Privacy Policy

1. Overview

FastStat provides sports data analytics, statistical analysis tools, and parlay prediction features for informational and entertainment purposes. This Privacy Policy explains:

• What information we collect
• How we use your information
• Who we share information with
• Your rights and choices
• How we protect your information

By using FastStat, you agree to the collection and use of information in accordance with this Privacy Policy.

Age Requirement: FastStat is intended for users 18 years of age and older. We do not knowingly collect information from individuals under 18.

2. Information We Collect

We collect several types of information to provide and improve our Service.

2.1 Information You Provide Directly

Account Information:

When you create an account, we collect:

• Full name
• Email address
• Password (encrypted and never stored in plain text)
• Account preferences and settings

Note: We do not collect date of birth or government-issued identification. You represent that you are 18 years of age or older when creating an account.

Billing Information:

• Payment card information is collected and processed securely by Stripe, Inc.
• We never see or store your full credit card number
• We receive only: last 4 digits of card, card brand, expiration date, and billing ZIP/postal code
• Stripe provides us with a secure token for processing future charges

Subscription & Payment Data:

We store the following information related to your subscriptions and payments:

• Stripe Customer ID: A unique identifier linking your account to Stripe
• Subscription Details: Subscription status, billing period, pricing tier, renewal dates, and cancellation information
• Payment History: Transaction records including invoice IDs, payment amounts, payment status (succeeded/failed), invoice URLs, receipt URLs, and payment descriptions
• Webhook Event Logs: Complete event data from Stripe including checkout sessions, subscription changes, payment notifications, and customer updates. These event logs may contain:
  • Email addresses
  • Billing postal codes
  • Customer names
  • Payment method details (last 4 digits, card brand, expiration)
  • Custom metadata attached to subscriptions or payments
  • Timestamps and status information
• Transaction Metadata: Billing ZIP codes, currency, transaction timestamps, failure messages (if applicable), and any custom metadata

This information is necessary to manage your subscription, process payments, synchronize subscription status, provide customer support, troubleshoot billing issues, and comply with financial record-keeping requirements.

Saved Content:

• Parlay predictions you save or create
• Favorite players or teams
• Custom settings and preferences
• Notes or annotations you add

Communications:

• Messages you send to customer support
• Survey responses or feedback
• Email correspondence

2.2 Information Collected Automatically

Usage Data:

When you use FastStat, we automatically collect:

• Pages viewed and features used
• Time spent on pages
• Navigation patterns and click paths
• Search queries within the Service
• Date and time of access
• Referring website or source

Device & Technical Information:

• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• IP address (anonymized for analytics)
• General location (city/state level, not precise GPS)
• Language preferences
• Time zone

Cookies & Similar Technologies:

We use cookies, web beacons, and similar technologies to:

• Keep you logged in
• Remember your preferences
• Analyze usage patterns
• Prevent fraud and abuse
• Deliver relevant content

See Section 5 for more details on cookies.

2.3 Information from Third Parties

Authentication Services:

If you sign in using a third-party service (e.g., Google, Apple), we receive:

• Name
• Email address
• Profile picture (if you grant permission)
• Any additional information you authorize

Sports Data Providers:

We obtain sports statistics, scores, and player data from licensed third-party data providers. This data is not personal to you.

Analytics Services:

• Vercel Analytics provides anonymized traffic and performance metrics
• Data is aggregated and does not identify individual users
• Google Analytics 4 (GA4) collects usage data, conversion events, and user behavior analytics
• See Section 5.1 for detailed information about Google Analytics

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide the Service

• Create and manage your account
• Process payments and subscriptions
• Authenticate your identity and prevent fraud
• Provide customer support and respond to inquiries
• Deliver the features and functionality you request
• Save and display your parlay predictions
• Personalize your experience

3.2 To Improve the Service

• Analyze usage patterns and trends
• Identify and fix technical issues
• Test new features and functionality
• Conduct research and development
• Understand user preferences and behavior
• Optimize performance and loading speeds

3.3 To Communicate with You

• Send transactional emails (account creation, password resets, payment confirmations)
• Provide customer support responses
• Send important updates about the Service or these policies
• Notify you of changes to your subscription
• Send service announcements or security alerts

Marketing Communications (Optional):

• With your explicit consent, we may send promotional emails about new features, offers, or content
• You can opt out at any time using the "unsubscribe" link in any marketing email
• You can manage email preferences in your account settings

3.4 To Ensure Security & Prevent Fraud

• Detect and prevent fraudulent transactions
• Protect against unauthorized access or account takeover
• Monitor for abuse, spam, or violations of our Terms
• Enforce our Terms of Use and policies
• Comply with legal obligations

