Privacy Policy

Overview & Scope

Dinger Derby ("Dinger Derby," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, store, and protect information about you when you visit or use the Dinger Derby website at dingerderby.io, any associated mobile applications, and related services (collectively, the "Platform"). It also governs how we communicate with you via email, SMS text messaging, and mobile push notifications.

This Privacy Policy applies to all visitors, registered users, and subscribers of the Platform. It does not apply to the data practices of any third-party websites, services, or applications that may be linked from our Platform.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices as described herein, please discontinue use of the Platform.

Section 1 — Information We Collect

We collect several types of information in connection with the Platform, as described below.

1.1 Information You Provide Directly

We collect information you provide when you:

• Register for an account (name, email address, username, password);
• Subscribe to a paid plan (billing name, billing address, payment card details — note: full payment card numbers are processed by our third-party payment processor and are not stored by Dinger Derby);
• Provide a mobile phone number and consent to receive SMS communications;
• Contact us for support or submit a form (name, email address, and the content of your message);
• Submit feedback, survey responses, or participate in any promotional activities;
• Communicate with us by email, SMS, or through any in-Platform messaging feature.

1.2 Information We Collect Automatically

When you access or use the Platform, we and our service providers automatically collect certain technical and usage information, including:

• Log data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of visit, and error logs;
• Device information: device type, device identifiers (including mobile advertising IDs where applicable), screen resolution, and hardware model;
• Push notification tokens: device tokens generated by your mobile operating system when you enable push notifications;
• Usage data: features used, Content accessed, search queries, subscription tier, and clickstream data;
• Location data: approximate geographic location derived from IP address (we do not collect precise GPS location without your explicit consent);
• Cookies and tracking technologies: as described in Section 5 of this Policy.

1.3 Information from Third Parties

We may receive information about you from third parties in the following circumstances:

• Payment processors (e.g., Stripe): transaction confirmation and billing status;
• Analytics providers (e.g., Google Analytics): aggregated usage and behavioral data;
• SMS delivery providers: delivery status, opt-out signals (STOP replies), and carrier information;
• Push notification delivery services: delivery confirmations and notification engagement data;
• If we offer social login features: basic profile information from the relevant social platform if you choose to authenticate via those services.

Section 2 — How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide & Operate the Platform

• Create and manage your user account;
• Deliver the baseball analytics Content and features you have requested or subscribed to;
• Process subscription payments and manage billing;
• Send transactional communications by email, SMS, or push notification (e.g., account confirmations, password resets, payment receipts, subscription renewal notices, and service alerts);
• Respond to your support requests, questions, and feedback.

2.2 To Improve & Personalize the Platform

• Analyze usage patterns to understand how users interact with the Platform;
• Identify and fix technical errors, bugs, and security vulnerabilities;
• Develop new features, Content categories, and analytics tools;
• Personalize your experience, such as surfacing Content relevant to your interests or favorite teams.

2.3 To Communicate With You

• Send marketing and promotional communications by email, SMS (where you have provided express written consent), and push notification (where you have enabled them on your device) — only where permitted by applicable law;
• Notify you of changes to the Platform, Terms of Service, or this Privacy Policy;
• Administer surveys, contests, or other promotional activities you choose to participate in.

2.4 For Safety, Security & Legal Compliance

• Detect, prevent, and investigate fraud, abuse, and unauthorized access;
• Enforce our Terms of Service and other applicable policies;
• Comply with applicable legal obligations;
• Protect the rights, property, and safety of Dinger Derby, our users, and the public.

2.5 With Your Consent

We may use your information for additional purposes not described above where we have obtained your prior consent. You may withdraw consent at any time, though withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Section 3 — Legal Basis for Processing (GDPR / International Users)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a documented legal basis for processing personal data, we rely on the following bases:

• Contract performance: Processing necessary to provide the services you have requested or subscribed to.
• Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and product improvement, where those interests are not overridden by your rights.
• Legal obligation: Processing required to comply with applicable law, including TCPA and CAN-SPAM obligations.
• Consent: Processing based on your explicit consent, including marketing communications, SMS messaging, and non-essential cookies. You may withdraw consent at any time.

