HotPick Sports, Inc. ("HotPick," "we," "us," or "our") is a Delaware corporation with its principal place of business at 1148 Michigan Ave., Buffalo, NY 14209. We operate the HotPick Sports mobile application (the "App" or "Platform"), a sports prediction platform where users make picks on game outcomes, designate a HotPick, and compete within social groups called Pools.
This Privacy Policy describes what personal information we collect when you use the App, how we use and protect that information, who we share it with, and the rights you have over your data. By creating an account and checking the acceptance checkbox, you agree to the practices described in this Policy. That checkbox requires you to affirmatively confirm that you are 18 or older and agree to our Terms of Service and this Privacy Policy. The timestamp and version of your acceptance are recorded in our systems.
HotPick is not a gambling product. No real money is wagered between users. We do not collect payment card information from end users.
HotPick Sports, Inc.'s designated Privacy Officer is Thomas P. McDade, Founder and CEO. The Privacy Officer is responsible for overseeing compliance with this Privacy Policy and applicable privacy law. The Privacy Officer can be reached at [email protected].
| Data | Purpose and Notes |
|---|---|
| Email address | Required. Used for account authentication (magic link or OAuth relay address), transactional notifications, and account recovery. If you use Apple Hide My Email, we receive and store the Apple-generated relay address only — we never see or store your real Apple ID email. |
| First name | Required. Displayed on Leaderboards and in SmackTalk unless you switch to your Poolie Name. |
| Last name | Optional. If provided, displayed only as an initial (e.g., "Tom M.") and never in full to other users. |
| Poolie Name | Optional. A persona or nickname used in Pools. Used as your display identity if you prefer not to display your real name. |
| Profile avatar | Optional. Either a system avatar you select or a photo you upload. Stored in our file storage and displayed to Pool members. |
| Data | Purpose and Notes |
|---|---|
| Picks and HotPick designations | Your game predictions and high-conviction picks. Stored at the account level (not tied to any specific Pool). Used to compute your scores and display your Leaderboard position. |
| Frozen Ranks | The competitiveness rank assigned to a game at the Pick deadline. Stored immutably alongside your Pick and used to compute point multipliers. You cannot alter a Frozen Rank. |
| Scores and point totals | Computed server-side by HotPick's scoring engine based on your Picks and actual game outcomes. The client app displays scores; it never computes them. |
| Timezone | Auto-detected from your device at sign-up. Stored silently. Used only to display Pick deadlines and game times in your local time. Never shown as a configurable field. |
| Device push notification token | Generated by your device when you grant push notification permission. Stored per device. Used to send Pick deadline reminders, score updates, and Pool notifications. Deactivated on logout or delivery failure. |
| Device platform (iOS / Android) | Detected at push token registration. Used to route notifications to the correct provider and to analyze platform-specific behavior patterns. |
| App interaction events | Actions such as Picks submitted, Pools joined, screens visited, and SmackTalk messages sent. Used for product analytics and to improve the App. Raw event logs are retained for 90 days and then deleted. Aggregated metrics derived from event logs are retained indefinitely as Aggregate Data. No advertising profiles are built from this data. |
| TOS acceptance timestamp and version | Written to our database immediately after your acceptance. The permanent legal record of your consent. |
| Referral code | Auto-generated at sign-up. Used internally to track referral attribution. Never collected from you directly. |
If you sign in with Apple or Google, those services may share your name and email address with us. If you use Apple's Hide My Email feature, we receive and store only the Apple-generated relay address. We do not receive or store your Apple or Google password. Your use of these sign-in services is governed by Apple's and Google's respective privacy policies.
SmackTalk is our in-app social messaging feature. Messages you post in a Pool are visible to all Members of that Pool. SmackTalk messages are Pool-scoped — they are never visible across Pools you do not share with another user.
Messages older than 14 days are automatically moved to a permanent archive maintained by HotPick. Archived messages are retained indefinitely as part of our Aggregate Data corpus for analytics, platform improvement, and potential commercial data licensing as described in Section 7. Archived messages are not displayed to users through the App after archiving. Upon account deletion, your identity is removed from archived messages, but the messages themselves are retained in anonymized form.
