Privacy Policy

Last Updated: October 29, 2025

Squares Playbook ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

  • Account Information: Email address, display name, password (encrypted)
  • Profile Information: Optional profile details you choose to provide
  • Pool Information: Pool names, team names, game details, payout structures (display only)
  • Payment Information: Processed securely by Stripe (we do not store card details)
  • Communications: Messages you send to us or other users

1.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

  • Usage Data: Pages visited, features used, time spent
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, error logs
  • Cookies: Session cookies and preference cookies

1.3 Information from Third Parties

  • Supabase (Authentication): Authentication and user management
  • Stripe (Payment Processing): Subscription billing information
  • Resend (Email Service): Email delivery confirmation
  • ESPN API: Live sports scores (no personal data shared)

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our Service
  • Process your subscription and payments
  • Send you transactional emails (pool invitations, winner notifications)
  • Provide customer support
  • Improve and personalize our Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and context:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Improving our Service, preventing fraud
  • Consent: Where you have given explicit consent (e.g., marketing emails)
  • Legal Obligation: Compliance with laws and regulations

4. Sharing Your Information

4.1 We DO NOT Sell Your Information

We do not sell, rent, or trade your personal information to third parties.

4.2 Service Providers

We share information with trusted service providers who assist in operating our Service:

  • Supabase: Database and authentication (see Supabase Privacy Policy)
  • Stripe: Payment processing (see Stripe Privacy Policy)
  • Resend: Transactional emails (see Resend Privacy Policy)
  • Vercel: Hosting and infrastructure (see Vercel Privacy Policy)

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.3 Pool Participants

When you join a pool, your display name and claimed squares are visible to other pool participants.

4.4 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

  • Account Data: Retained until you delete your account
  • Pool Data: Retained for 3 years after pool completion for record-keeping
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Logs: Retained for 90 days for security and debugging

6. Your Privacy Rights

6.1 General Rights

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Request a portable copy of your data
  • Objection: Object to certain types of processing

6.2 GDPR Rights (EEA Residents)

If you are in the EEA, you have additional rights under GDPR:

  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

6.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to deletion
  • Right to non-discrimination for exercising your rights

6.4 Exercising Your Rights

To exercise any of these rights, contact us at: privacy@squaresplaybook.com

7. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure authentication (Supabase Auth)
  • Regular security audits
  • Access controls and monitoring
  • Secure payment processing (PCI DSS compliant via Stripe)

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking

8.1 Types of Cookies We Use

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings (e.g., theme preference)
  • Analytics Cookies: Help us understand how you use our Service (if implemented)

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality.

9. Children's Privacy

Our Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after changes become effective constitutes acceptance of the new Privacy Policy.

12. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.

13. Do Not Track

We do not currently respond to "Do Not Track" signals from browsers. If we implement such functionality in the future, we will update this Privacy Policy accordingly.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

15. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at: dpo@squaresplaybook.com

Privacy Summary

We collect only the information necessary to provide our Service. We don't sell your data. We use trusted service providers and implement strong security measures. You have rights to access, correct, and delete your information. Contact us anytime with privacy questions.