DYNASTY WAR ROOM← HOME

Privacy Notice

Dynasty War Room — Privacy Notice

Last Updated: May 17, 2026

Drip AI and Data LLC ("Drip AI and Data," "Dynasty War Room," "we," "our," or "us") operates the Dynasty War Room web application at dynastywarroom.com and the related mobile apps and services (collectively, the "Services"). This Privacy Notice ("Notice") explains what information we collect about you, how we use it, with whom we share it, and the rights you have over it.

This Notice supplements and is incorporated into our Terms of Use. Capitalized terms not defined here have the meanings given in the Terms of Use. If you do not agree to this Notice, do not access or use the Services.

By accessing the Services you consent to the collection and use of information as described below.

1. Information We Collect

We collect information in three ways: information you give us directly, information collected automatically when you use the Services, and information we receive from third parties.

1.1 Information you provide

  • Account information — name, email address, password (if you sign up with email/password), display name, profile photo or avatar.
  • Authentication information — when you sign in with Google or another third-party identity provider, that provider shares your name, email, profile picture, and a unique identifier with us.
  • League and team data — team names, roster decisions, lineup choices, trade proposals, waiver bids, draft picks, scoring configurations, and any other content you create while managing your league.
  • Communications — messages you send through league chat, trade messages, support requests, or feedback submissions.
  • Billing information — when you subscribe a league, our payment processor (Stripe) collects your payment card details directly. We receive a confirmation of the transaction (amount, last four digits of the card, billing email, subscription status, renewal date) but do not store the full card number.
  • Survey and form responses — answers you give to in-product surveys, waitlist forms on the marketing site, or other interactive features.

1.2 Information collected automatically

When you use the Services, we and our service providers automatically collect:

  • Device and browser information (device type, operating system, browser, screen resolution, language preference);
  • IP address and approximate geographic location derived from it;
  • Pages you view, features you use, and the order and timing of those interactions;
  • Error and crash information (what feature you were using when an error occurred, stack traces, the state of the app at that moment);
  • Cookies and similar identifiers (see Section 4); and
  • Referring URL and the URL you visit after leaving the Services.

1.3 Information from third parties

We may receive information about you from:

  • Identity providers you use to sign in (Google);
  • Our payment processor (Stripe);
  • Analytics providers (PostHog);
  • Error-monitoring providers (Sentry);
  • Public sources such as the third-party NFL data providers (RapidAPI) and player-valuation source (KeepTradeCut) — these provide data about NFL players, not about you;
  • Your league commissioner, who may add you to a league or assign you a team.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Services, including authenticating your account, processing your subscription, advancing your league's phase, displaying your league data, and delivering live scoring;
  • Communicate with you about your account and your league (subscription receipts, trade alerts, waiver results, lineup reminders, league phase changes);
  • Send you product announcements and updates — you can opt out of non-essential email at any time;
  • Improve the Services by analyzing how users interact with features, debugging errors, and testing new functionality;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Comply with applicable laws and respond to legal requests;
  • Enforce our Terms of Use and protect the rights and safety of our users and ourselves; and
  • Carry out any other purpose we describe at the time we collect the information.

We do not sell your personal information in exchange for money. We do share information with service providers and, in narrow cases described below, with other third parties.

3. How We Share Your Information

We share information only in the following circumstances:

3.1 With other members of your league

By design, league members see each other's team names, roster decisions, trade offers, waiver bids, draft picks, scoring outcomes, and any messages you post in league chat. Your league commissioner sees additional information about your account (such as your display name and team assignment). This sharing is intrinsic to how a multiplayer dynasty league functions.