Section 4 — How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information with third parties for their own direct marketing purposes without your consent. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party vendors and service providers who assist us in operating the Platform, subject to confidentiality obligations and data processing agreements. These include:

• Payment processors for subscription billing;
• Cloud hosting and infrastructure providers;
• Email delivery services for transactional and marketing communications;
• SMS gateway and messaging providers for text message delivery;
• Push notification delivery platforms;
• Analytics providers for aggregated usage data;
• Customer support platforms;
• Content delivery networks (CDNs).

These service providers are permitted to use your information only as necessary to perform services on our behalf and are contractually prohibited from using it for their own independent purposes.

4.2 Legal & Regulatory Requirements

We may disclose your information if required to comply with a subpoena, court order, or other governmental request; to enforce our Terms of Service; to investigate potential violations; or to protect the rights, property, or safety of Dinger Derby, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

4.4 Aggregated & De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, or business purposes.

Section 5 — Cookies & Tracking Technologies

5.1 What We Use

We and our service providers use cookies, web beacons, pixel tags, local storage, and similar tracking technologies (collectively, "Cookies") to operate and improve the Platform. This includes tracking pixels embedded in marketing emails to measure open rates and engagement, and push notification tokens stored on your device.

5.2 Types of Cookies We Use

• Strictly Necessary Cookies: Required for the Platform to function, including login sessions, account security, and subscription access.
• Performance & Analytics Cookies: Help us understand how users interact with the Platform by collecting aggregated information (e.g., Google Analytics).
• Functional Cookies: Allow the Platform to remember your preferences such as favorite teams, display settings, or timezone.
• Marketing & Targeting Cookies: Used to deliver relevant content and, where applicable, advertising. We do not currently serve behavioral advertising but may do so in the future with appropriate notice and consent mechanisms.
• Email Tracking Pixels: Small image files embedded in marketing emails that allow us to measure whether emails were opened and whether links were clicked. You may disable this by setting your email client to block remote images.

5.3 Your Cookie Choices

You can control and manage cookies through your browser settings. Where required by applicable law, we will obtain your consent before placing non-essential cookies on your device through a cookie consent banner or preference center.

Section 6 — Communications & Messaging Policy

Dinger Derby communicates with users through three channels: email, SMS text messaging, and mobile push notifications. Each channel operates under distinct legal requirements, described below. By providing your contact information and consenting to communications, you agree to the terms of this Section.

6.1 Email Communications

Types of Email We Send

• Transactional emails: Account creation confirmations, password reset links, payment receipts, subscription renewal notices, and service or security alerts. These are sent as part of the performance of our contract with you and are not subject to marketing opt-out requirements, though you may contact us to discuss your preferences.
• Marketing emails: Promotional content, new feature announcements, seasonal offers, and baseball analytics updates. These are sent only where permitted by applicable law and with appropriate consent.

CAN-SPAM Act Compliance

All commercial email communications from Dinger Derby comply with the federal CAN-SPAM Act (15 U.S.C. § 7701 et seq.). Specifically:

• Every marketing email will clearly identify Dinger Derby as the sender;
• Subject lines will accurately reflect the content of the email and will not be deceptive;
• Every marketing email will include our physical mailing address;
• Every marketing email will include a clear, conspicuous, and functional opt-out/unsubscribe mechanism;
• We will honor all opt-out requests within 10 business days of receipt;
• We will not send commercial email to users who have opted out.

How to Opt Out of Marketing Email

You may opt out of marketing emails at any time by: (a) clicking the "Unsubscribe" link included in every marketing email; or (b) contacting us at hello@dingerderby.io with the subject line "Email Opt-Out." Opting out of marketing emails does not affect delivery of transactional emails related to your account or subscription.

6.2 SMS / Text Message Communications

TCPA Compliance & Consent Requirement

Dinger Derby sends SMS text messages in compliance with the federal Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, and all applicable state laws. BEFORE sending you any SMS message, we obtain your express written consent as required by law. We do not send SMS messages to users who have not affirmatively opted in.

Your consent to receive SMS messages from Dinger Derby is governed by our SMS Terms & Conditions, which are presented separately at the point of SMS opt-in and are available at dingerderby.io/sms-terms. The SMS Terms & Conditions are incorporated into this Privacy Policy by reference.

Types of SMS Messages We Send

• Transactional SMS: Time-sensitive account alerts, payment failure notices, subscription renewal reminders, and security verification codes (e.g., two-factor authentication). These are sent to fulfill our contract with you and require a separate transactional consent.
• Marketing SMS: Promotional offers, new feature announcements, baseball content highlights, and special events. These require express written consent under TCPA and are subject to the opt-out rights below.