3.5 For Legal & Compliance Purposes

• Respond to legal requests, court orders, or subpoenas
• Comply with applicable laws and regulations
• Protect our rights, property, and safety
• Resolve disputes and enforce agreements

3.6 For Automated Payment & Subscription Management

We use Stripe webhook events to automatically:

• Create and update subscription records when you subscribe or modify your plan
• Log payment transactions for billing history and support
• Synchronize subscription status (active, canceled, past due) with our database
• Link Stripe customer records to your FastStat account
• Generate invoices and receipts for your records
• Detect and handle failed payments
• Process subscription cancellations and renewals

This automated processing ensures accurate billing, prevents service interruptions, maintains synchronized records between Stripe and FastStat, and enables us to provide timely customer support for billing issues.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We share information only in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who help us operate FastStat:

All service providers are contractually obligated to:

• Use your information only to provide services to us
• Protect your information with appropriate security measures
• Not disclose your information to others without our authorization

4.2 Business Transfers

If FastStat is involved in a merger, acquisition, asset sale, or bankruptcy:

• Your information may be transferred to the successor entity
• We will notify you via email and/or prominent notice on the Service
• The successor entity must honor this Privacy Policy

4.3 Legal Requirements

We may disclose information if required to:

• Comply with valid legal processes (subpoenas, court orders, warrants)
• Respond to government or regulatory requests
• Enforce our Terms of Use or policies
• Protect our rights, property, safety, or the safety of our users or the public
• Detect, prevent, or address fraud, security, or technical issues

4.4 With Your Consent

We may share information with third parties if you give us explicit consent to do so.

4.5 Aggregated & Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you:

• Industry trends and statistics
• Service usage metrics
• Research and analysis
• Analytics data shared with Google Analytics (see Section 5.1)

5. Cookies & Tracking Technologies

FastStat uses cookies and similar technologies to enhance your experience, analyze usage, and provide security.

What Are Cookies?

Cookies are small text files stored on your device by your browser. They allow websites to remember information about your visit.

Types of Cookies We Use

Essential Cookies (Required):

• Authentication: Keep you logged in between sessions
• Security: Prevent cross-site request forgery (CSRF) and other attacks
• Session Management: Maintain your session state

These cookies are necessary for the Service to function and cannot be disabled.

Analytics Cookies (Optional):

• Vercel Analytics: Measure traffic, page views, and performance
• Google Analytics: Track user behavior, conversions, and engagement metrics
• Usage Tracking: Understand how features are used and identify issues

You can control analytics cookies through your browser settings or our Cookie Settings page.

5.1 Google Analytics

We use Google Analytics 4 (GA4) to understand how users interact with FastStat and improve our Service.

What Google Analytics Collects:

• Pages you visit and features you use
• Time spent on pages and session duration
• Navigation patterns and click behavior
• Device information (browser, OS, screen size)
• General location (city/state level, not precise GPS)
• Referral source (how you found FastStat)
• Conversion events (sign-ups, subscriptions, feature usage)
• Custom events (parlay builder interactions, feature gating, upgrade prompts)

How We Use This Data:

• Understand which features are most valuable
• Identify user experience issues and friction points
• Measure subscription conversion rates
• Optimize feature development priorities
• Analyze marketing effectiveness
• Improve user onboarding and retention

What Google Analytics Does NOT Collect:

• Personally identifiable information (PII) such as names or email addresses
• Payment information or billing details
• Saved parlay predictions or personal content
• Precise GPS location

Data Sharing with Google:

• Google Analytics data is processed by Google LLC
• Google may use this data for its own purposes (e.g., improving Google services)
• Google Analytics data is subject to Google's Privacy Policy: https://policies.google.com/privacy

Data Retention:

• Google Analytics data is retained for 26 months by default
• After this period, aggregated data may be retained indefinitely
• User-level data is automatically deleted after 26 months

Your Control Over Google Analytics:

• You can opt out of Google Analytics through our Cookie Settings
• You can install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
• You can enable "Do Not Track" in your browser (we will honor this signal for analytics)
• You can block analytics cookies through your browser settings

Legal Basis (for EU/UK users):

• We collect Google Analytics data based on your consent (opt-in)
• You can withdraw consent at any time through Cookie Settings
• Essential cookies (authentication, security) do not require consent

Preference Cookies (Optional):

• Settings: Remember your display preferences (theme, layout)
• Language: Store your language preference

How to Control Cookies

FastStat Cookie Settings:

• Visit our Cookie Settings page
• Manage your analytics cookie preferences
• Opt in or opt out of Google Analytics tracking
• Your preferences are saved and remembered on future visits

Browser Settings:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Edge: Settings → Cookies and site permissions

Important: Disabling essential cookies may prevent you from using certain features of FastStat.

