Privacy Policy for Ghostwire Systems LLC

Effective Date: June 1, 2026

Ghostwire Systems LLC (“we,” “our,” or “us”) values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our sports pick’em website and related services (the “Service”).

1) Information We Collect (Notice at Collection)

We collect the following categories of personal information directly from you, automatically as you use the Service, and from the third-party providers described in Section 3:

• Account Information: the username, name, and email address you provide at signup, and your password (stored only in hashed form).
• Date of Birth & Age Verification: because the Service is restricted to users 18 and older, we collect your date of birth at signup (or when prompted) to operate our age gate, and we record the date your age was verified. This information is required to create and keep an account.
• Contact & Profile Details: optionally, a phone number and mobile carrier (used for notification delivery and account-recovery features), your bio, location, favorite team, social handles, and profile/cover images you choose to add.
• Sign-In Provider Data: if you choose “Sign in with Google,” we receive your Google email address, profile name, profile picture URL, and Google user ID (a stable identifier). If you choose “Sign in with Apple,” we receive the Apple-issued user identifier (and the email/relay address you authorize). We store these provider identifiers to link your account; no additional provider data scopes are requested.
• Technical, Device & Security Data: IP address (including your most recent login IP and a login-history record of IP address and browser/user-agent for security and fraud prevention), device and browser information, approximate geolocation derived from IP address, pages viewed, and actions taken (e.g., picks, leaderboard participation).
• Mobile Push Tokens: if you use our mobile app and enable notifications, we store the push-notification token issued by the Expo push service so we can deliver notifications to your device.
• Pre-Account Visitor Analytics: before you create an account, we may log limited interaction events (such as views and clicks on promotional content) together with your IP address, user-agent, and an anonymous session identifier, to measure conversion and improve the Service. This collection is suppressed when you have opted out of sharing or your browser sends a Global Privacy Control signal (see Section 3A).
• Direct Messages & Community Content: messages you send to other users, comments, reactions, and reports you submit. Direct messages are stored on our servers to deliver them and are subject to moderation and abuse review (see Section 3B).
• Billing & Payment Records: the limited transaction records described in Section 1A.
• Marketing & Privacy Preferences: your choices regarding marketing emails, cookies, and the sale/sharing of your personal information.

Biometric note (Face ID / Touch ID): If you enable biometric unlock in our mobile app, authentication is performed entirely on your device by your operating system (via Apple Face ID / Touch ID or Android biometrics). We never receive, transmit, or store your face geometry, fingerprint, or any other biometric identifier. No biometric data leaves your device. For purposes of laws such as the Illinois Biometric Information Privacy Act (BIPA), we do not collect or possess biometric identifiers or biometric information.

1A) Billing & Payment Information

If you purchase a Premium subscription or a one-time Premium upgrade, we collect and retain a limited record of that transaction. We do not collect, see, or store your full card number, card expiration, or CVV. Card and bank details are entered with and handled entirely by our payment processors.

• Billing data we store: the payer name and payer email associated with the transaction, the processor transaction / capture / subscription identifiers, the amount and currency, the purchase and any refund dates, and the product purchased (e.g., monthly, annual, or lifetime Premium). Refund records additionally store the reason and amount of any refund issued.
• Payment processors: web purchases are processed by PayPal (including PayPal-handled debit/credit-card payments). Purchases made through our mobile app are processed by the Apple App Store / Google Play and managed via RevenueCat, our subscription-management provider. These processors collect your payment-method details directly under their own privacy policies; we receive only the transaction record described above, never your card number.
• Why we keep it: to provide and renew your subscription, issue refunds, resolve payment disputes and chargebacks, prevent fraud, and meet tax and financial-record-keeping obligations.

Retention of billing records. Because billing and refund records are financial records, we retain them for up to 7 years after the transaction (or as otherwise required by applicable tax and accounting law), even after you delete your account. This is a standard retention period for financial records and may be adjusted to match your final accounting and legal requirements.

Your rights over billing data. You may request access to or an export of your billing records, and you may request deletion of your personal data. Please note that, unlike most account data, financial transaction and refund records may be retained for the legally required period above even after your account is deleted, to satisfy tax, audit, and dispute-resolution obligations. Where we are no longer legally required to keep a record, we will delete or anonymize it on request. To make a billing-data request, email admin@ghostwiresystems.com.

2) How We Use Information

• Operate the Service: Account creation, authentication (including via Google Sign-In when you choose it), security, and troubleshooting.
• Personalization: Provide tailored picks/insights and in-product recommendations.
• Community Features: Show your handle/picks on leaderboards and activity feeds (per your settings).
• Communications: Send transactional emails (e.g., account notices). Send marketing emails if you opt in (you may opt out anytime).
• Analytics & Improvement: Measure performance, improve features, analyze usage patterns, and generate geographic analytics using IP-derived location data.
• Legal Compliance: Enforce terms, prevent fraud/abuse, and comply with applicable laws.