Standard SMS Disclosures

• Message frequency varies based on your preferences and activity on the Platform;
• Message and data rates may apply depending on your mobile carrier plan;
• Dinger Derby is not responsible for any charges assessed by your mobile carrier;
• SMS messaging is available to users with compatible mobile devices and active U.S. mobile numbers on participating carriers.

How to Opt Out of SMS

You may opt out of SMS communications at any time by:

• Replying STOP to any SMS message you receive from us — your opt-out will be processed within the timeframe required by law and you will receive a single confirmation message;
• Contacting us at hello@dingerderby.io with your mobile number and a request to opt out;
• Updating your notification preferences in your account settings.

Once you opt out, we will not send you further SMS messages except as required by law or as necessary to confirm your opt-out. To re-subscribe after opting out, you must provide fresh express written consent.

SMS Help

Reply HELP to any SMS message from Dinger Derby to receive assistance information, including our support contact details. You may also contact us at hello@dingerderby.io.

The Campaign Registry (TCR) & Carrier Compliance

Dinger Derby registers its SMS messaging programs with The Campaign Registry (TCR) as required by U.S. mobile carriers. This registration identifies Dinger Derby as the sender of SMS messages and helps ensure our messages are delivered reliably and in compliance with carrier standards. We represent that our SMS programs comply with all applicable carrier guidelines, including CTIA Messaging Principles and Best Practices.

6.3 Mobile Push Notifications

How Push Notifications Work

If you install and use the Dinger Derby mobile application, we may send you push notifications to your device. Push notifications are messages delivered directly to your device's lock screen or notification center, even when the app is not actively open. Push notifications are delivered through your mobile device's operating system notification service (Apple Push Notification Service for iOS; Firebase Cloud Messaging for Android).

Consent & Permission

When you first install the Dinger Derby mobile application, your device's operating system will prompt you to allow or deny push notifications from Dinger Derby. We will only send push notifications to your device if you grant permission at that prompt. Granting permission constitutes your consent to receive push notifications as described in this Policy.

In some jurisdictions and on some operating system versions, we may present an in-app pre-permission prompt before the operating system prompt to explain the types of notifications we send and give you the opportunity to make an informed choice.

Types of Push Notifications We Send

• Transactional push notifications: Account alerts, payment confirmations, subscription renewal reminders, and security alerts. Sent to fulfill our contract with you where you have enabled push notifications.
• Content & personalization push notifications: Baseball score updates, analytics insights, favorite team notifications, and personalized content recommendations based on your in-app activity.
• Marketing push notifications: Promotional offers, new feature announcements, and seasonal campaigns. Sent only where you have enabled push notifications and, where required by law, provided additional consent.

How to Opt Out of Push Notifications

You may disable push notifications at any time through:

• Your device's operating system settings (iOS: Settings > Notifications > Dinger Derby; Android: Settings > Apps > Dinger Derby > Notifications);
• The notification preferences section within the Dinger Derby app settings;
• Contacting us at hello@dingerderby.io.

Disabling push notifications does not affect your ability to use the Platform. You will continue to receive transactional communications via email unless you separately opt out of those as well.

Push Notification Data

To deliver push notifications, we store a device push token associated with your account. This token is provided by your device's operating system and allows us to route notifications to your specific device. Push tokens are refreshed periodically by the operating system and are deleted from our systems when you uninstall the app or opt out of push notifications. We do not use push notification tokens for any purpose other than delivering notifications to you.

Section 7 — Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

• Account data: Retained for the duration of your account and for up to 3 years after account closure.
• Subscription & billing records: Retained for a minimum of 7 years to comply with applicable tax and financial recordkeeping laws.
• SMS consent records: Retained for a minimum of 4 years from the date of consent, and for a minimum of 4 years following any opt-out, to demonstrate TCPA compliance. These records are never deleted while any potential TCPA claim remains within the statute of limitations.
• SMS message logs: Retained for up to 4 years for TCPA compliance and dispute resolution purposes.
• Email consent & opt-out records: Retained for a minimum of 3 years from consent or opt-out to demonstrate CAN-SPAM compliance.
• Push notification tokens: Retained until you uninstall the app, opt out of push notifications, or your device generates a new token.
• Support communications: Retained for up to 3 years after resolution.
• Usage & analytics data: Aggregated/anonymized data may be retained indefinitely; identifiable usage logs are retained for up to 24 months.