3.2 With service providers

We share information with third-party companies that help us run the Services. Each is contractually required to protect your information and use it only for the services they provide to us. Our current core service providers include:

| Provider | What they do | What they receive | |---|---|---| | Supabase | Authentication, database hosting | Account info, league data, all user content | | Stripe | Payment processing | Billing email, subscription metadata | | Resend | Transactional email delivery | Email address, message content | | PostHog | Product analytics | Usage events, anonymized user identifier | | Sentry | Error monitoring | Crash reports, browser/device context | | Cloudflare | DNS, CDN, network protection | IP addresses, request metadata | | Vercel | Web hosting | Server-side request metadata | | Railway | API hosting | Server-side request metadata | | OneSignal | Push notifications (when enabled) | Device push token, notification opt-ins | | Lovable | Marketing site + waitlist hosting | Waitlist signup info | | RapidAPI / KeepTradeCut | NFL data + player valuations | No personal data (we pull data from them, not the other way around) | | Google | Identity provider (when you sign in with Google) | The information you authorize Google to share |

3.3 Corporate transactions

If Drip AI and Data is involved in a merger, acquisition, sale of assets, financing, or bankruptcy, your information may be transferred to or accessed by the parties involved. We will provide notice (typically by email) before personal information is transferred and becomes subject to a different privacy policy.

3.4 Legal and safety reasons

We may disclose information when we believe in good faith that disclosure is necessary to: comply with a law, regulation, subpoena, court order, or other legal process; respond to a government or regulatory request; investigate or prevent fraud, abuse, or security incidents; protect the rights, property, or safety of Drip AI and Data, our users, or the public; or enforce our Terms of Use.

3.5 With your consent

We may share your information for purposes not described above with your consent or at your direction.

4. Cookies, Analytics, and Tracking

We and our service providers use cookies, local storage, pixel tags, mobile advertising identifiers, and similar technologies (collectively, "Cookies") to operate the Services, remember your preferences, analyze usage, and detect security incidents.

The Cookies we use fall into a few broad categories:

  • Essential — required for core functionality such as keeping you signed in. Disabling these will break parts of the Services.
  • Preference — remember your settings (language, last-viewed league, default sort order) so you don't have to reconfigure on every visit.
  • Analytics — help us understand how users interact with the Services so we can improve them. We use PostHog for this; it sets a randomly generated identifier in your browser.
  • Performance and monitoring — let us see when the Services are slow or broken. Sentry sets identifiers used to group related error reports.

We do not currently use cookies for third-party advertising or behavioral retargeting. If that changes, we will update this Notice and provide an opt-out mechanism where required by law.

Do Not Track and Global Privacy Control. Web browsers transmit "Do Not Track" and "Global Privacy Control" (GPC) signals to indicate user privacy preferences. Where applicable law requires us to honor a GPC signal as an opt-out of "sales" or "sharing" of personal information, we will do so. Because there is no consistent industry standard for Do Not Track, we do not currently respond to it.

5. Your Privacy Rights

Different laws apply depending on where you live. The rights below summarize the ones most likely to apply to you; you may have additional rights under your local law.

5.1 General rights

Regardless of where you live, you may:

  • Access the information we hold about you (much of it is visible in your account settings);
  • Correct information that is inaccurate;
  • Delete your account and the personal information associated with it (subject to limited exceptions described below);
  • Withdraw consent to any processing that depends on your consent;
  • Object to or restrict certain processing where applicable law gives you that right;
  • Receive a copy of your information in a portable format on request.

To exercise any of these rights, email support@dynastywarroom.com from the address associated with your account. We may ask you to verify your identity before fulfilling the request.

5.2 U.S. state privacy laws

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia — or any other state with a comprehensive consumer-privacy law — you have specific rights under that state's law, including the rights described in Section 5.1. You also have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. As noted above, we do not currently sell or share personal information for advertising. If that changes, we will provide a clear opt-out mechanism.

Right to appeal. If we deny a request you make under a state privacy law, you may appeal our decision by replying to our response email with the subject line "Privacy Rights Appeal." We will review and respond within the time frame required by your state's law.