3) Disclosure of Information

We do not sell your personal information for money. We may “share” limited identifiers for cross-context behavioral advertising, which California law treats as “sharing.” You can opt out of that sharing at any time (see Section 3A and Your Privacy Choices). We disclose information to the following categories of service providers and processors, each operating under its own privacy policy:

• Hosting & Infrastructure: Bluehost (web hosting).
• Analytics: Google Analytics (GA4), configured with IP anonymization, to measure usage and performance.
• Diagnostics & Crash Reporting: Sentry, used by our mobile app to capture errors. Sentry also provides Session Replay, which captures a recording of app screen content for a small sample of sessions (approximately 10% of sessions, and up to 100% of sessions in which an error occurs) so we can reproduce and fix bugs. Session Replay applies masking to obscure text and sensitive fields where supported, is used only for stability and debugging, and is not used for advertising. Our Sentry SDK is configured with sendDefaultPii: false (so the app does not attach your IP address to diagnostic events), and we have enabled Sentry's project-level “do not store IP addresses” setting, so your IP address is scrubbed and not retained with diagnostic events.
• Payments & Subscriptions: PayPal (web purchases, including PayPal-handled card payments); the Apple App Store and Google Play (in-app purchases); and RevenueCat (subscription management). Prize or payout services such as Venmo and Cash App may be used for promotional payouts. These processors collect your payment-method details directly; we receive only the transaction record described in Section 1A.
• Authentication Providers: Google Sign-In and Sign in with Apple, when you choose them, used only to verify your identity. We do not request access to your contacts, calendar, drive, or other provider service data.
• AI Content Generation: OpenAI, used to generate editorial and marketing copy and automated game-analysis content for the Service. We send OpenAI only sports data and content prompts — we do not send your name, email, messages, or other personal information to OpenAI, and OpenAI is not used to make decisions about you.
• Mobile Push Delivery: the Expo push-notification service, used to deliver notifications to your device.
• Advertising (planned): when in-app advertising launches, we expect to use Google AdMob to serve ads. Where ads are personalized using identifiers, that constitutes “sharing” under California law and is gated by your opt-out and any Global Privacy Control signal. Until advertising is live, no advertising identifiers are shared.
• Legal/Protection: when required by law or to protect the rights, safety, and security of users, the Service, or others.

3A) Opt-Out of Sale/Sharing & Global Privacy Control (GPC)

California residents (and others) may opt out of the sharing of personal information for cross-context behavioral advertising. We honor two methods:

• Manual opt-out: use the control on our Do Not Sell or Share My Personal Information page. Your choice is stored on your device and, if you are signed in, on your account, and is honored on future visits.
• Global Privacy Control (GPC): if your browser or a browser extension sends a GPC signal (technically, the Sec-GPC request header, reflecting navigator.globalPrivacyControl), we treat it as a valid request to opt out of sharing and apply it automatically. No separate action is required.

3A-1) Financial Incentive Notice (California)

We offer a free, ad-supported tier of the Service. Under the California Privacy Rights Act (CPRA), offering free access in exchange for the processing and “sharing” of certain personal information (such as device and advertising identifiers used for personalized advertising, as described in Section 3 and the “Advertising (planned)” entry above) may be considered a financial incentive. This notice describes the material terms of that program.

• What the incentive is: free access to the pick’em contests, community features, and content of the Service, funded in part by advertising.
• What you provide: when advertising is live and you have not opted out, we may “share” identifiers for cross-context behavioral (personalized) advertising, as described in Section 3 and Section 3A.
• How to opt in / opt out: participation is the default for the free tier. You can opt out of the “sharing” of your personal information at any time using the control on our Do Not Sell or Share My Personal Information page, and we honor the Global Privacy Control (GPC) signal automatically, as described in Section 3A.
• Opting out does not deny you core service: if you opt out of sharing, you continue to receive the same core access to the free Service. You may see non-personalized (contextual) advertising instead of personalized advertising.
• Good-faith value estimate: we offer this incentive in good faith because advertising revenue helps fund free access to the Service. Any difference in value between the free tier and the personal information processed for advertising is reasonably related to the value that the advertising-supported model provides to us, calculated in good faith based on the cost of providing the free Service and our expected advertising revenue per user. This is an estimate and is not a representation of the monetary value of any individual’s personal information.

