Privacy Policy

Effective date: March 24, 2026

This Privacy Policy describes how The Franchise (“we,” “us,” or “our”) collects, uses, shares, and protects your personal information when you use our website at www.thefranchise.app and related services (the “Service”). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information you provide

  • Account information: Email address and password (if registering with email), or name and email address from Google (if using Google sign-in).
  • Sleeper username: The Sleeper platform username you provide during onboarding, used to retrieve your league data via the Sleeper public API.
  • User content: Text queries, chat messages, and trade configurations you submit when using Coach AI, the War Room Council, and other interactive features.
  • Payment information: If you subscribe to Pro, payment details (credit/debit card number, billing address) are collected and processed directly by Stripe. We do not store your full payment card information on our servers.

1.2 Information collected automatically

  • Usage data: Pages visited, features used, timestamps, referral URLs, and interactions with the Service.
  • Device and connection data: IP address, browser type and version, operating system, and device identifiers.
  • Cookies: We use essential cookies for authentication and session management. See Section 6 for details.

1.3 Information from third parties

  • Sleeper API: League settings, roster data, player information, transaction history, and draft data associated with your Sleeper username. This data is publicly accessible through the Sleeper API.
  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not access your Google contacts, calendar, or other Google services.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Retrieve and display your fantasy league data from Sleeper
  • Generate AI-powered analysis, coaching, and recommendations
  • Process subscription payments through Stripe
  • Enforce usage limits and prevent abuse (rate limiting)
  • Send transactional emails (account confirmation, password reset, billing notices)
  • Respond to your support requests
  • Monitor and improve Service performance and reliability
  • Comply with legal obligations

We do not sell your personal information. We do not use your personal information for targeted advertising.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1 Service providers

We use the following third-party services to operate the Service:

  • Supabase — Authentication, database hosting, and data storage. Privacy policy
  • Stripe — Payment processing for Pro subscriptions. Stripe receives your payment card details directly; we receive only a confirmation of payment status and a customer identifier. Privacy policy
  • Vercel — Website hosting and serverless function execution. Privacy policy
  • Google — OAuth authentication (sign-in with Google). Privacy policy

3.2 AI model providers

To power our AI features, your chat messages and trade queries are transmitted to third-party AI model providers for processing. These providers currently include:

  • OpenAI (Coach AI, trade analysis)
  • Anthropic (War Room Council — The Analyst)
  • Google Gemini (War Room Council — The Architect, consensus synthesis)

Data sent to these providers includes your query text and relevant league context (roster data, player names, trade details). It does not include your email address, payment information, or account credentials.

We do not permit these providers to use your data for model training. We use API plans and configurations that exclude customer data from training datasets. Each provider’s data handling is governed by their respective privacy policies and API terms of service.

3.3 Legal requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business transfers

If The Franchise is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Retention

We retain your account information and associated data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data (email, Sleeper username, preferences): Retained until you delete your account.
  • AI chat history: Retained for the duration of your session. We do not store long-term chat logs beyond what is needed for the current session and usage tracking.
  • Usage and billing records: Retained for up to 24 months after account closure for legal and accounting purposes.
  • Server logs: Retained for up to 30 days for security and debugging purposes.

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, fraud prevention).

5. Data Security

We implement reasonable technical and organizational security measures to protect your personal information, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for stored data (via Supabase)
  • Secure authentication with hashed passwords and OAuth tokens
  • Role-based access controls for internal data access
  • Rate limiting to prevent automated abuse

Despite these measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your information.

6. Cookies and Similar Technologies

We use cookies strictly for essential purposes:

  • Authentication cookies: To maintain your login session and authenticate API requests. These are set by Supabase and are necessary for the Service to function.
  • Preference cookies: To remember your display preferences (e.g., light/dark mode).

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Because our cookies are essential to the Service’s operation, they cannot be individually disabled without losing access to the Service.

7. Your Rights and Choices

7.1 Access and portability

You can view and update your account information at any time through your account settings. You may request a copy of your personal data by contacting us at support@thefranchise.app.

7.2 Deletion

You may request deletion of your account and associated personal data by contacting us. We will process deletion requests within 30 days, subject to any legal retention obligations.

7.3 Correction

If your personal information is inaccurate or incomplete, you may update it through your account settings or by contacting us.

7.4 Email communications

We send transactional emails related to your account (confirmation, password reset, billing receipts). These are essential communications and cannot be opted out of while you maintain an active account. We do not send marketing emails.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request that we disclose what personal information we collect, use, and share about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No sale of personal information: We do not sell personal information as defined by the CCPA.

To exercise these rights, contact us at support@thefranchise.app. We will verify your identity before fulfilling requests.

9. Children’s Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@thefranchise.app.

10. International Users

The Service is hosted in the United States and is primarily intended for users in the United States. If you access the Service from outside the United States, you understand and consent to the transfer and processing of your personal information in the United States, where data protection laws may differ from those of your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 15 days before the changes take effect. The “Effective date” at the top of this page indicates when this policy was last revised.

Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

The Franchise
Email: support@thefranchise.app