Privacy Policy for draftalot.com

Effective Date: 4/8/2026

At draftalot.com ("Draftalot," "we," "us," or "our"), we are committed to protecting the privacy and security of our users' personal information. This Privacy Policy describes how we collect, use, store, and disclose information when you use our website. By accessing or using draftalot.com, you agree to the terms of this Privacy Policy.

Information We Collect

Account Information

When you create an account, we collect:

• Full name
• Email address
• Username and password (passwords are stored in hashed form)
• Phone number (optional, for SMS notifications)
• Time zone preference
• Profile image (optional)

Game and League Data

As part of the league management service, we collect and store:

• Deck lists, card collections, and trading history
• Match results and win/loss records
• ELO rankings and achievement/badge data
• Message board posts, inbox messages, and draft chat messages
• Event attendance and responses

Payment Information

If you subscribe to a paid league, payment is processed through PayPal. We store your PayPal payer ID, subscription ID, and the email address associated with your PayPal account. We do not store credit card numbers or bank account details — that information is handled entirely by PayPal.

Automatically Collected Information

When you use Draftalot, we automatically collect:

• IP address, browser type, and operating system
• Device type (mobile or desktop)
• Pages visited and actions taken

Cookies

We use cookies for the following purposes:

• Session cookie — Keeps you logged in during your visit
• Mobile/desktop preference — Remembers your site layout preference (expires after 1 year)
• Dark mode preference — Remembers your display theme preference (expires after 1 year)

Third-party services we use (see below) may also set their own cookies.

How We Use Your Information

• To operate, maintain, and improve the Draftalot platform
• To manage your league, track matches, facilitate trades, and run virtual drafts
• To send you notifications about league activity (draft turns, match results, trades, events) via email or SMS, based on your notification preferences
• To send broadcast messages from your league's administrator
• To process payments for paid league subscriptions
• To detect and prevent spam and abuse (via reCAPTCHA)
• To generate visual assets for the platform (badge icons, trophy images) using AI tools
• To diagnose errors and improve site reliability

Third-Party Services

We use the following third-party services to operate Draftalot. Each has their own privacy policy governing how they handle data:

Google reCAPTCHA

We use Google reCAPTCHA v3 on login, registration, and league creation forms to protect against spam and automated abuse. reCAPTCHA may collect your IP address, browser information, and interaction data. This data is subject to Google's Privacy Policy and Terms of Service.

SMTP2GO (Email and SMS Delivery)

We use SMTP2GO to deliver email and SMS notifications. When we send you a notification, your email address or phone number and the message content are transmitted through SMTP2GO's servers. See SMTP2GO's Privacy Policy.

PayPal (Payment Processing)

Paid league subscriptions are processed through PayPal. When you make a payment, PayPal shares your payer ID, email address, and subscription details with us. See PayPal's Privacy Policy.

OpenAI

We use OpenAI's API to generate visual assets (badge icons, trophy images) and to power the deck analysis feature. When you use deck analytics, your deck's card list is sent to OpenAI for analysis. No personally identifying information (name, email, etc.) is sent — only card names and quantities. See OpenAI's Privacy Policy.

Sharing of Information

• We do not sell, trade, or rent your personal information to third parties.
• We share data with the third-party service providers listed above solely for the purposes described.
• League administrators can view player information within their league, including names, email addresses, deck lists, match history, and notification preferences.
• Other players in your league can see your name, deck list (if public deck lists are enabled), match results, badges, and message board posts.
• We may disclose your information if required by law or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Data Storage and Security

• Your data is stored on servers located in the United States.
• Passwords are stored using one-way hashing and are never stored in plain text.
• We use HTTPS to encrypt data in transit.
• We take reasonable measures to protect your information, but no method of electronic storage or transmission is 100% secure.

Error Logging

When technical errors occur, our system may log diagnostic information including your IP address, browser details, and the action that caused the error. This information is used solely for troubleshooting and is not shared with third parties.

Data Retention

We retain your account data for as long as your account is active. If you wish to have your account and associated data deleted, please contact us at the email address below. League administrators may also deactivate player accounts within their leagues.

Your Choices

• You may choose not to provide optional information (phone number, profile image), but this may limit certain features.
• You can manage your notification preferences (email and SMS) from your Profile page at any time.
• You can toggle between light and dark display modes using the link at the bottom of any page.
• You can switch between mobile and desktop site layouts using the link at the bottom of any page.
• You can request deletion of your account and personal data by contacting us.

Children's Privacy

Draftalot is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us so we can promptly remove it.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@draftalot.com.