SquadPicks logo SquadPicks

Privacy Policy

Last updated: May 2026

We value your privacy. This Policy explains how we collect, use, and protect your personal information. This Policy complies with the core requirements of the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

Registration data: email, nickname, (optional) avatar, language preference, timezone preference. Login credentials: password hash (bcrypt, irreversible) or OAuth provider account identifier. In-room activity: predictions, banter messages, join/leave history. Technical data: IP address (used solely for security auditing and rate limiting; auto-deleted after 30 days), browser User-Agent.

2. How We Use Your Information

(a) Providing and operating the service (account management, prediction scoring, leaderboard rendering); (b) Fraud and abuse detection; (c) Sending account security notifications and (opt-in) tournament reminder emails; (d) Improving product experience (aggregated statistics, non-identifying); (e) Compliance investigations (only when legally compelled).

3. We Do Not Sell Your Data

We share data with third parties only as strictly necessary: (a) Third-party billing partners — only the minimum information required to process payments; (b) Email delivery service (AWS SES) — only recipient email and message body; (c) Legal obligations (in response to lawful government requests).

4. Cookies and Sessions

We use: (a) JWT session cookie — to maintain your login state; (b) Locale preference cookie — to remember your selected interface language; (c) CSRF anti-forgery token — for form submission security. We do not use third-party advertising or tracking cookies.

5. GDPR Rights (EU / EEA Users)

You have the right to: access your personal data; correct inaccurate data; delete your data ("right to be forgotten"); export your data (data portability); object to processing; withdraw consent. Email [email protected] to exercise these rights — we will respond within 30 days.

6. CCPA Rights (California Users)

You have the right to: know the categories of personal information collected; request deletion of your personal information; opt out of the sale of personal information (we do not sell to begin with); be free from discrimination for exercising these rights.

7. Data Retention

During account lifetime: all predictions, messages, and payment records are retained for leaderboard and historical review purposes. After account deletion: identifiable information is anonymized or deleted within 30 days; predictions and messages may be retained as anonymized IDs for aggregate statistics.

8. Minors

This service is not directed at individuals under 18 years of age. If we discover that we have inadvertently collected information from a minor, we will delete it immediately.

9. Contact Our Privacy Officer

For privacy-related questions, please contact [email protected]. Operating entity: Chengdu Zhongfu Yingtai Technology Co., Ltd. (China).