Learn More:

• https://www.aboutcookies.org
• https://www.allaboutcookies.org

Do Not Track

FastStat honors "Do Not Track" (DNT) browser signals:

• If you enable DNT in your browser, we will not load Google Analytics
• Essential cookies (authentication, security, consent) will still function
• You can enable DNT in your browser's privacy settings

How to Enable Do Not Track:

• Chrome: Settings → Privacy and Security → Send a "Do Not Track" request
• Firefox: Settings → Privacy & Security → Send websites a "Do Not Track" signal
• Safari: Preferences → Privacy → Ask websites not to track me
• Edge: Settings → Privacy, search, and services → Send "Do Not Track" requests

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.

Account Data

• Active Accounts: Retained while your account is active
• Closed Accounts: Retained for 30 days after closure (in case of accidental deletion), then permanently deleted
• Exception: We may retain information longer if required for legal, regulatory, accounting, or security purposes

Transactional Data

• Payment Records: Retained for 7 years for tax and accounting purposes (required by law)
• Subscription Data: Active subscription information retained while subscription is active; historical subscription records retained for 7 years for accounting purposes
• Webhook Event Logs: Complete event payloads retained for 90 days for synchronization and troubleshooting, then permanently deleted (not archived)
• Support Tickets: Retained for 2 years for quality assurance

Usage & Analytics Data

• Anonymized Analytics: Retained indefinitely (cannot identify individuals)
• IP Address Logs: Retained for 90 days, then deleted

Backup Data

• Information may exist in backup systems for up to 90 days after deletion from production systems
• Backups are encrypted and securely stored

Your Deletion Rights

You can request deletion of your account and data at any time by:

• Contacting privacy@faststat.io

We will process deletion requests within 30 days, except where retention is required by law.

7. Your Privacy Rights

Depending on your location, you may have specific rights regarding your personal information.

7.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you and receive information about how we use your data
• Correction: Update or correct inaccurate or incomplete information (you can edit most information directly in your account settings)
• Deletion: Request deletion of your account and personal information (subject to legal retention requirements)
• Objection: Object to certain uses of your information (e.g., marketing emails)
• Data Portability: Request your data in a machine-readable format (JSON or CSV) and transfer your data to another service
• Withdraw Consent: Withdraw consent for optional data processing (e.g., marketing emails)

7.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

• Categories of personal information collected
• Purposes for collecting personal information
• Categories of sources from which information is collected
• Categories of third parties with whom we share information

Right to Delete:

• Request deletion of personal information we have collected
• Subject to certain exceptions (legal obligations, fraud prevention)

Right to Opt-Out of Sales:

• FastStat does NOT sell personal information
• We do not share information for monetary or valuable consideration

Right to Non-Discrimination:

• We will not discriminate against you for exercising your CCPA rights
• You will receive equal service and pricing

Authorized Agents:

• You may designate an authorized agent to submit requests on your behalf
• We may require verification of the agent's authority

How to Exercise CCPA Rights:

• Email: privacy@faststat.io
• Subject: "CCPA Privacy Request"
• Include: Your name, email address, and specific request
• We will respond within 45 days

Verification Process:

To protect your privacy, we verify your identity before processing requests by:

• Matching the email address to your account
• Asking security questions
• Requiring login to your account

7.3 European Union / UK Rights (GDPR)

If you are in the European Union or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

We process your personal data based on:

• Contract: To provide the Service you requested
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Consent: For optional features like marketing emails
• Legal Obligations: To comply with laws and regulations

Additional GDPR Rights:

• Right to Restriction: Limit how we use your data under certain circumstances
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File a complaint with your national data protection authority

Data Protection Officer (DPO):

For EU/UK privacy inquiries: privacy@faststat.io

International Data Transfers:

• FastStat is based in the United States
• We rely on Standard Contractual Clauses (SCCs) approved by the EU Commission
• Your data is protected by appropriate safeguards

7.4 How to Exercise Your Rights

Submit a Request:

• Email: privacy@faststat.io
• Subject: "Privacy Rights Request"
• Include: Your name, email, location, and specific request

Response Time:

• We will respond within 30 days (45 days for complex requests)
• We may request additional information to verify your identity

No Fees:

Requests are free unless they are excessive, repetitive, or unfounded.

8. Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect it.

