Privacy Policy

1. Introduction and Scope

This Privacy Policy (“Policy”) describes how Aulencia Holdings, LLC, doing business as “The Playbook” (“The Playbook,” “Company,” “we,” “our,” or “us”), collects, uses, discloses, processes, and protects information obtained from users (“you,” “your,” or “User”) of our website, mobile applications, application programming interfaces, and all related services (collectively, the “Service”).

By accessing, using, or registering for the Service, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any provision of this Policy, you must immediately discontinue use of the Service.

This Policy is incorporated by reference into our Terms of Service. Capitalized terms used but not defined herein have the meanings given in the Terms of Service.

Independent Service. The Playbook is an independent informational service. We are not affiliated with, endorsed by, sponsored by, or partnered with the National Basketball Association (NBA), the National Hockey League (NHL), any of their member teams, broadcast networks, or streaming services unless explicitly stated. All references to third-party names are for identification and informational purposes only. For full details, see our Terms of Service § 7.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when you register for, access, or use the Service, including:

• Account Information: Full name, email address, and password (hashed using industry-standard bcrypt algorithms; we never store plaintext passwords).
• Profile Preferences: Favorite teams, preferred leagues (NBA, NHL), geographic location (zip code), display preferences (dark mode), and notification settings.
• Service Usage Information: Streaming service selections, viewing preferences, and optimizer usage history. Optimizer outputs are informational estimates and may change as provider availability and pricing change.
• Payment Information: If you subscribe to a paid plan (e.g., Pro), payment is processed by our third-party payment processor, Stripe, Inc. We do not receive, store, or have access to your full credit card number. Stripe provides us with a limited set of billing details (such as the last four digits of your card, card brand, expiration date, billing country, and Stripe customer and subscription identifiers) to manage your subscription status. All payment data is handled in accordance with Stripe’s Privacy Policy and PCI DSS requirements.
• Communications: Information provided when you contact support, submit feedback, or correspond with us in any manner.
• User-Generated Content: Any content, data, or information you submit, post, or make available through the Service.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain information, including:

• Device Information: Device type, operating system, browser type and version, IP address, hardware model, unique device identifiers, and mobile network information.
• Usage Data: Pages visited, features accessed, time spent on pages, clickstream data, search queries, navigation paths, session duration, and frequency of use.
• Location Information: Zip code (when you provide it or when derived from browser geolocation with your explicit consent), IP-based approximate location, timezone, and country/region. If you use the auto-detect location feature, we request access to your device’s geolocation API; this data is used solely to determine your zip code for blackout and broadcast availability purposes and is not stored beyond your active session.
• Log Data: Server logs, access logs, error logs, timestamps, referring URLs, and diagnostic data.
• Cookies & Local Storage: Information collected through cookies, web beacons, local storage, session storage, and similar technologies (see Section 9).

2.3 Information from Third-Party Sources

• Sports Data Providers: Game schedules, broadcast information, and team data from licensed third-party sources.
• Geolocation Services: When you use the auto-detect location feature, your device’s coordinates are sent to a third-party reverse-geocoding service (BigDataCloud) to convert latitude and longitude into a zip code. We do not store raw GPS coordinates; only the resulting zip code is retained in your account preferences. The reverse-geocoding provider receives only coordinates and does not receive your identity or account information.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To operate, maintain, and deliver the Service; process registration; authenticate identity; process subscription payments and manage billing through our payment processor (Stripe); and provide requested features and content.
• Personalization: To customize your experience, including game recommendations, viewing options based on your location, and subscription optimization estimates based on your favorite teams.
• Communication: To send service-related notifications, respond to inquiries, and (with your consent) deliver marketing communications.
• Analytics & Improvement: To analyze usage patterns, measure performance, identify trends, and improve the Service.
• Security & Fraud Prevention: To detect, prevent, and address security threats, fraud, unauthorized access, and other harmful activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Aggregated Data: To create anonymized or de-identified datasets for research, analytics, and commercial purposes.

4. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (“GDPR”):

• Performance of a Contract: Processing necessary to provide the Service to you, including account management, personalization, and feature delivery (GDPR Art. 6(1)(b)).
• Legitimate Interests: Processing necessary for our legitimate business interests, including analytics, security, fraud prevention, and Service improvement, where these interests are not overridden by your data protection rights (GDPR Art. 6(1)(f)).
• Consent: Processing based on your freely given, specific, and informed consent, such as marketing communications and non-essential cookies. You may withdraw consent at any time (GDPR Art. 6(1)(a)).
• Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject (GDPR Art. 6(1)(c)).

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), we do not “sell” or “share” personal information as those terms are defined under California law.

We may disclose your information only in these limited circumstances:

5.1 Service Providers

We share information with trusted third-party vendors who perform services on our behalf, including cloud hosting, analytics, email delivery, customer support, payment processing, and security services. These providers are contractually bound to use your information solely for providing services to us and to maintain appropriate security measures.

Payment Processing: Subscription payments are processed by Stripe, Inc. When you subscribe to a paid plan, Stripe collects and processes your payment information directly. We receive only limited billing details (last four digits, card brand, expiration, billing country, and Stripe identifiers) necessary to manage your subscription. Stripe’s handling of your payment data is governed by its own Privacy Policy.

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect rights, property, or safety; enforce our agreements; prevent fraud; or respond to valid legal demands.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice through the Service or other means prior to any such transfer.

5.4 With Your Consent

We may share your information when you explicitly authorize us to do so.

5.5 Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, or commercial purposes.

6. Data Security

We implement comprehensive technical, administrative, and physical security measures to protect your information, including:

• Encryption: Passwords are hashed with bcrypt (industry-standard cost factor). All data in transit is encrypted via HTTPS/TLS.
• Access Controls: Role-based access controls, multi-factor authentication for internal systems, and principle of least privilege for all personnel.
• Secure Sessions: HttpOnly, Secure, and SameSite cookie attributes to prevent session hijacking and CSRF attacks.
• Infrastructure Security: Firewalls, intrusion detection, DDoS mitigation, and network segmentation.
• Monitoring & Auditing: Continuous security monitoring, periodic vulnerability assessments, penetration testing, and security audits.
• Incident Response: Documented procedures for detecting, responding to, containing, and recovering from security incidents.

No method of transmission over the Internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk.

7. Data Retention

We retain your personal information only as long as necessary for the purposes described in this Policy. Specific retention periods include:

• Account Data: Retained for the duration of your account plus 30 days following deletion to allow for account recovery.
• Usage & Analytics Data: Retained in identifiable form for up to 24 months, after which it is aggregated or anonymized.
• Support Communications: Retained for 3 years from the date of resolution.
• Security Logs: Retained for up to 12 months for security and fraud prevention purposes.
• Billing and Subscription Data: Subscription status, Stripe customer and subscription identifiers, and payment event records are retained for the duration of your account plus an additional period required for tax, accounting, and legal compliance (typically 7 years from the last transaction). Stripe independently retains payment data in accordance with its own retention policy and PCI DSS requirements.

When you delete your account, we initiate deletion of your personal information within 30 days, except for data we are legally required or permitted to retain (such as fraud prevention data or information subject to an ongoing legal hold).

8. Your Privacy Rights

8.1 Rights Available to All Users

Regardless of your location, you may:

• Access and update your personal information through your account settings.
• Delete your account and associated data.
• Opt out of marketing communications via the unsubscribe link in any email or through your notification settings.
• Control cookies and tracking through your browser settings.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

• Right to Know: The categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined under CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information: Direct us to limit the use of sensitive personal information to purposes necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization and we may verify your identity directly.

8.3 Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and Other US State Residents

If you reside in a state with a comprehensive consumer privacy law — including the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Texas Data Privacy and Security Act (TDPSA), Oregon Consumer Privacy Act (OCPA), Montana Consumer Data Privacy Act (MCDPA), or Utah Consumer Privacy Act (UCPA) — you may have rights to:

• Confirm whether we are processing your personal data and access such data.
• Correct inaccuracies in your personal data.
• Delete your personal data.
• Obtain a copy of your personal data in a portable format.
• Opt out of targeted advertising, the sale of personal data, and profiling in furtherance of decisions producing legal or similarly significant effects (where applicable).

If we decline your request, you may appeal our decision by contacting us at support@theplaybook.watch with the subject line “Privacy Rights Appeal.” We will respond to appeals within the timeframe required by applicable law.

8.4 EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure / “right to be forgotten” (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object to processing (Art. 21)
• Rights related to automated decision-making and profiling (Art. 22)
• Right to withdraw consent at any time (Art. 7(3))

You also have the right to lodge a complaint with your local data protection supervisory authority.

8.5 Nevada Residents

Nevada residents may submit a request directing us not to sell their personal information. As stated above, we do not sell personal information. To submit a request, contact us at support@theplaybook.watch.

8.6 How to Exercise Your Rights

To exercise any privacy right, contact us at support@theplaybook.watch. We will verify your identity before processing requests and respond within the timeframes required by applicable law (typically 30–45 days). You will not be charged a fee for exercising your rights except in limited circumstances permitted by law.

9. Cookies and Tracking Technologies

We use cookies, local storage, session storage, and similar technologies. These fall into the following categories:

9.1 Essential Cookies

Required for the Service to function. These include authentication tokens, session identifiers, and CSRF protection tokens. These cookies cannot be disabled without impairing core Service functionality.

9.2 Functional Cookies

Store your preferences such as dark mode state, favorite teams, selected location, and display preferences. These enhance your experience but are not strictly necessary.

9.3 Analytics Cookies

Collect anonymized data about how you use the Service, including pages visited, features used, and performance metrics. This data helps us improve the Service.

9.4 Security Cookies

We use Cloudflare Turnstile on certain forms (such as the contact form) to protect against automated spam and abuse. Turnstile may set cookies or use browser signals to verify that a real person is submitting the form. These cookies are managed by Cloudflare and are subject to Cloudflare’s Privacy Policy.

9.5 Affiliate and Third-Party Cookies

If you click on a link to a third-party service (such as a streaming provider or ticketing platform), that third party may set its own cookies to track the referral. We may participate in affiliate programs that use cookies to attribute referrals. These cookies are set by the third party, not by The Playbook, and are governed by the respective third party’s privacy policy. See our Affiliate Disclosure in the Terms of Service for more details.

9.6 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Disabling essential cookies may affect Service functionality.

We honor the Global Privacy Control (“GPC”) signal. If your browser or device sends a GPC signal, we treat it as a valid opt-out of any “sale” or “sharing” of personal information (as defined by applicable law). We do not currently respond to other “Do Not Track” signals as there is no industry standard for their interpretation.

10. Children’s Privacy

The Service is not intended for children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal information from children under these age thresholds without verifiable parental consent.

If we become aware that we have collected personal information from a child below the applicable age threshold, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately at support@theplaybook.watch.

11. International Data Transfers

Your information may be transferred to, stored in, and processed in the United States and other countries that may have different data protection laws than your country of residence.

Where we transfer personal data from the EEA, UK, or Switzerland, we implement appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), the UK Addendum to the EU SCCs, and other transfer mechanisms recognized under applicable data protection laws. By using the Service, you consent to such transfers.

12. Third-Party Links, Services, and Affiliates

The Service may contain links to third-party websites, services, or applications not owned or controlled by us, including streaming services, ticketing platforms, and other sports-related services. This Policy does not apply to such third-party services. We are not responsible for the privacy practices, content, or security of third-party services and encourage you to review their privacy policies before providing personal information.

Affiliate Links. Some links on the Service may be affiliate links. When you click these links and make a purchase or subscribe, we may receive a commission at no additional cost to you. Third-party affiliate partners may collect information about your interactions with their services in accordance with their own privacy policies. We do not control the data collection or privacy practices of these third parties.

13. Data Breach Notification

In the event of a security breach that compromises your personal information, we will:

• Notify affected individuals without unreasonable delay and within the timeframes required by applicable law (including within 72 hours of becoming aware of the breach where required by the GDPR).
• Notify relevant supervisory authorities as required by law.
• Provide information about the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.

14. Changes to This Privacy Policy

We may update this Policy from time to time. We will notify you of material changes by:

• Posting the updated Policy on this page with a new “Last updated” date.
• Sending an email notification to the address associated with your account.
• Displaying a prominent notice within the Service.

Material changes will not take effect until at least 30 days after posting, unless otherwise required by law. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.