This financial-incentive notice is tied to the opt-out mechanics in Section 3A and the “Advertising (planned)” disclosure in Section 3. Until in-app advertising is live, no advertising identifiers are shared.

3B) Direct Messages & Moderation

Direct messages you send to other users are stored on our servers so we can deliver them and so participants can read their conversation history. To keep the community safe, messages and other user-generated content may be reviewed in response to user reports or for the detection and prevention of abuse, harassment, fraud, and violations of our Terms. We do not use the content of your private messages for advertising.

CCPA/CPRA Note: Some integrations may constitute “sharing” for cross-context behavioral advertising. California residents can opt out at any time via Your Privacy Choices, including via the Global Privacy Control signal described in Section 3A.

4) Cookies & Similar Technologies

• Functional Cookies – required for login and sessions.
• Analytics Cookies – to understand usage and performance.
• Marketing Cookies – to measure ad performance and deliver relevant ads.

You can manage preferences any time via Manage Cookies in the footer or the cookie banner.

5) Your Rights & Choices

• Access & Portability – receive a copy of your data via your Account Settings.
• Correction – request corrections to inaccurate data through your profile settings.
• Deletion – request deletion of your data with a 30-day recovery period via our automated system.
• Consent Management – change cookie preferences at any time.
• California Opt-Out – turn off Marketing Cookies or contact us.

Data Management: Visit your Account Settings for comprehensive data control tools including export and deletion capabilities.

For other requests, email admin@ghostwiresystems.com.

6) Data Retention & Account Deletion

Active Account Data

We retain your personal data while your account is active and as long as needed to provide services.

Account Deletion Process

• 30-Day Recovery Period: After requesting deletion, you have 30 days to recover your account by logging in.
• Self-Reactivation: If you try to log in during the recovery period, you'll be offered the option to reactivate your account with all original data restored.
• What Gets Deleted: Profile information, picks data, league memberships, friends lists, messages, and achievements.
• Analytics Preservation: Statistical data is anonymized and preserved for platform analytics and improvement.
• Anonymous Data: Anonymized records cannot be re-identified and are kept to maintain platform integrity.

Data Export Capabilities

• CSV Format: Spreadsheet-compatible export for analysis and record-keeping.
• JSON Format: Technical format suitable for data migration and developer use.
• Summary Report: Human-readable HTML report with statistics and highlights.
• Complete Data: Includes all picks, achievements, league history, and profile information.

Retention Schedule

• Active Accounts: Personal data is retained while your account is active and for as long as needed to provide the Service.
• Personal Data after Deletion: When you request deletion, your personal data is removed after a 30-day recovery period.
• Financial & Billing Records: Because they are financial records, billing, payment, and refund records are retained for up to 7 years after the transaction (or as otherwise required by tax and accounting law), even after your account is deleted, to meet tax, audit, and dispute-resolution obligations.
• Anonymized Data: Data that has been anonymized so it can no longer be re-identified is retained indefinitely for analytics and platform integrity.

7) Security

We use appropriate safeguards including password hashing and access controls, but no system is 100% secure.

8) Children & Age Restrictions

The Service is for users 18+. We do not knowingly collect information from minors.

9) International Privacy Rights

DaqsPickEm is a U.S.-focused service. New registrations from residents of the European Union, United Kingdom, and European Economic Area are currently restricted, and we do not target the Service to those regions. The rights described below apply to any account-holder who established an account before that restriction or who is otherwise covered by the applicable law.

GDPR Rights (European Residents)

• Right to be Informed: This privacy policy explains our data practices.
• Right of Access: View all your data via the Data Management Center.
• Right to Rectification: Correct inaccurate information in your profile.
• Right to Erasure: Delete your account with our automated deletion system.
• Right to Restrict Processing: Limit how we process your data upon request.
• Right to Data Portability: Export your data in machine-readable formats.
• Right to Object: Opt-out of marketing and non-essential processing.

CCPA Rights (California Residents)

• Right to Know: Access categories and specific pieces of personal information.
• Right to Delete: Request deletion of personal information (with exceptions).
• Right to Opt-Out: Prevent sale or sharing of personal information for advertising.
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise.

10) Geographic Scope

The Service is intended for U.S. residents and new registrations from the EU, UK, and EEA are restricted (see Section 9). If you access the Service from abroad, your data will be processed in the U.S. International users retain rights under applicable privacy laws.

11) Contact Us

Ghostwire Systems LLC
5900 Balcones Drive #STE 100
Austin, TX 78731
United States
admin@ghostwiresystems.com
(903) 242-8407

12) Updates

We may update this Policy. Changes are effective upon posting with a new Effective Date.

By using the Service, you acknowledge this Privacy Policy.