Privacy Policy.
Last updated: April 20, 2026 · Tycoon Sports Consulting LLC
At a glance. We collect only what's needed to deliver picks and operate the Service. We never sell your personal information. Payment card data is tokenized by Stripe — we do not see or store card numbers. Questions? info@jeremiahthetycoon.com.
1. Who We Are
Tycoon Sports Consulting LLC ("we," "us," or "our") operates the Tycoon Picks website at jeremiahthetycoon.com. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit the Site or subscribe to our Service.
2. Information We Collect
Information you provide
- Account & contact information: name and email address.
- Payment information: billing details entered during Stripe Checkout. Card numbers are collected, tokenized, and processed by Stripe; we do not receive or store full card numbers.
- Identity verification data: where enabled, Stripe Identity may collect a government-issued ID and selfie to verify age (21+) and identity. This data is held by Stripe, not by us; we receive only a verification result.
- Customer-service communications: messages you send us via email or contact form.
Information collected automatically
- Device & usage data: IP address, browser type and version, operating system, referral URL, pages viewed, and timestamps (for security, fraud prevention, and service operation).
- Cookies & similar technologies: a small set of essential cookies/localStorage keys required for login, language preference, and cookie-consent state. See the Cookie Policy for details.
- Push-notification tokens: if you opt in to web-push, your browser generates an anonymous subscription endpoint that we store to deliver notifications.
3. How We Use Your Information
- to create and maintain your account and deliver the picks you subscribed to;
- to process payments and manage billing, renewals, and cancellations via Stripe;
- to verify that you are at least 21 and to prevent fraud;
- to send transactional and service communications (receipts, delivery, cancellation confirmations, policy updates);
- to respond to customer-service inquiries;
- to operate, secure, and improve the Site;
- to comply with legal obligations and to enforce our Terms.
We do not use your personal information to train AI models or to build advertising profiles, and we do not sell or rent your personal information to any third party.
4. Third-Party Service Providers (Sub-Processors)
We rely on a small number of vetted vendors to operate the Service. Each receives only the data needed to perform its function and is contractually bound to protect it.
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing, identity verification, customer portal | Name, email, card data (tokenized by Stripe), IP, billing address, and — where enabled — ID verification data |
| Resend | Transactional and marketing email delivery | Email address, content of messages we send you |
| Railway | Application hosting / infrastructure | All operational data in transit and at rest |
| Cloudflare | DNS, CDN, DDoS protection | Request metadata (IP, user-agent, URL) |
5. Data Retention
We retain personal information only as long as necessary for the purposes described above or as required by law.
| Category | Retention period |
|---|---|
| Active subscription & account data | Duration of your subscription plus 24 months after your last interaction |
| Payment & billing records | 7 years (tax, accounting, and regulatory requirements) |
| Server and security logs | 90 days |
| Marketing / subscriber list | Until you unsubscribe, then purged within 30 days |
| Customer-service correspondence | 24 months from last reply |
6. Your Rights
Depending on where you live, you may have the following rights regarding your personal information. We honor all valid requests regardless of jurisdiction, to the extent feasible.
6.1 All users
- Access: request a copy of the personal information we hold about you.
- Correction: request that we correct inaccurate or incomplete data.
- Deletion: request that we delete your personal information, subject to legal retention obligations.
- Opt-out of marketing: unsubscribe from any marketing email, or disable web-push notifications in your browser settings.
6.2 California residents (CCPA / CPRA)
You additionally have the right to (a) know the categories and specific pieces of personal information we collect; (b) request deletion of your personal information; (c) opt out of the "sale" or "sharing" of personal information (we do neither); and (d) not be discriminated against for exercising these rights. To exercise these rights, email info@jeremiahthetycoon.com with "CCPA Request" in the subject line.
6.3 EU / UK / EEA residents (GDPR & UK GDPR)
Where the GDPR or UK GDPR applies, you have rights of access, rectification, erasure, restriction, portability, and objection. Our lawful bases for processing are (i) performance of a contract (delivering the Service), (ii) legitimate interests (security, fraud prevention, service improvement), (iii) consent (marketing emails, web-push notifications), and (iv) legal obligation (tax, accounting). You also have the right to lodge a complaint with your national data-protection authority.
6.4 How to make a request
Email info@jeremiahthetycoon.com from the email address on your account. We will verify your identity and respond within thirty (30) days (extendable by a further 60 days where permitted by law for complex requests).
7. International Data Transfers
We operate in the United States and our service providers process personal information in the U.S. and, in the case of Stripe, Resend, Cloudflare, and Railway, in other countries. Where personal data is transferred from the EU/UK to countries that have not received an adequacy decision, we rely on Standard Contractual Clauses or equivalent safeguards entered into with each processor.
8. Do Not Track & Global Privacy Control
We do not operate behavioral-advertising cookies or cross-site tracking, so browser "Do Not Track" signals do not materially change our behavior. Where Global Privacy Control (GPC) signals are detected, we treat them as a valid opt-out of any "sale" or "sharing" for users in applicable jurisdictions.
9. Security
We use industry-standard administrative, technical, and physical safeguards — including TLS in transit, encrypted database storage, hashed session tokens, HMAC-signed unsubscribe tokens, rate limiting, and role-based access — to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
10. Children's Privacy
The Service is intended solely for users 21 years of age or older. We do not knowingly collect personal information from anyone under 21. If you believe we have collected information from a person under 21, contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date above reflects the latest revision. Material changes will be emailed to active subscribers.
12. Contact
For privacy questions or requests, contact info@jeremiahthetycoon.com.