Privacy Policy

1. Introduction

The Neural Network ("we," "our," "us") is an independent sports analytics platform covering MLB, NBA, NFL, soccer, and golf. This Privacy Policy explains what information we collect, how it's stored, who we share it with, and the choices you have.

By using the Service you agree to the practices described below.

2. Information We Collect

2.1 Information you provide

• Account: email address, username, and password (you choose all three at signup).
• Saved picks: if you click the bookmark icon on an AI pick or DraftKings prop, we store the player, game, market, and odds you saved.
• Redemption codes: any invite/promo codes you enter.
• Messages: anything you type into the community chat, including under an anonymous "Guest####" handle if you're not signed in.

2.2 Information collected automatically

• Anonymous session ID: a rotating browser cookie used to count distinct sessions for our analytics. We do not store your IP address, user agent string, or any browser/device fingerprint alongside it.
• Page views: which paths you visited (e.g. /mlb, /players/nba/...) and approximate timing.
• Search queries: the text you type into the player/team search bar.

2.3 What we do not collect

• No advertising trackers (no Google Analytics, no Facebook Pixel, no third-party ad cookies).
• No IP address logging tied to your account.
• No precise geolocation.
• No payment information — the Service is free; we do not process payments yet.
• No social-graph integration (we do not pull from Facebook, X/Twitter, etc.).

3. How We Store Your Information

• Email addresses: encrypted at rest using AES-256 (Fernet). The encryption key lives only in environment variables — never in source code or backups.
• Passwords: hashed with bcrypt (cost factor 12). We never see your plaintext password; you must reset it if forgotten.
• Authentication: JWT-based. The access token lives only in memory (cleared when you close the tab); a long-lived refresh token is kept in localStorage on your device. See our Cookie Policy for details.
• Brute-force protection: 5 failed login attempts locks the account for 15 minutes.
• Database: PostgreSQL hosted on Railway. All traffic to and from the database is encrypted in transit (TLS).
• HTTPS everywhere: the entire site is served over HTTPS with HSTS.

4. Service Providers We Share Data With

We share the minimum information necessary with the following subprocessors:

• Resend (email delivery): receives your email address + the contents of verification / password-reset / notification emails we send you.
• OpenAI (AI pick generation): receives player names, season stats, recent game logs, and matchup context to generate AI predictions. Does not receive your account email, username, or any personal information.
• odds-api.io (sportsbook lines): we read DraftKings odds from this service; no user data is sent.
• Railway (hosting and database): runs our application servers and Postgres database.
• MLB Stats API, NBA Stats API, NFL public data, and similar league sources: read-only sports data; no user data is sent.

We do not sell your personal information. We do not share data with advertisers or data brokers.

5. Your Rights and Choices

You can manage most of your data from the Account page:

• View your profile, badges, and saved picks.
• Change your password.
• Remove saved picks individually.
• Sign out from any device.

Self-service account deletion is not yet built. If you want your account fully deleted, email us at privacy@theneuralnetwork.org and we'll wipe your record within 30 days. The same email handles access requests, data export requests, and any other privacy-related question.

Depending on where you live (e.g. EU, California, UK) you may have additional rights under GDPR, CCPA, or similar — including access, correction, deletion, portability, and the right to object to processing. We will honor all such requests received at the email above.

6. Cookies and Local Storage

We use only first-party cookies and browser storage. See our Cookie Policy for the full list. In short:

• nn_refresh_token (localStorage): keeps you signed in across page reloads.
• nn_user_data (localStorage): cached profile so the Navbar renders correctly on reload.
• Anonymous analytics session ID: rotates per session, not tied to your account.

We do not use third-party advertising or tracking cookies.

7. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with their information, contact us and we will delete the data promptly. Some features of the Service display sportsbook odds; we recommend the Service for users 18 and over and require users to be of legal age in their jurisdiction to engage in any wagering activity outside of the Service.

8. International Data Transfers

Our infrastructure runs in the United States. If you access the Service from outside the U.S., your information is transferred to and processed there. By using the Service you consent to that transfer.

9. Data Retention

• Account data: kept while your account is active.
• Saved picks: kept indefinitely so historical accuracy can be tracked, even after the games complete and the picks expire from your visible cart.
• Anonymous analytics: aggregated indefinitely; individual session rows are not joined to identifiable users.
• Refresh tokens: 30 days from issue, then automatically expire.

10. Security Incidents

No system is 100% secure. If we discover a breach affecting your personal information, we'll notify affected users by email within a reasonable timeframe and as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy as the Service evolves. Material changes will be noted by updating the "Last updated" date at the top, and where appropriate by an in-app banner or email. Continued use of the Service after an update means you accept the revised policy.

12. Contact Us