Privacy Policy

HitBuddy MLB ("HitBuddy", "we", "us") operates the website hitbuddymlb.com and the HitBuddy mobile application. This policy explains what data we collect, how we use it, and your rights regarding that data.

Account information: When you sign up, we collect your email address, display name, and optionally your phone number, first/last name, city, state, and sportsbook preferences.

Authentication data: We store a hashed version of your password (using bcrypt). We never store your password in plain text.

Usage data: We may collect basic usage information such as pages visited and features used to improve the service.

We do not collect: Payment information, precise location data, contacts, photos, or any data from your device beyond what is entered into our forms.

We use the information we collect to:

- Provide and maintain the HitBuddy service

- Authenticate your account and manage sessions

- Send one-time verification codes to your email during signup

- Personalize your experience (e.g. sportsbook preferences)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

All data transmitted between your device and our servers is encrypted using TLS (HTTPS). Passwords are hashed using bcrypt before storage. Session tokens are generated using cryptographically secure random bytes.

Our database is not publicly accessible and is only reachable from our application server.

We use the following third-party services:

- BallDontLie API: For MLB game and player statistics (no user data is shared)

- The Odds API: For sportsbook odds data (no user data is shared)

- Resend: For sending verification emails (your email address is shared with Resend solely for email delivery)

We retain your account data for as long as your account is active. Session tokens expire after 30 days. One-time verification codes expire after 10 minutes and are deleted after use.

Access & Update: You can view and update your profile information at any time from the Profile page.

Delete: You can permanently delete your account and all associated data from the Profile page. This action is irreversible.

Contact: For any privacy-related questions or requests, email us at privacy@hitbuddymlb.com.

HitBuddy is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18.

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of HitBuddy after changes constitutes acceptance of the updated policy.