Privacy Policy

1. Scope

This Privacy Policy explains how PEAK collects, uses, discloses, and stores information when you use the PEAK mobile application, website, and related services (collectively, the "Service").

2. Information We Collect

We collect information you provide directly and information created through your use of PEAK.

Information you provide directly

• Account information — your email address, username, and password (stored as a one-way hash — we do not store your plaintext password)
• Profile information — display name, avatar URL, and bio that you optionally add to your profile
• Communications — support messages, feedback, and waitlist submissions you send to us, including the email address you submit through our waitlist form

Information generated through your use of the Service

• Account metadata — your account role, account creation date, and last-updated timestamp
• Gameplay and league activity — league membership, fantasy team data, player draft and coach draft selections, scoring records, and leaderboard participation, all tied to your account
• Authentication and session data — access tokens and refresh tokens stored securely on your device using platform-provided secure storage (Expo SecureStore on iOS); server-side session records including a session ID, associated user ID, session creation timestamp, and session expiry timestamp, stored in a managed Redis instance
• Operational data — standard server logs may include IP addresses, request timestamps, and technical metadata generated as part of normal service operation. We do not use this data to identify or track users beyond operational and security purposes.

What we do not collect

Based on our current implementation, PEAK does not use advertising or cross-app tracking SDKs, analytics platforms, push notification services, or access your device's camera, microphone, contacts, or photo library.

3. How We Use Information

We use information we collect to:

• Create and maintain your account
• Authenticate you and keep the Service secure
• Operate leagues, drafts, fantasy teams, scoring, and leaderboards
• Respond to support requests and product feedback
• Maintain, troubleshoot, and improve PEAK
• Manage early access and waitlist communications
• Detect and prevent fraud, abuse, and security incidents

4. How We Share Information

We do not sell your personal information. We may share information with the following categories of recipients:

• Hosting and infrastructure providers - we rely on third-party providers for hosting, managed database, caching, and related infrastructure support
• Sports data sources - we use third-party sports data feeds to power player data, game data, stats, and fantasy scoring within the app
• Contact and communications providers - we use third-party tools to manage early access, waitlist, and support communications
• Legal and safety purposes — when required by law, regulation, legal process, or governmental request, or when reasonably necessary to protect PEAK, our users, or others
• Business transfers — as part of a merger, acquisition, financing, or asset sale, subject to standard confidentiality commitments

We expect our service providers to process information only as needed to provide their services to us and not for their own independent purposes.

5. Data Storage and Security

We use reasonable technical and organizational safeguards to protect information, including:

• Passwords are hashed using bcrypt before storage — plaintext passwords are never stored
• Authentication tokens are stored using platform-provided secure storage (Expo SecureStore) on supported mobile devices
• Server-side sessions are managed through a secured Redis instance with expiry controls

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6. Data Retention

We retain account and gameplay information for as long as your account is active or as reasonably necessary to operate PEAK, comply with legal obligations, resolve disputes, and enforce our agreements. Session tokens expire on a rolling basis. Retention periods may vary depending on the type of information and the purpose for which it was collected.

7. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain personal information, or to receive a copy of it. Some profile information can be updated within the app.

PEAK does not currently offer a self-service account deletion flow. To request deletion or exercise other privacy rights, contact us at the address below. We will respond to verifiable requests in a reasonable timeframe.

8. Children's Privacy

PEAK is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to PEAK, please contact us so we can investigate and take appropriate action.

9. International Transfers

If you use PEAK from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our systems and service providers operate. By using the Service, you acknowledge this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page with a new "Last updated" date. We encourage you to review this policy periodically.

11. Contact

Questions about this Privacy Policy, or requests to access, correct, or delete your information, may be sent to support@peakfantasy.app.