HotPick does not collect:
We use the information we collect to:
We do not use your personal information to build advertising profiles, serve targeted advertising, or sell your personal information to third parties.
HotPick's core architecture is account-level scoring: your Picks and scores are stored at your account level, not inside any specific Pool. A Pool is a social lens on your account-level data. This architecture has the following privacy implications:
HotPick does not sell your personal information. We share it only as described below.
Your display name (first name or Poolie Name, per your preference), avatar, Picks (after the Pick deadline for each round), scores, and Leaderboard rank are visible to Members of any Pool you belong to. This visibility is a core function of the App. Your Picks are not visible to Pool members until after the Pick deadline for that round has passed.
We share data with the following third-party service providers who process it on our behalf under data processing agreements. These providers are not permitted to use your data for their own independent purposes.
| Provider | Purpose and Notes |
|---|---|
| Supabase (via AWS) | Cloud database, authentication, file storage, and real-time messaging infrastructure. Your account data, Picks, scores, and SmackTalk messages are stored on Supabase-managed infrastructure hosted on AWS in the United States. Supabase processes data on our behalf under a Data Processing Agreement. |
| Apple (Sign In with Apple) | OAuth authentication. Apple manages authentication and may share your name and email (or a relay address) with us. Governed by Apple's Privacy Policy. |
| Google (Sign In with Google) | OAuth authentication. Google manages authentication and shares your email and name from your Google profile. Governed by Google's Privacy Policy. |
| Expo / Expo Push Notifications | Push notification delivery infrastructure. Your device push notification token is used to route notifications to your device. Expo does not receive your Pick or score data. |
| Branch.io |
Deep link and invite link management. If active, Branch.io processes device metadata (device type, link clicked, install attribution) when you share or tap a Pool invite link. Branch.io does not receive your Pick or score data.
⚠ PENDING CONFIRMATION — Verify with engineering whether Branch.io is active in the current build before publishing this page.
|
| Sentry (planned) | Error monitoring and crash reporting. App errors and stack traces may include device type and OS version. No personal data included in error reports by design. |
| Resend (planned) | Transactional email delivery. Email address and email content (magic links, notifications). No Pick or score data. |
| Stripe (future — not active at launch) | Payment processing for Organizer Access. When active, Stripe will process Organizer payment information. HotPick will not store raw payment card data. This table will be updated when Stripe billing is activated. |
The App uses the ESPN API to retrieve game schedules and scores, and The Odds API to obtain publicly available betting-line data used solely to calculate game competitiveness ranks. We do not transmit any personal information or Pick data to these providers. Data flows one direction only: from these APIs to our servers. Betting-line data is used for internal game ranking purposes and is not displayed to users as odds.
HotPick supports branded Pool experiences for organizational partners. If you join a Pool operated by a White Label Partner, that partner's branding will appear in your Pool experience. White Label Partners do not receive access to your personal account data, individual Picks, or scores. Partners do not receive any data export or reporting from HotPick. All data within White Label Partner Pools continues to be governed exclusively by this Privacy Policy.
We may disclose your information if required by applicable law, subpoena, court order, or government demand, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of HotPick, our users, or others, or to enforce our Terms of Service.
If HotPick Sports, Inc. is acquired by, merged with, or sells substantially all of its assets to another entity, your personal information and Aggregate Data may be transferred to the acquiring entity as a business asset. We will notify you via the App or email before your information becomes subject to a materially different privacy policy, and you will have the opportunity to delete your account at that time. Aggregate Data, as defined in Section 7, is an owned asset of HotPick Sports, Inc. and transfers to any acquirer without restriction.
We retain personal information only as long as necessary to provide the Platform and fulfill the purposes described in this Policy.
