Privacy Policy — Keep Trade Cut

Last Updated: March 26, 2026

Bo the Chow Studios LLC ("we," "us," or "our") operates the Keep Trade Cut mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information


  • Email address (if you sign up with email)

  • Apple ID identifier (if you sign in with Apple)

  • Google account identifier (if you sign in with Google)

  • Display name (optional)

    • Usage Data


  • Voting activity — your Keep/Trade/Cut votes (used to compute community rankings)

  • Subscription status — whether you have a free or premium account

    • Automatically Collected


  • Device information — device type, OS version, app version (collected by Firebase Analytics)

  • App interaction events — screen views, feature usage (anonymized analytics)

  • Crash data — crash logs and performance diagnostics (Firebase Crashlytics)

  • Advertising data — Google AdMob may collect your IP address, approximate location (inferred from IP), device advertising identifier (IDFA, only with your consent via App Tracking Transparency), ad interaction data, and crash/diagnostic information. See Google's Privacy Policy for details.

    • What We Do NOT Collect


  • Precise location data

  • Contacts or address book

  • Health or fitness data

  • Photos, camera, or microphone access

  • Financial or payment information (Apple handles all payments via StoreKit)

    • 2. How We Use Your Information

  • Provide the service — authenticate you, save your votes, show leaderboards

  • Improve the app — analytics help us understand which features are used

  • Display ads — Google AdMob shows ads to free-tier users based on general interests (not personalized tracking without ATT consent)

  • Prevent abuse — rate limiting and login security

  • Communicate — service-related emails only (no marketing without consent)

    • Legal Basis for Processing (GDPR)


  • Contract performance — processing your account data to provide the service you signed up for

  • Legitimate interest — analytics to improve the app, security measures to prevent abuse

  • Consent — personalized advertising (only with your explicit ATT consent)

    • 3. Third-Party Services

    | Service | Purpose | Data Shared |
    |---------|---------|-------------|
    | Firebase Analytics | Anonymous usage analytics | Device type, OS, anonymized events |
    | Firebase Crashlytics | Crash reporting | Crash logs, device info (not linked to identity) |
    | Google AdMob | Ads for free-tier users | IP address, approximate location, device ID (with consent), ad interactions |
    | Apple StoreKit | Subscription management | Transaction IDs (no payment details) |
    | Apple Sign In | Authentication | Apple ID identifier, email (if shared) |
    | Google Sign In | Authentication | Google account identifier, email |
    | ESPN Public APIs | Player data (stats, headshots) | No user data shared with ESPN |

    We do not sell or share your personal information for cross-context behavioral advertising purposes. Google AdMob may use data per Google's own privacy policy to serve ads but we do not provide your personal information to advertisers.

    4. Data Retention

  • Active accounts — data retained while your account is active

  • Deleted accounts — soft-deleted with a 30-day grace period, then permanently removed including email, display name, and authentication identifiers

  • Voting data — anonymized and retained for community rankings even after account deletion (votes cannot be traced back to deleted accounts)

  • Analytics data — retained per Firebase's default retention periods (typically 14 months)

  • Security logs — login attempts and rate limit data retained for 30 minutes in Redis (auto-expires)

    • 5. Data Security

    We use industry-standard security measures including:

  • Encrypted password storage (bcrypt with salt)

  • JWT tokens with short expiration (10 minutes) and automatic rotation

  • HTTPS/TLS encryption for all API communications

  • Redis-backed token blacklisting on logout

  • Refresh token replay detection (all sessions revoked on suspicious activity)

  • Rate limiting on all API endpoints

    • 6. Your Rights

    You can:

  • Access your data — view your account information in the Settings tab

  • Delete your account — Settings > Delete Account (30-day grace period, then permanent deletion)

  • Opt out of analytics — disable analytics in your device settings

  • Opt out of personalized ads — go to Settings > Privacy & Security > Tracking on your iOS device, or reset your Advertising Identifier

  • Request data portability — contact us to receive your data in a standard format

    • California Residents (CCPA/CPRA)


    You have the right to know what personal information we collect, request deletion, and opt out of data sales. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. To exercise your rights, contact us at the email below.

    European Residents (GDPR)


    You have the right to access, correct, delete, restrict processing, object to processing, and port your data. You also have the right to withdraw consent at any time (for analytics/advertising). Our legal bases for processing are described in Section 2. Contact us to exercise these rights. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

    Data Transfers


    Your data is stored on servers located in the United States (DigitalOcean). If you are located outside the United States, your data will be transferred to and processed in the United States.

    7. Children's Privacy

    The App is not directed at children under 13. We do not knowingly collect information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete their account and data promptly. If you believe a child under 13 is using the App, please contact us immediately.

    8. Changes to This Policy

    We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this policy and notify users via an in-app notice. Your continued use of the App after changes constitutes acceptance of the updated policy.

    9. Data Breach Notification

    In the event of a data breach that affects your personal information, we will notify affected users within 72 hours via email (if available) and via in-app notification. We will also notify relevant authorities as required by applicable law.

    10. Contact Us

    Bo the Chow Studios LLC
    Email: help@bothechowstudios.com
    Website: https://bothechowstudios.com

    For privacy-specific inquiries, email us with the subject line "Privacy Request."