Draft Caddie Privacy Policy

We collect only what we need to run a pool. Specifically:

• Email address — required for sign-in. We use one-time codes; we do not store passwords.
• Display name — chosen by you; used to identify you within your pools.
• League activity — pools you create or join, your draft picks, your team, your manager queue, in-app feedback you submit, and any optional notes (e.g. an informational buy-in amount you choose to display to your group).
• Technical data — timestamps of logins, league actions, and edits; basic device/browser information for troubleshooting.
• Push notification token — only if you opt in to notifications via your device or browser.

We do not collect Social Security numbers, payment card information, or any other sensitive identifiers. We do not handle pool buy-in money — any money between members of a pool is handled offline, directly between you and your group, and the Service has no record of it.

• To authenticate you and grant access to your pools.
• To display your display name and team within pools you are a member of.
• To send transactional emails (sign-in codes, draft reminders, league updates, results notifications, and similar).
• To send optional push notifications you have enabled.
• To respond to support requests and feedback you submit.
• To improve the Service (e.g. fix bugs, understand usage patterns at an aggregate level).

We do not sell your personal information. We do not share it with third parties for advertising.

• Within a pool you join:your display name and your team’s picks and scores are visible to the other members of that pool. Your email address is not shown to other members.
• To pool commissioners: the commissioner of a pool you join can see the display names of all members. Emails are not shared with the commissioner.
• Public pages: we do not expose user information on public pages outside an authenticated pool.

We rely on a small number of providers to run the Service. Each handles only the data necessary for its function:

• Supabase — database and authentication.
• Vercel — application hosting.
• Cloudflare — DNS and email routing.
• Resend — transactional email delivery.
• ESPN public data— we read live tournament data from ESPN’s public endpoints. ESPN does not receive your personal information from us.

These providers are bound by their own privacy practices.

We use only strictly-necessary cookies for sign-in and session management. See our Cookie Policy for the full list. We do not use advertising cookies, cross-site tracking, or third-party analytics that profile you.

• View, correct, or update your display name in your account settings.
• Opt out of push notifications in your device or browser.
• Request a copy or deletion of your data by emailing [email protected]. We will respond within a reasonable time.

We retain your account and league data while your account is active. Pool history may be retained indefinitely to preserve cumulative records for your group. You may request deletion of your account at any time, after which we will remove personal identifiers from our records.

We take reasonable precautions to protect your information: data is transmitted over HTTPS, sessions are managed via secure cookies, and access is gated by row-level security in our database. No system is perfectly secure, but we will not store or transmit information we do not need.

The Service is intended for adults. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided information to us, contact [email protected] and we will delete it.

We may update this Policy from time to time. The “Last updated” date above will reflect the latest revision. Material changes will be communicated to existing users via email.

Questions or requests: [email protected]