Privacy Inquiries
[Street Address]
[City], Florida [ZIP]
Email: privacy@[yourdomain].com