Privacy Policy

Last updated: March 27, 2026

1. Information We Collect

Account Information: When you register, we collect your username, email address, display name, and password (stored as a cryptographic hash). You may optionally provide a phone number for SMS notifications.

Google OAuth: If you sign in with Google, we receive your email address and display name from Google. We do not access your Google contacts, calendar, or other data.

Usage Data: We collect information about your interactions with the Service, including auction bids, market orders, and event participation.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Send transactional emails (password resets, email verification)
  • Send notification emails and SMS messages based on your preferences
  • Display your name to other participants in events you've joined
  • Calculate leaderboards, payouts, and market data
3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. Your information may be shared with:

  • Other event participants: Your display name, auction results, and market activity are visible to other participants in events you join.
  • Service providers: We use Resend for email delivery and Twilio for SMS delivery. These providers process your email/phone number solely to deliver messages on our behalf.
4. Data Security

We implement industry-standard security measures including: password hashing (bcrypt), HTTPS encryption, CSRF protection, session cookie security, and rate limiting on authentication endpoints. However, no method of transmission over the Internet is 100% secure.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we soft-delete your profile data (anonymize username and email). Auction results and market history associated with your participation may be retained for event integrity.

6. Your Rights

You have the right to:

  • Access: View your personal data on your profile page
  • Update: Modify your email, display name, and phone number
  • Delete: Delete your account through the profile page
  • Control notifications: Manage email and SMS preferences per trigger type
  • Export: Contact us to request a copy of your data
7. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics. Session cookies are marked HttpOnly, Secure, and SameSite=Lax.

8. Third-Party Services

The Service integrates with ESPN (scores), The Odds API (betting lines), and CollegeBasketballData.com (schedules) to provide sports data. These services may have their own privacy policies.

9. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or a notice on the Service.

11. Contact

For privacy-related questions or data requests, contact us at privacy@playcalcutta.xyz.