Privacy Policy

Last updated: February 12, 2026

1. Information We Collect

Account Information: When you create an account, we collect your email address and a password (stored as a bcrypt hash). You may optionally provide a username and avatar.

Usage Data: We collect information about how you use the service, including predictions you make, fighters you view, and notification preferences.

Push Subscription Data: If you enable push notifications, we store your browser push subscription endpoint (provided by your browser vendor such as Google, Mozilla, or Apple) to deliver notifications. This is a technical URL, not personal information.

Device Information: We collect basic device metadata sent with push subscriptions (browser type) to manage delivery.

2. How We Use Your Information

  • To provide and maintain the FightWatchr service
  • To send you fight alerts, prediction results, and ranking updates via push notifications (when enabled)
  • To display leaderboards and prediction statistics
  • To authenticate your identity and protect your account
  • To send password reset and account verification emails

3. Data Sharing

We do not sell your personal information. We share data only with:

  • Email provider (Resend): To send transactional emails such as password resets and email verification.
  • Push notification services:Your browser's push service (FCM, Mozilla Push, Apple Push) to deliver notifications.

4. Cookies and Local Storage

We use a session cookie for authentication (managed by NextAuth.js with SameSite=Lax). We do not use advertising or third-party tracking cookies.

5. Data Retention

Account data is retained for as long as your account is active. Notifications expire after 30 days and are automatically deleted. Push subscriptions with repeated delivery failures are cleaned up automatically.

6. Data Security

Passwords are hashed with bcrypt (12 rounds). All connections use HTTPS. Authentication tokens use signed JWTs with sliding refresh. API endpoints are rate-limited to prevent abuse.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Update your email address, username, or password via account settings
  • Disable push notifications at any time from your browser or notification settings
  • Request deletion of your account and associated data by contacting us

8. Third-Party Data

Fighter statistics, event data, and odds are sourced from publicly available sports data providers (ESPN, DraftKings, UFC.com). This data is not user personal information.

9. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated revision date.

10. Contact

For questions about this privacy policy or to exercise your data rights, contact us at [email protected].