Section 8 — Data Security

We implement and maintain commercially reasonable technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These include:

• Encryption of data in transit using industry-standard TLS/SSL protocols;
• Encryption of sensitive data at rest;
• Access controls limiting employee and contractor access to personal information on a need-to-know basis;
• Secure storage of SMS consent records and opt-out logs;
• Regular security assessments and vulnerability testing;
• Secure password hashing using industry-standard algorithms;
• Multi-factor authentication options for user accounts.

No method of data transmission or storage is 100% secure. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by law, including the Georgia Data Breach Notification Act (O.C.G.A. § 10-1-910).

Section 9 — Your Privacy Rights & Choices

Depending on your location, you may have certain rights with respect to your personal information. We honor these rights to the extent required by applicable law.

9.1 Rights Available to All Users

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request deletion of your personal information, subject to legal retention requirements (including TCPA consent records).
• Opt-Out of Marketing Email: Click the unsubscribe link in any marketing email or contact hello@dingerderby.io.
• Opt-Out of SMS: Reply STOP to any SMS from us or contact hello@dingerderby.io.
• Opt-Out of Push Notifications: Adjust settings in your device OS or app notification preferences.
• Data Portability: You may request that we provide your personal information in a structured, machine-readable format.

9.2 California Residents — CCPA Rights

California residents have the right to know, delete, correct, opt-out of sale or sharing, limit use of sensitive personal information, and be free from discrimination for exercising these rights. We do not sell or share personal information as defined under CCPA. To exercise your California rights, contact us as described in Section 12.

9.3 European / UK Users — GDPR Rights

EU and UK users have rights of access, rectification, erasure, restriction, portability, and objection under GDPR/UK GDPR, including the right to object to marketing communications and to lodge a complaint with your local supervisory authority. To exercise your GDPR rights, contact us as described in Section 12.

9.4 Georgia Residents

We extend the rights described in Section 9.1 to all users regardless of location. Georgia residents are also protected by the Georgia Data Breach Notification Act and applicable federal laws including TCPA and CAN-SPAM.

Section 10 — Children's Privacy

The Platform is intended solely for users who are 21 years of age or older. We do not knowingly collect personal information, including mobile phone numbers for SMS purposes, from individuals under the age of 13. If we learn that we have inadvertently collected information from a child under 13, we will take prompt steps to delete it.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at hello@dingerderby.io.

Section 11 — Third-Party Services, Links & Integrations

11.1 External Links

The Platform may contain links to third-party websites. This Privacy Policy does not apply to such sites. We encourage you to review their privacy policies. Dinger Derby is not responsible for the privacy practices or content of any third-party websites.

11.2 Third-Party Analytics

We use third-party analytics tools, including Google Analytics, to understand Platform usage. These services may collect information through Cookies. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout.

11.3 Payment Processing

Payment card transactions are processed by our third-party payment processor in accordance with PCI-DSS standards. Dinger Derby does not receive or store your full payment card number.

11.4 SMS & Push Notification Providers

We use third-party SMS gateway providers and push notification delivery platforms to transmit messages to your device. These providers receive your mobile phone number or device push token solely for the purpose of message delivery and are contractually prohibited from using this information for any other purpose.

Section 12 — How to Contact Us & Submit Privacy Requests

For questions, concerns, or to exercise your privacy rights, please contact us:

• Privacy Contact: hello@dingerderby.io
• SMS Opt-Out: Reply STOP to any SMS from Dinger Derby, or email hello@dingerderby.io
• Email Opt-Out: Click Unsubscribe in any marketing email, or email hello@dingerderby.io
• Push Opt-Out: Device OS settings or in-app notification preferences
• Support Email: hello@dingerderby.io
• Website: dingerderby.io/privacy

When submitting a rights request, please include your name, the email or phone number associated with your account, and a description of the right you wish to exercise. We may need to verify your identity before fulfilling certain requests. We respond within the timeframe required by applicable law (generally 30–45 days).

Section 13 — Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will post the updated Policy with a revised Effective Date, send an email notification to your registered address, and/or display a prominent notice on the Platform. Your continued use of the Platform after any changes constitutes your acceptance of the revised Policy.

Quick Reference: Data We Collect & Why

Plain-language summary for users. Does not supersede the full policy language above.