Security Measures

Encryption:

• All data transmitted between your device and our servers is encrypted using HTTPS/TLS 1.3
• Passwords are hashed using industry-standard algorithms (bcrypt)
• Sensitive data at rest is encrypted using AES-256

Access Controls:

• Access to personal data is restricted to authorized personnel only
• Role-based access control (RBAC) limits access based on job function
• Multi-factor authentication (MFA) required for admin access

Infrastructure Security:

• Hosted on secure cloud infrastructure (Vercel, Supabase)
• Regular security audits and vulnerability assessments
• Firewalls and intrusion detection systems
• DDoS protection and rate limiting

Payment Security:

• Payments processed by Stripe (PCI DSS Level 1 certified)
• We never store full credit card numbers
• Payment data is tokenized and encrypted

Monitoring & Response:

• Continuous monitoring for suspicious activity
• Automated alerts for security incidents
• Incident response plan in place

Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify you within 72 hours of becoming aware of the breach (as required by GDPR)
• Notification will be sent via email to the address on your account
• We will describe the nature of the breach and steps you should take
• We will report to relevant regulatory authorities as required by law

Your Responsibility

You play an important role in security:

• Choose a strong, unique password
• Do not share your password or account access
• Log out when using shared or public devices
• Keep your email account secure
• Report suspicious activity to support@faststat.io

No Guarantee

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk.

9. Children's Privacy

FastStat is intended for users 18 years of age and older. We do not knowingly collect personal information from individuals under 18.

If You Are Under 18

• You are not permitted to create an account or use FastStat
• Do not provide any personal information to us

Parental Notice

If you believe your child under 18 has provided information to FastStat:

• Contact us immediately at privacy@faststat.io
• We will delete the information and close the account within 48 hours

Age Representation

We rely on users to accurately represent their age during account creation. By checking the "I am 18 or older" box at signup, you affirm that you meet the age requirement.

We do not collect date of birth or independently verify ages.

COPPA Compliance

Children under 13 are strictly prohibited from using FastStat. If we discover that a child under 13 has provided information, we will:

• Delete the information immediately
• Close the account permanently
• Not use the information for any purpose
• Notify the email address on file (if it belongs to a parent/guardian)

10. International Data Transfers

FastStat operates in the United States, and your information will be transferred to, stored, and processed in the U.S.

Data Protection Standards

For EU/UK Users:

The United States may not provide the same level of data protection as your country. However, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs): Approved by the EU Commission
• Adequacy Decisions: We comply with framework requirements
• Service Provider Agreements: Our vendors commit to GDPR-level protections

For All International Users:

By using FastStat, you consent to the transfer of your information to the United States and acknowledge that U.S. law will govern the processing of your data.

Your Rights Remain Protected

Regardless of where your data is processed, you retain the rights described in Section 7 of this Privacy Policy.

11. Third-Party Links & Services

FastStat may contain links to third-party websites, services, or content (e.g., social media, news articles, sports websites).

We Are Not Responsible For:

• Privacy practices of third-party sites
• Content or accuracy of external sites
• Security of information you provide to third parties

Before You Click:

• Review the privacy policy of any third-party site you visit
• Understand that third parties may collect your information independently
• Be cautious about what information you share

Social Media

If you share content from FastStat on social media:

• Your activity is governed by the social media platform's privacy policy
• Information may become publicly visible
• FastStat is not responsible for how social platforms use your data

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations.

How We Notify You

Material Changes:

• Email notification to the address on your account
• Prominent notice on the FastStat website or app
• 30 days' advance notice before changes take effect

Non-Material Changes:

• Updated "Last Updated" date at the top of this policy
• No separate notification required

Your Acceptance

Your continued use of FastStat after the effective date of changes constitutes acceptance of the updated Privacy Policy.

If you do not agree to the changes:

• Stop using the Service
• Close your account
• Contact us to exercise your deletion rights

13. State-Specific Privacy Information

In addition to the rights described above, residents of certain U.S. states have additional privacy rights.

Virginia (VCDPA)

Virginia residents have rights similar to CCPA, including:

• Right to access and portability
• Right to deletion
• Right to opt-out of targeted advertising (not applicable - we don't do this)
• Right to opt-out of sales (not applicable - we don't sell data)

Colorado (CPA)

Colorado residents have rights including:

• Right to opt-out of targeted advertising and sales
• Right to appeal our decision on privacy requests

Connecticut (CTDPA)

Connecticut residents have rights to access, correct, delete, and obtain copies of their data.

Utah (UCPA)

Utah residents have rights to access, delete, and obtain copies of their data.

How to Exercise State Rights:

Email privacy@faststat.io with "State Privacy Request" in the subject line. Include your state of residence and specific request.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

15. Supervisory Authority

If you are located in the European Union, United Kingdom, or certain U.S. states, you have the right to lodge a complaint with your local data protection authority.