Privacy Policy

Fantasy Meltdown (“Fantasy Meltdown,” “we,” “us”) is a fantasy football assistant that connects to your Sleeper account to surface rankings, matchups, free agents, and news in one place. The service is currently in private beta. This policy explains what information we collect, why we collect it, and how you can control it.

Information we collect

We collect only what we need to run the service.

From Google (when you sign in)

When you sign in with Google, Google shares a basic profile with us: your email address, name, Google account identifier, and profile picture URL. We use this to create and identify your account. We do not request access to your Gmail, Drive, Calendar, Contacts, or any other Google service.

Fantasy Meltdown’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

From Sleeper (when you connect a league)

When you provide your Sleeper username, we read publicly available data from the Sleeper API: your Sleeper user ID, leagues you belong to, league settings (name, scoring format, roster positions), team names and avatars in those leagues, rosters, matchups, and transactions. Sleeper does not require you to authenticate with us; this data is read using public endpoints.

From ESPN (when you connect a league via our browser extension)

ESPN does not expose a public API for fantasy football. To read your ESPN league, we rely on the Fantasy Meltdown browser extension, which reads two cookies that ESPN already set in your browser when you signed into fantasy.espn.com: SWID and espn_s2. These are session credentials, not your ESPN password. The extension also captures the league IDs of teams you visit on ESPN's fantasy hub so we can list them for you to select.

The extension transmits these values over HTTPS to your authenticated Fantasy Meltdown account at fantasymeltdown.io. We store the cookies encrypted at rest using Fernet symmetric encryption and use them only to fetch your league's roster, matchups, and settings from ESPN's servers when you trigger a sync. We do not transmit your ESPN cookies or league IDs to any third party. You can disconnect ESPN at any time from your account page, which deletes the encrypted cookie record. The extension itself stores nothing about you locally beyond the in-memory data described above; uninstalling it removes that immediately.

From you directly

Account preferences (such as a selected default league) and any messages you send us at the contact address below.

Automatically

Standard server logs (IP address, user agent, timestamps, and request paths) to operate the service, debug issues, and protect against abuse. Logs are retained for a limited period and deleted on a rolling basis.

How we use your information

We use the information described above only to operate the Service. Specifically:

• To authenticate you and keep your session active.
• To pull and display your league, roster, and matchup data.
• To match Sleeper players against external data sources (rankings, projections, news) so we can show you relevant context.
• To debug errors, monitor reliability, and improve the Service.
• To respond to you when you contact us (for support, privacy requests, or feedback).

What we will never do with your Google user data

We adhere to the Google API Services User Data Policy, including its Limited Use requirements. The bullets in this subsection apply specifically to data we receive from Google APIs (your email, name, Google account identifier, and profile picture URL).

• No advertising or marketing. We do not use Google user data to serve advertisements, build advertising profiles, or for any marketing purpose, including remarketing, personalized ads, or interest-based ads.
• No selling, no marketing-purpose sharing. We do not sell, rent, trade, or otherwise transfer Google user data to data brokers, advertisers, or any third party for advertising, marketing, or commercial purposes.
• No human-in-the-loop reading. We do not allow humans to read Google user data, except in the following narrow cases: (1) with your explicit affirmative consent for a specific item (for example, to resolve a support issue you have asked us to investigate); (2) where strictly necessary for security purposes such as investigating abuse, fraud, or a security incident; (3) to comply with applicable law or valid legal process; or (4) where the data has been aggregated and anonymized for internal operations and cannot be linked back to you.
• No AI or ML training. We do not use Google user data to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models, and we do not transfer Google user data to any third party for that purpose.
• Strict adherence to Limited Use. All access, use, storage, and transfer of Google user data by Fantasy Meltdown will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Third parties we rely on

The service depends on a small number of providers:

• Google — for sign-in (OAuth).
• Sleeper — as the source of your league and roster data. We are not affiliated with Sleeper.
• FantasyPros — as the source of player rankings.
• News publishers (such as RotoWire, ESPN, NFL.com) — as sources of player news ingested via public RSS feeds.
• Fly.io — application hosting and scheduled (cron) jobs.
• Neon — managed Postgres database where your account and league/roster data is stored.
• Upstash (via Fly Redis) — managed Redis cache for short-lived operational data.

As we exit private beta we expect to add the following operational tools, each of which would process limited usage data on our behalf:

• Product analytics (e.g., PostHog) — to understand which features are used and how the app performs.
• Error monitoring (e.g., Sentry) — to capture exceptions and stack traces so we can fix bugs.
• Session replay — under evaluation; if enabled, replays will redact form inputs and personal data by default.

We will keep this section current as those tools are added. None of these vendors receive your Sleeper credentials or Google account scopes; they only see usage, performance, and error data from the running app.

Cookies and similar technologies

We use a small number of essential cookies to keep you signed in and to maintain your session. We do not use cookies for advertising. If we add product analytics that rely on cookies, this policy will be updated to describe them, and where required by law you will be asked to consent before they are set.

Data retention and deletion

We retain Google user data, your account information, and ingested league/roster data only for as long as your account is active and as needed to provide the Service. Standard server logs are retained for a limited period and deleted on a rolling basis. Aggregated, anonymized statistics (for example, “number of leagues connected”) that cannot be linked back to you may be retained.

You can delete your account and all associated personal data at any time from the Account page within the application. Deletion is immediate and removes your profile, your Sleeper-account link, and the synced league data tied to your account; leagues no other Fantasy Meltdown user is connected to are removed entirely. If you prefer, you can also email support@fantasymeltdown.io from the address tied to your account and we will confirm and complete deletion within 30 days, except where limited retention is required for security or legal reasons. You can also revoke our access to your Google account at any time from your Google Account permissions page.

Your rights

You have the right to:

• Sign in and review the data associated with your account.
• Request a copy of your data.
• Request correction of inaccurate data.
• Delete your account and all associated personal data at any time from the Account page within the application (see “Data retention and deletion” above for details).
• Disconnect a Sleeper league at any time from within the app.
• Revoke our Google OAuth access from your Google Account settings.
• Lodge a complaint with a data protection authority where applicable.

To exercise any of these rights, email support@fantasymeltdown.io. We will respond within 30 days.

Security

We use industry-standard practices to protect your data, including HTTPS in transit, access controls on our infrastructure, and minimum-necessary data collection. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

Children’s privacy

Fantasy Meltdown is a general audience service and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at support@fantasymeltdown.io and we will delete it.

International users

Fantasy Meltdown is operated from the United States and our infrastructure runs in the United States. If you access the service from outside the US, you understand that your information will be processed in the US.

Changes to this policy

We may update this policy as the service evolves (for example, when we add product analytics or error monitoring). When we do, we will update the effective date above. Material changes will be communicated through the application or by email.