California "Shine the Light." California residents may request a notice describing what categories of personal information we share with third parties for those third parties' direct marketing purposes. We do not currently share information for that purpose; if that changes we will update this Notice.

5.3 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are in the EEA, the UK, or Switzerland, Drip AI and Data is the "controller" of your personal data. Our legal bases for processing are:

  • Contract performance — we need to process your information to provide the Services you've signed up for;
  • Legitimate interests — operating, securing, and improving the Services and protecting against fraud or abuse;
  • Consent — for processing that depends on it (such as optional marketing emails);
  • Legal obligation — where required by law.

You have the right to access, correct, delete, restrict processing, object to processing, port your data, and withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection authority, though we encourage you to contact us first so we can try to resolve your concern.

5.4 Canada (PIPEDA)

If you are in Canada, you have the rights described in Section 5.1, and you may also request information about how we have used or disclosed your information. We will respond within 30 days of receiving your request.

6. Children's Privacy

Dynasty War Room is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact support@dynastywarroom.com and we will delete the information and the associated account. Users between 13 and 18 must have parental or guardian consent to use the Services.

7. Data Retention

We keep your information for as long as your account is active and as long as we need it to provide the Services. After you delete your account, we may retain limited information for legitimate purposes, including:

  • Resolving disputes among league members or with third parties;
  • Preventing fraud, abuse, and the creation of duplicate accounts;
  • Complying with tax, accounting, and other legal obligations;
  • Maintaining backups for a reasonable disaster-recovery window;
  • Supporting our security monitoring and audit logs.

League data (rosters, trades, draft history, etc.) may be retained for as long as the league exists, even if individual members leave. When a commissioner deletes a league, the league's data is deleted or anonymized according to our retention schedule.

8. Data Security

We use industry-standard administrative, technical, and physical safeguards to protect your information. These include encrypted transport (TLS), encrypted-at-rest databases, row-level security policies in our database layer, role-based access controls for our team, and multi-factor authentication for administrative access. We monitor for unauthorized access and suspicious activity with Sentry and PostHog.

Despite these measures, no method of transmitting or storing data over the internet is 100% secure. We cannot guarantee absolute security, and you use the Services at your own risk. If we learn of a security incident that affects your information, we will notify you and applicable authorities as required by law.

9. International Transfers

Drip AI and Data is based in the United States, and most of our service providers are too. If you access the Services from outside the United States, your information will be transferred to, stored in, and processed in the United States. The laws of the United States may differ from the laws of your country and may not provide the same level of protection. By using the Services you consent to this transfer. Where required by law (for example, the GDPR), we rely on appropriate safeguards such as Standard Contractual Clauses to lawfully transfer personal data outside of your home jurisdiction.

10. Changes to This Notice

We may update this Notice from time to time. When we do, we will update the "Last Updated" date at the top, post the revised Notice on the Services, and — for material changes — notify you by email or in-app notice. Your continued use of the Services after a change takes effect constitutes your acceptance of the updated Notice.

11. Contact

Questions, requests to exercise your privacy rights, complaints, or any other communication regarding this Notice should be sent to:

Drip AI and Data LLC 22 Leamington Rd Boston, MA 02135 Email: support@dynastywarroom.com

[REVIEW NOTES — not part of the final document]

Items still to confirm before publishing:

  1. Publish date → fills "Last Updated" at top
  2. Set up Cloudflare Email Routing so support@dynastywarroom.com forwards to danny@dripaidata.com
  3. Legal review by a real attorney is required before publishing, particularly the U.S. state rights section (laws change frequently and new states add laws each session), GDPR provisions (controller vs processor designation needs confirmation), and the service-provider list (verify it stays accurate as we wire up Resend, OneSignal, etc.)
  4. If we ever begin selling or sharing personal info for advertising, the Cookies section + Section 5.2 need updates + an opt-out mechanism added
  5. Confirm Sentry + PostHog deployments are configured to not collect more than what's described here (no session replays, no PII in error contexts beyond email)