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account data (name, email, avatar) | Retained while account is active. Anonymized immediately upon account deletion. | User controls this through account deletion. |
| Picks and scores | Retained indefinitely in anonymized form after account deletion. | Pool and Leaderboard integrity. Historical analytics and Aggregate Data value. |
| SmackTalk messages (active feed) | 14 days in active feed, then archived. Messages associated with your identity removed on account deletion. | Product performance and user experience. |
| SmackTalk messages (archive) | Retained indefinitely in anonymized form. | AI model training, analytics, data licensing. See Section 7. |
| Push notification tokens | Per active device. Deactivated on logout, reinstall, or delivery failure. Removed on account deletion. | Operational requirement for notification delivery. |
| App interaction events (raw logs) | 90 days, then deleted. | Product debugging and analytics. Individual logs are not needed beyond this window. |
| Aggregated metrics (derived from event logs) | Retained indefinitely as Aggregate Data. | Platform analytics and product improvement. No personal data. |
| TOS acceptance records | Retained indefinitely. | Legal compliance record. |
| Auth logs (Supabase) | 90 days (Supabase default). | Security and fraud detection. |
| Aggregate Data | Retained indefinitely. Owned by HotPick Sports, Inc. | Commercial value, AI training, data licensing. See Section 7. |
When data from many users is combined, anonymized, and processed statistically, it produces a category of information that HotPick calls "Aggregate Data." Aggregate Data describes patterns across the Platform, not any individual user. Aggregate Data cannot reasonably be used to identify any individual — it is not your personal information.
Examples of Aggregate Data include, without limitation:
HotPick Sports, Inc. owns all Aggregate Data derived from Platform activity. We use and may license Aggregate Data for:
Our Terms of Service (Section 9) contain the contractual provisions governing Aggregate Data ownership, licensing, and survival. By using the Platform and accepting our Terms of Service, you assign and license to HotPick Sports, Inc. all rights in Aggregate Data derived from your Platform activity on a perpetual, irrevocable basis that survives account deletion.
SmackTalk messages archived pursuant to Section 2.4 form part of HotPick's Aggregate Data corpus. The archive is retained permanently and is used for Platform analytics, AI model training for future conversational features, and potential third-party data licensing. Individual messages in the archive are not attributable to you following account deletion.
Before any Aggregate Data is used externally or commercially, it is processed to remove all information that could reasonably identify an individual user. Aggregate Data is derived from collective activity patterns, not from individual user records. HotPick does not license individual user data to any third party.
The commercial licensing of Aggregate Data described in this Section does not constitute a "sale" of personal information as defined under the California Consumer Privacy Act (CCPA) or other applicable law, because Aggregate Data is anonymized and cannot be used to identify you. See Section 9 for California-specific rights.
When you delete your account, your name, email address, Poolie Name, avatar, and all other identifying information are permanently and irreversibly removed from our systems. Your Picks, scores, and SmackTalk messages are anonymized — stripped of your identity — and retained as part of the historical record and Aggregate Data corpus. Anonymized data cannot be linked back to you.
You can view and update most of your account information at any time in Profile Settings within the App. This includes your first name, last name, Poolie Name, avatar, display name preference, and notification preferences.
You can enable or disable individual push notification categories in Settings within the App. You can also disable all push notifications through your device's operating system settings. Disabling notifications does not affect your ability to use the App.
You can permanently delete your account at any time through Profile Settings > Account > Delete Account. Account deletion is a two-step process requiring explicit confirmation. When you delete your account:
Account deletion cannot be undone. Once your account is deleted, your identity will no longer be attributable to any remaining records.
If you would like a copy of the personal information we hold about you, please contact us at [email protected]. We will respond within 45 days. Export requests may include your profile data, Pick history, and score history associated with your account.
If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you the following rights:
You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business or commercial purpose for collecting it, and the categories of third parties with whom we share it. Submit requests to [email protected].
You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by law. You can exercise this right directly in the App through Profile Settings > Account > Delete Account, or by contacting [email protected]. See Section 8.3 for a full description of what is and is not deleted.
You have the right to request correction of inaccurate personal information we maintain about you. You can correct most information directly in Profile Settings, or by contacting [email protected].
HotPick does not sell personal information as defined under the CCPA or CPRA. We also do not share personal information for cross-context behavioral advertising. The commercial licensing of Aggregate Data described in Section 7 does not constitute a sale or sharing of personal information because Aggregate Data is anonymized and cannot be used to identify any individual.
