Privacy Policy
Last updated: April 6, 2026
Effective date: April 6, 2026
This Privacy Policy explains how Fantasy Fines ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use the Fantasy Fines website at fantasyfines.com and the Fantasy Fines application at app.fantasyfines.com (collectively, the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.
1. Information We Collect
Information You Provide
- Account information: Email address, display name, and password when you create an account
- Waitlist information: Email address when you sign up for our waitlist
- League data: Fine rules, fine records, payment statuses, and league configurations you create within the Service
- Payment information: Billing details processed through Stripe (we do not store your credit card number — Stripe handles this securely)
- Communications: Any messages or feedback you send to us
Information from Third-Party Platforms
When you connect your Sleeper or Yahoo fantasy football account, we import:
- League name and settings
- Team names and roster data
- Matchup scores and standings
- Player names and statistics relevant to fine calculations
We access this data in read-only mode. We do not modify your league data on Sleeper or Yahoo.
Information Collected Automatically
- Usage data: Pages visited, features used, time spent on pages, and interaction patterns
- Device information: Browser type, operating system, device type, and screen resolution
- Log data: IP address, access times, referring URLs, and error logs
- Cookies: See our Cookie Policy for details on the cookies we use
2. How We Use Your Information
We use your information to:
- Provide the Service: Calculate fines, display leaderboards, manage league data, and process payments
- Communicate with you: Send account notifications, fine alerts, and service updates you opt into
- Improve the Service: Analyze usage patterns to fix bugs, improve features, and develop new functionality
- Ensure security: Detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations: Respond to legal requests and enforce our Terms of Service
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
3. Third-Party Services
We use the following third-party services to operate the Service. Each has its own privacy policy governing its use of your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication | Account data, league data, fine records |
| Vercel | Website hosting | IP address, request logs |
| Stripe | Payment processing | Billing details, transaction records |
| Google Analytics (GA4) | Website analytics | Usage data, device info (with your consent) |
| Sleeper API | League data import | League ID (sent to Sleeper to retrieve your data) |
| Yahoo API | League data import | OAuth token, league ID (sent to Yahoo to retrieve your data) |
4. Cookies and Tracking
We use cookies and similar technologies on our website. We use Google Analytics 4 (GA4) to understand how visitors use our site. GA4 cookies are only set after you provide consent through our cookie banner.
For complete details on the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.
Do Not Track
Our website respects "Do Not Track" browser signals. When we detect a DNT signal, we do not load Google Analytics tracking scripts.
5. Data Storage and Security
Your data is stored on servers in the United States provided by Supabase (hosted on AWS infrastructure). We implement the following security measures:
- Row-level security (RLS): Database policies ensure your league data is only accessible to authenticated members of your league
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS
- Encryption at rest: Database storage is encrypted at rest
- Secure authentication: Passwords are hashed and salted; we never store plaintext passwords
- Access controls: Administrative access to production systems is restricted and logged
While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:
- Account data: Retained while your account is active; deleted within 30 days of account deletion request
- League and fine data: Retained while your account is active; deleted within 30 days of account deletion
- Waitlist emails: Retained until we launch and the waitlist is no longer needed, or until you unsubscribe
- Payment records: Retained for 7 years as required for tax and accounting purposes
- Analytics data: Google Analytics retains data for 14 months (GA4 default)
- Server logs: Retained for up to 30 days
7. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
All Users
- Access: Request a copy of the personal information we hold about you
- Deletion: Request deletion of your account and associated data
- Correction: Request correction of inaccurate personal information
- Portability: Request your data in a portable format
- Withdrawal of consent: Withdraw consent for optional data processing (such as analytics cookies) at any time
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you in the past 12 months
- Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions
- Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To exercise any of these rights, contact us at the email address listed below. We will respond to verified requests within 45 days.
Residents of Other US States
If you reside in Colorado, Connecticut, Virginia, Utah, Iowa, Tennessee, Montana, Texas, Oregon, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, or Kentucky, you may have similar rights under your state's privacy law, including the right to access, delete, correct, and opt out of the sale of personal information. Contact us to exercise these rights.
8. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 18, please contact us immediately.
9. International Users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
10. Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- Notify affected users via email within 72 hours of becoming aware of the breach
- Provide details about what information was affected and what steps we are taking
- Notify relevant regulatory authorities as required by applicable law
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service and updating the "Last updated" date. For material changes, we will provide at least 30 days' notice via email to registered users.
12. Contact
For privacy-related questions, data access requests, or to exercise your privacy rights, contact us:
- Email: privacy@fantasyfines.com
- Twitter: @FantasyFinesApp
We will respond to all data subject requests within 30 days (45 days for CCPA requests, with a possible 45-day extension if necessary).