Privacy Policy

Diamond Edge (“we”, “our”, “us”) operates the Diamond Edge MLB picks information service at diamond-edge.co. We are not a sportsbook, licensed handicapper, or financial services provider. We provide statistical analysis and AI-generated rationale for informational purposes.

We collect the following categories of information:

• Account data: Email address and password (stored via Supabase Auth; password is never stored in plaintext).
• Age verification: Date of birth, entered during onboarding, to verify you are 21 or older. We store the date you verified, not your raw DOB, after verification is complete.
• Geographic data: We determine your state from your IP address at access time to enforce state-level legal restrictions. We store your declared state (“geo_state”) in your profile.
• Billing data: Subscription tier and Stripe customer ID. We do not store card numbers — all payment data is handled by Stripe.
• Usage data: Bankroll entries, bet logs, and in-app activity you explicitly create. We do not sell this data.
• Log data: Server logs including IP address, browser type, and pages accessed. Used for security and debugging only.

We use collected information to:

• Authenticate your account and enforce age and geographic restrictions.
• Deliver the pick content and features appropriate to your subscription tier.
• Process subscription payments and manage your billing relationship via Stripe.
• Send transactional emails (account confirmation, billing receipts). We do not send marketing email without explicit opt-in.
• Maintain security, detect abuse, and comply with legal obligations.

We do not sell your personal data. We share data only as follows:

• Supabase: Database and authentication provider. Data is stored in Supabase-managed Postgres. Supabase Privacy Policy.
• Stripe: Payment processing. Diamond Edge passes your email to Stripe to create a billing customer record; Stripe handles all card data under their PCI-compliant infrastructure. Stripe Privacy Policy.
• Vercel: Hosting and infrastructure. Request logs are processed by Vercel's edge network.
• Legal: We may disclose data if required by law, court order, or to protect the rights of Diamond Edge or others.

[Attorney review required: confirm adequate data processing agreements with all sub-processors for applicable state privacy laws.]

We retain account data for the duration of your account plus a period required to satisfy legal, billing, and security obligations. Bet log and bankroll data you create is retained until you delete it or close your account. You may request deletion of your account and associated data by contacting us at support@diamond-edge.co.

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data (“right to be forgotten”).
• Opt out of any sale of personal data (we do not sell data).

To exercise any of these rights, contact us at support@diamond-edge.co. We will respond within 30 days.

[Attorney review required: confirm rights coverage for CCPA (CA), VCDPA (VA), CPA (CO), and other applicable state privacy laws in the ALLOW jurisdiction list.]

Diamond Edge uses cookies solely for authentication (session management via Supabase Auth). We do not use third-party tracking, advertising cookies, or behavioral profiling tools. No analytics platform with user-level tracking is active in v1.

Age verification data (date of birth, verification timestamp) is treated as sensitive information. It is used only to enforce the 21+ requirement and is not shared with third parties for any other purpose. Geographic restriction data (geo_state) is used only to enforce legal jurisdiction requirements.

The Service is not directed at anyone under 21 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately at support@diamond-edge.co and we will delete the account.

We implement reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS), Supabase Row-Level Security (RLS), and service-role key segregation. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

We may update this Privacy Policy. Material changes will be communicated via the email address on your account or via an in-app notice at least 7 days before taking effect. Continued use after notice constitutes acceptance.

Questions about this Privacy Policy or your data? Contact us at support@diamond-edge.co.