CommishHubCommishHub

Privacy Policy

Effective Date: August 1, 2026 • Last Updated: April 20, 2026

1. Who We Are

CommishHub is operated by FMR Digital LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the CommishHub platform at commishhub.app (the "Service").

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, and password (or Google account credentials if you use Google Sign-In).
  • Profile information: Display name and optional avatar.
  • Pool activity: Pools you create or join, picks you submit, tiebreaker entries, and pick reasoning notes.
  • Payment information: When you subscribe or pay pool dues, payment details are collected and processed by Stripe, Inc. We do not store your credit card number on our servers.
  • Commissioner state & attestation: If you enable Pool Dues collection, we collect your state of residence and a timestamped record of your acceptance of the Pool Dues attestation. This is used to enforce jurisdiction-based eligibility for dues collection.
  • Stripe Connect onboarding data: Commissioners who enable Pool Dues complete Stripe's Connect onboarding, which may require legal name, date of birth, address, SSN or EIN, and bank account details. This information is collected and stored by Stripe, not by CommishHub. We receive only the Connect account ID and onboarding status.
  • Communications: Any messages you send to us for support or feedback.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, and interactions within the Service.
  • Device information: Browser type, operating system, and screen resolution.
  • Cookies and session tokens: We use essential cookies to maintain your authentication session. We do not use advertising or third-party tracking cookies.

2.3 Information from Third Parties

  • Google Sign-In: If you authenticate via Google, we receive your name, email, and profile picture from Google.
  • Stripe: We receive payment confirmation status and subscription details from Stripe. We never receive or store full card numbers.
  • Stripe Connect (commissioners only): For commissioners who enable Pool Dues, we receive the Connect account ID, onboarding status, and aggregate payout information. Tax reporting (including any IRS Form 1099-K issuance to commissioners who exceed federal thresholds) is performed by Stripe, not by CommishHub.

3. How We Use Your Information

  • Provide, operate, and maintain the Service.
  • Process subscriptions and pool dues payments.
  • Send transactional emails: pick reminders, results notifications, and pool invitations (from [email protected]).
  • Display your picks, standings, and stats to other members of pools you belong to.
  • Enforce pick lock times and pool rules configured by your commissioner.
  • Improve the Service based on aggregated usage patterns.
  • Respond to support requests.

4. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

  • Within your pools: Other pool members can see your display name, picks (after lockout), standings, and stats. Commissioners can see pick submission status for their pools.
  • Service providers: We use the following third-party services to operate the platform:
    • Supabase (database and authentication hosting)
    • Stripe (payment processing)
    • Resend (transactional email delivery)
    • Cloudflare (DNS and content delivery)
  • Pool Dues (Stripe Connect): When you pay Pool Dues, your payment is processed by Stripe directly to the commissioner's connected Stripe account. The commissioner may receive transaction details (amount paid, payment status, and the name associated with your Stripe payment method) through their Stripe dashboard. CommishHub does not control the commissioner's use of this payment information.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction.

5. Data Security

We use industry-standard security measures to protect your data, including encrypted connections (TLS/SSL), Supabase Row Level Security (RLS) to isolate pool data, and secure password hashing. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account information and pool activity for as long as your account is active or as needed to provide the Service. Season archives and historical records (Hall of Fame, past standings) are retained to support the platform's historical features. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and personal data.
  • Export your data in a portable format.
  • Withdraw consent for optional data processing.

To exercise any of these rights, contact us at [email protected].

8. Children's Privacy

CommishHub is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly.

9. Cookies

CommishHub uses only essential cookies required for authentication and session management. We do not use advertising cookies, analytics tracking pixels, or third-party behavioral tracking. Your browser settings can control cookie behavior, but disabling essential cookies may prevent you from using the Service.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Categories of personal information we collect:

  • Identifiers — name, email address, account ID
  • Commercial information — subscription tier, payment history, pool dues transactions
  • Internet or electronic network activity — pages visited, features used, browser type
  • Inferences — pool standings, pick statistics, streak data derived from your activity

We do not sell or share your personal information as defined under the CCPA. We do not use your data for cross-context behavioral advertising.

Your rights:

  • Request to know what personal information we collect about you.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Opt out of any future sale of personal information (we do not currently sell data).

We will not discriminate against you for exercising any of these rights. To submit a request, contact [email protected]. We will respond within 45 days.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email to the address associated with your account. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

FMR Digital LLC
Email: [email protected]