Privacy Policy

Draftball is a category-based fantasy Premier League application operated by Stephen Schaller as an independent solo developer. This Privacy Policy explains what personal information we collect when you use Draftball at draftball.app, how we use it, and your choices about that information.

For any questions about this policy or your data, contact stephen.schaller@gmail.com.

We collect the following information when you use Draftball:

• Account information: when you sign up — your email address, name (if you sign in with Google), and a unique user identifier provided by our authentication provider.
• Team and league data: the fantasy team name, crest, colors, and roster you create; the leagues you create or join; and your draft picks, lineup choices, transfers, and trades.
• Service usage data: standard server logs (IP address, timestamps, user agent) for security and debugging. Generated automatically and retained for up to 30 days.

We do not collect payment information, location data, contacts, or any health/biometric information. We do not use third-party advertising trackers.

We use the information we collect to:

• Provide the core service: create your fantasy team, run drafts, score matchups, manage league memberships.
• Authenticate you when you sign in.
• Send service-related notifications (e.g. it's your turn to pick, your team gained/lost a match).
• Diagnose and fix bugs, prevent abuse, and improve the service.

We do not sell your personal information. We do not share your data with third parties for advertising or marketing.

To operate Draftball, we share necessary information with the following service providers, who are bound by their own privacy policies and contractual data protection obligations:

• Clerk (authentication) — stores your email, password (hashed), and OAuth identity. clerk.com/privacy
• Supabase (database hosting) — stores your team, league, draft, and matchup data on PostgreSQL. supabase.com/privacy
• Vercel (web hosting) — serves the Draftball website and runs scheduled jobs. vercel.com/legal/privacy-policy
• Google (optional sign-in) — if you sign in with Google, Google shares your email, name, and Google account identifier with Draftball. We do not request access to any other Google data (Drive, Gmail, calendar, etc.).
• Sportmonks (sports data provider) — supplies us with public Premier League player and match data. We do not share any user data with Sportmonks.

Account and team data is retained for as long as your account exists. If you delete your account or request deletion, we delete your personal information within 30 days, with the following exceptions:

• League records (your draft picks and matchup results) may be retained in anonymized form for league history continuity.
• Server logs are kept for up to 30 days regardless of account status.
• Backups are rotated on a 30-day cycle; data in backups is purged automatically as backups expire.

You have the right to:

• Access the personal information we hold about you. Email stephen.schaller@gmail.com to request a copy.
• Correct inaccurate information by editing your profile or emailing us.
• Delete your account and personal information by emailing stephen.schaller@gmail.com.
• Withdraw consent by deleting your account or signing out.

If you are a resident of the EEA, UK, or California, you have additional rights under the GDPR, UK GDPR, or CCPA respectively, including the right to data portability and the right to lodge a complaint with a regulatory authority. Contact us using the email above to exercise these rights.

Draftball is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete the information.

We use industry-standard practices to protect your data: encrypted connections (HTTPS) for all traffic, encrypted storage at rest via our hosting providers, and access controls on our systems. No system is perfectly secure, but we work to keep your data safe.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by posting a notice on the website. The "Last updated" date at the top of this page indicates when the policy was last revised.

For privacy questions, data access requests, or to delete your account, email stephen.schaller@gmail.com.