Privacy Policy

Last updated: March 22, 2026

1. Information We Collect

When you create an account, we collect:

• Contact information: Email address and/or phone number (used for OTP verification)
• Display name: Your chosen username
• Biometric data: WebAuthn credential IDs (we never store raw biometric data — only cryptographic public keys)
• Usage data: Picks submitted, dashboard interactions, login timestamps

2. How We Use Your Information

• To authenticate your identity via Twilio SMS or Resend email OTP
• To enable biometric login via WebAuthn passkeys
• To track your pick accuracy and display personalized statistics
• To send SMS/email alerts you've opted into (anomaly alerts, daily summaries)
• To improve the consensus engine and anomaly detection algorithms

3. How We Protect Your Information

All data is encrypted in transit via TLS. Database connections use SSL. Passwords are never stored — authentication is OTP-only and passkey-based. Session tokens are signed with HMAC-SHA256.

4. Third-Party Services

• Twilio: SMS OTP delivery
• Resend: Email OTP delivery
• Neon: PostgreSQL database hosting
• Render: Application hosting
• The Odds API: Odds data aggregation

5. Data Retention

Account data is retained while your account is active. You may request deletion at any time by contacting us. Session data expires automatically. Aggregated, anonymized analytics may be retained indefinitely.

6. Cookies

LumeLine uses a single JWT session cookie for authentication. We do not use tracking cookies or third-party analytics trackers.

7. Your Rights

You have the right to access, correct, or delete your personal data. You may opt out of SMS/email alerts at any time. Contact us at privacy@darkwavestudios.io.

8. Children's Privacy

LumeLine is not intended for users under 18 years of age. We do not knowingly collect information from minors.

9. Changes

We may update this policy periodically. We will notify registered users of material changes via email.