HotPick does not collect sensitive personal information as defined under the CPRA (including Social Security numbers, financial account information, geolocation data, health data, or biometric data). This right is not applicable to our Platform.
We will not discriminate against you for exercising any of your CCPA or CPRA rights.
To exercise your California privacy rights, contact us at [email protected] or write to us at the address in Section 15. We will verify your identity before processing your request and will respond within 45 days as required by law, with a possible extension of an additional 45 days where reasonably necessary.
HotPick is available to residents of Canada. By using the App, you consent to your personal information being transferred to and processed in the United States, where our servers are hosted. United States privacy law may differ from the privacy law in your province or territory.
Canadian users have rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access the personal information we hold about them and to request corrections. Contact [email protected] to exercise these rights.
Privacy Officer: HotPick Sports, Inc.'s designated Privacy Officer is Thomas P. McDade, Founder and CEO. Quebec residents may direct privacy inquiries, access requests, and complaints to the Privacy Officer at [email protected].
Right of Access and Correction: Quebec residents have the right to access personal information we hold about them and to request correction of inaccurate or incomplete information. Requests must be submitted in writing to [email protected]. We will respond within 30 days.
Right to Withdraw Consent: Where our collection of your personal information is based on consent, you may withdraw that consent at any time by deleting your account as described in Section 8.3. Withdrawal of consent does not affect the lawfulness of processing conducted prior to withdrawal, and does not affect HotPick's rights in Aggregate Data as described in Section 7.
Cross-Border Data Transfers: Your personal information is transferred to and processed in the United States. HotPick has implemented contractual and technical safeguards with its service providers to protect personal information transferred outside Quebec, including data processing agreements with Supabase (hosted on AWS, United States).
Privacy Impact Assessments: HotPick conducts Privacy Impact Assessments (PIAs) for new technologies and processing activities that involve personal information, consistent with the requirements of Law 25.
Privacy Incidents: In the event of a privacy incident involving personal information of Quebec residents that presents a risk of serious injury, HotPick will notify the Commission d'accès à l'information (CAI) and affected individuals as required by Law 25, within the timelines prescribed by applicable regulation.
Language: This Privacy Policy is written in English. To the extent applicable Quebec law requires a French-language version, HotPick Sports, Inc. will provide one upon written request to [email protected]. Une version française de cette Politique de confidentialité est disponible sur demande à l'adresse [email protected].
We comply with Canada's Anti-Spam Legislation (CASL) for any commercial electronic messages we send to Canadian users. Transactional messages sent through the App — including authentication emails (magic links), Pick deadline reminders, and score notifications — are exempt from CASL's express consent requirements as they are sent in connection with your existing relationship with the Platform. If we send promotional or marketing emails unrelated to your direct use of the Platform, we will obtain your express consent as required by CASL.
We implement technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at [email protected].
The Platform is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. By creating an account, you affirmatively represent that you are 18 or older. The acceptance checkbox and our versioned consent record are the mechanisms by which we document this representation.
If we discover or have reason to believe that a user is under 18, we will terminate that account immediately and delete associated personal information. If you believe we have inadvertently collected information from a minor, please contact us promptly at [email protected] and we will take immediate action.
Because the Platform is directed exclusively at adults 18 and older and we do not knowingly collect data from children under 13, the Children's Online Privacy Protection Act (COPPA) does not apply to our Platform.
We may update this Privacy Policy from time to time. When we make material changes, we will update the version number and effective date at the top of this document and notify you through the App on your next login, requiring affirmative re-acceptance before you can continue using the Platform. We may also notify you by email at the address associated with your account.
If we make changes that affect how we use or share your personal information in a materially different way from what is described in this Policy, we will provide prominent notice and, where required by applicable law, obtain your consent before implementing those changes.
Your continued use of the App after accepting an updated Privacy Policy constitutes your agreement to the updated Policy. If you do not agree to an updated Policy, you must stop using the App and may delete your account.
The following planned changes will require updates to this Privacy Policy before they are deployed. Users will be notified and required to re-accept the updated Policy before those features go live: