Privacy Policy

1. What Data We Collect

When you create an account, we collect the following information:

• Email address — used to identify your account, send verification emails, and deliver your monthly newsletter.
• Password — stored as a one-way bcrypt hash. We never store your plaintext password.
• Timezone — used to display event times correctly in your calendar feed.
• Sport, league, and team subscriptions — your preferences for which events appear in your personalized calendar.
• Google Calendar OAuth tokens — only if you connect Google Calendar. These are stored encrypted and used solely to sync your sports events to your Google Calendar.
• Newsletter engagement data — whether you clicked the keep-alive link in monthly newsletters, used to determine account activity status.

2. How We Use Your Data

• To generate your personalized .ics calendar feed containing only the sports, leagues, and teams you follow.
• To send you a monthly newsletter with upcoming sports highlights. This newsletter is a core part of the free service.
• To sync events to your Google Calendar if you opt in to that integration.
• To maintain your account status and determine whether your account is active.

3. Monthly Newsletter and Account Activity

As part of the free service, all registered users receive a monthly newsletter. Each newsletter includes a keep-alive link. If you do not click the keep-alive link (or log in to your account) within three consecutive months, your account will be flagged as inactive.

Inactive accounts continue to retain your data but will stop receiving newsletters, and your calendar feeds will return empty results. You can reactivate your account at any time by logging in.

4. Calendar Feed URLs

Your personalized calendar feed is accessible via a unique token embedded in a URL (e.g., /cal/[token].ics). This URL does not require authentication and can be used directly with Google Calendar, Apple Calendar, or any other calendar application. Anyone with this URL can access your calendar feed, so treat it like a private link. You can regenerate your token at any time from your settings.

5. Google Calendar Integration

If you choose to connect Google Calendar, we store encrypted OAuth tokens to sync your sports events directly to your Google Calendar. These tokens are used only for this purpose and are never shared with third parties. You can disconnect Google Calendar at any time from your settings, which deletes your stored tokens.

6. Account Deletion

You can delete your account at any time via the Settings page. Deletion is permanent and immediate. All data associated with your account is removed, including:

• Your email, password, and profile data
• Your sport, league, and team subscriptions
• Your calendar feed URL (the .ics feed will immediately stop working)
• Your Google Calendar connection and stored OAuth tokens (note: events already synced to Google Calendar will remain in Google Calendar but will no longer be updated)
• Your newsletter engagement history

7. Third-Party Services

• Resend — used to deliver transactional emails (verification, password reset) and the monthly newsletter. Your email address is shared with Resend solely for delivery purposes.
• Google Calendar API — used only if you opt in. Subject to Google's privacy policy.
• Sports data providers (TheSportsDB, ESPN, etc.) — used to source sports schedule data. No user data is shared with these services.

8. Cookies

We use a single session cookie managed by NextAuth.js to keep you logged in. We do not use any tracking, advertising, or analytics cookies.

9. Data Retention

• Active accounts — data is retained indefinitely while your account is active.
• Inactive accounts — data is retained but newsletter delivery stops and calendar feeds return empty results.
• Unverified accounts — accounts that have not verified their email address are automatically deleted after 7 days.

10. Contact

If you have questions about this privacy policy or your data, contact us at [email protected].