Privacy Policy

Last updated: January 2025

What We Collect

When you register or purchase picks, we collect your email address, hashed password, and payment information. Payment card details are handled entirely by Authorize.Net—we never store your card number, CVV, or expiry on our servers.

How We Use It

  • Account authentication and session management
  • Processing purchases and delivering premium content
  • Sending transactional emails (receipts, password resets)
  • Improving the Service through anonymized usage analytics

We do not sell your personal data. Full stop.

Cookies & Analytics

We use essential cookies for authentication (JWT session tokens) and minimal analytics to understand site usage. No third-party ad trackers. No behavioral profiling.

Data Storage

Your data is stored in a PostgreSQL database hosted on Neon with SSL encryption in transit. Passwords are hashed with bcrypt. We retain account data for the duration of your account and 30 days after deletion.

Third-Party Services

  • Authorize.Net — payment processing
  • Cloudinary — image CDN and optimization
  • Vercel — frontend hosting
  • Render — backend hosting
  • Neon — database hosting

Each operates under their own privacy policy.

Your Rights

You can:

  • Request a copy of your data
  • Request deletion of your account and associated data
  • Update your email or password from the dashboard
  • Opt out of non-essential communications

Security

We use HTTPS everywhere, bcrypt password hashing, JWT authentication with expiring tokens, and CORS-restricted API access. If you discover a vulnerability, contact us at security@bspicks.com.

Changes

We'll notify you of material changes via email. Continued use after notification constitutes acceptance.

Contact

Privacy questions: privacy@bspicks.com.