Privacy Policy

1. Introduction

Gully Legend ("we", "us", or "our") operates the Gully Legend platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect the following types of information:

• Account Information: Full name, email address, and encrypted password when you register.
• Role & Team Data: Your selected role (Admin, Auctioneer, Captain, or Member), team assignments, auction bids, squad selections, and fantasy scores.
• Payment Information: Payment transactions are processed by our payment partner. We do not store your card details. We retain transaction IDs and payment status for record-keeping.
• Usage Data: Log data such as IP address, browser type, pages visited, and timestamps to improve the Service.
• Authentication Data: If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.

3. How We Use Your Information

• To create and manage your account and provide the Service.
• To process payments and grant role-based access for one year from the date of purchase.
• To facilitate live auctions, fantasy scoring, leaderboards, and team management.
• To communicate service updates, security alerts, and support responses.
• To improve and optimize the platform experience.

4. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

• Payment Processor: our payment partner, to process your payment securely.
• Authentication Provider: Google (if you use OAuth sign-in).
• Other Users: Your team name, captain name, auction bids, and leaderboard scores are visible to other users within your auction room.
• Legal Requirements: If required by law, regulation, or legal process.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. Your purchased access is valid for one year from the date of purchase. After your access period expires, your account data may be retained for an additional 90 days before deletion, unless required by law.

6. Data Security

We implement industry-standard security measures including encrypted passwords (bcrypt hashing), JWT-based authentication, HTTPS encryption, and role-based access control. However, no method of electronic transmission or storage is 100% secure.

7. Your Rights

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may update your account information through the Settings page.
• Deletion: You may request account deletion by contacting us. Note that deletion may affect team and auction records within your room.

8. Cookies

We use localStorage to store your authentication token (JWT) for session management. We do not use third-party tracking cookies. Essential cookies may be used for site functionality.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please reach out to us through the platform or contact the administrator of your auction room.