1. Scope

This Policy applies to all users of the Service, regardless of where you access it from. It does not apply to third-party websites or services that we do not control, even if linked from the Service.

2. Information We Collect

3. Cookies & Similar Technologies

We use cookies, local storage, and similar technologies in the following categories:

• Strictly necessary: Clerk session cookies for authentication; security and rate-limit cookies.
• Functional: theme preference (light/dark), language, and other UI settings stored in local storage.
• Analytics: Google Analytics 4 and Vercel Analytics cookies used to distinguish users and measure usage.
• Diagnostic: Sentry cookies used for error monitoring and Session Replay sampling.

You can control cookies through your browser settings. Blocking strictly-necessary cookies may break sign-in and other core features.

4. How We Use Your Information

• To provide, operate, and maintain the Service, including authenticating you and syncing your data across devices;
• To process subscriptions, billing, refunds, and to send transactional emails (such as receipts and account notices);
• To personalize your experience (favorites, picks history, preferences);
• To analyze and improve the Service, including performance, reliability, and feature usage;
• To monitor and resolve technical issues through error tracking and Session Replay;
• To detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms;
• To respond to support requests and other communications;
• To comply with legal obligations, court orders, and lawful requests from authorities.

5. Legal Bases (EEA / UK)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing personal data are:

• Performance of a contract — to provide the Service you have requested under our Terms.
• Legitimate interests — to operate, secure, and improve the Service, prevent abuse, and conduct first-party analytics, provided these interests are not overridden by your rights.
• Consent — where required, for non-essential cookies, marketing communications, and certain analytics.
• Legal obligation — to comply with tax, accounting, and other legal requirements.

You may withdraw consent at any time without affecting the lawfulness of processing already carried out.

6. How We Share Your Information

We share personal information only as follows:

• With subprocessors who provide services on our behalf, under contractual confidentiality and security obligations (see Section 7).
• For legal reasons — to comply with applicable law, regulation, legal process, or governmental request, or to enforce our Terms or protect the rights, property, or safety of RunLC, our users, or others.
• Business transfers — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality protections.
• With your consent — for any other purpose you explicitly authorize.

We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising as those terms are defined under California law.

7. Subprocessors

The following third parties process personal data on our behalf:

• Clerk — authentication and identity management.
• Stripe — subscription billing and payment processing.
• Vercel — hosting and web analytics.
• Neon — managed Postgres database.
• Upstash — Redis cache and rate limiting.
• Pusher — real-time messaging.
• Sentry — error monitoring and Session Replay.
• Google Analytics 4 — web analytics.
• Cloudflare R2 — image and asset storage.
• Fly.io — live-data polling service.
• Sports data providers — Balldontlie, the NHL Stats API, and the MLB Stats API (these providers supply data to us; we do not transmit your personal information to them).
• Resend — transactional email delivery (when used).

Each subprocessor is bound by data-protection terms requiring confidentiality and appropriate security. We may add or change subprocessors as our infrastructure evolves; material changes will be reflected in this Policy.

8. Data Retention

• Account and User Content: retained while your account is active and for a reasonable period after deletion (typically up to 30 days) to allow recovery and account-deletion processing.
• Server logs: approximately 90 days.
• Analytics (GA4): approximately 14 months (default retention).
• Sentry errors and Session Replays: approximately 30 days (or as configured in our Sentry plan).
• Billing records: up to 7 years to comply with tax and financial-reporting laws.

We may retain limited information longer where required by law or where reasonably necessary to resolve disputes, prevent fraud, or enforce our agreements.

9. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you;
• Correction — request that we correct inaccurate or incomplete information;
• Deletion — request that we delete your personal information;
• Portability — request your information in a portable format;
• Restriction or objection — ask us to restrict or stop certain processing;
• Withdrawal of consent — where processing is based on consent.

To exercise any of these rights, email support@runlc.com from the address on your account. We may need to verify your identity before fulfilling a request. We will respond within the time required by applicable law.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

Categories of personal information collected (in the past 12 months): identifiers (email, account ID, IP address, device IDs); commercial information (subscription status, transaction history); internet or other electronic-network activity (browsing/usage of the Service); geolocation data (coarse, derived from IP); inferences drawn from the foregoing (such as preferences). Sources are you, your device, our subprocessors, and analytics providers. Business purposes are described in Section 4.

Rights. You have the right to (a) know what personal information we collect, use, disclose, and (if applicable) sell or share; (b) request deletion of your personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information; and (e) limit use and disclosure of sensitive personal information. We do not discriminate against you for exercising these rights.

Do Not Sell or Share My Personal Information. RunLC does not sell personal information for monetary consideration and does not share personal information for cross-context behavioral advertising. There is therefore no “sale” or “share” for you to opt out of. If our practices change, we will update this Policy and provide an opt-out mechanism.

How to submit a request. Email support@runlc.com. Authorized agents may submit requests on your behalf with written authorization. We will verify your identity (typically by confirming control of your account email) before fulfilling a request.

11. EU/UK Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, RunLC is the controller of your personal data for the purposes of the GDPR or UK GDPR. You have the rights described in Section 9, plus the right to lodge a complaint with your local data-protection authority. You can contact us about data-protection matters at support@runlc.com. We transfer data to the United States and other countries; for transfers from the EEA/UK to subprocessors outside an adequacy decision, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

12. Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Florida, Oregon, Montana, New Hampshire, Delaware, Iowa, Indiana, Tennessee, Nebraska, Minnesota, and other U.S. states with comprehensive consumer-privacy laws have rights substantially similar to those described in Sections 9 and 10, including the rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, sale of personal information, and certain profiling. RunLC does not engage in targeted advertising, does not sell personal information, and does not engage in profiling that produces legal or similarly significant effects.

If we deny a request, you may appeal by replying to our denial email; we will respond to appeals within the time required by applicable law and explain any continued denial.

13. International Data Transfers

RunLC is based in the United States, and our subprocessors operate primarily in the United States. If you access the Service from outside the United States, your personal information will be transferred to, stored, and processed in the United States and other jurisdictions where our subprocessors operate. Where required by law, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

14. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including TLS encryption in transit, encryption at rest with our database provider, role-based access controls, rate limiting, and vulnerability monitoring. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for using a strong, unique password (managed by Clerk).

15. Children's Privacy

The Service is intended only for users 18 years of age or older (or the legal age of majority in your jurisdiction). We do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child under 18 without verified parental consent, we will delete it. If you believe a child has provided us with personal information, contact support@runlc.com.

16. Third-Party Links

The Service may contain links to third-party websites and services that we do not operate. We are not responsible for the content or privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal information.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the updated Policy on this page and revise the “Effective Date” above. If the changes are material, we will provide additional notice (such as by email or in-app notification) before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

18. Contact

Questions, requests, or complaints about this Policy or our privacy practices? Contact us at support@runlc.com.

RunLC · Massachusetts, USA · full registered address available on request.