Privacy

Effective: 2026-05-06

Plain summary

1. We collect your email and (if you give it) your favorite NFL team and a free-text product suggestion. We log standard server data and a small set of analytics events to understand which pages convert.
2. We share data only with vendors that help us run the site: Resend (email), PostHog (analytics), Vercel (hosting), and (if/when added) Sentry (error monitoring). We do not sell your data and we do not run advertising.
3. You can ask us to delete your data at any time by emailing hello@gamedai.app, and you can decline analytics through the cookie banner.

What information we collect

We collect only what we need to run a waitlist for a pre-launch product. There is no account, no password, and no payment system on this site today.

You give us, directly:

1. Your email address when you join the waitlist OR when you save your setup at /play/about-you (the listener identify step inside the /play onboarding flow).
2. Your favorite NFL team, if you choose to select one. This field is optional in both the waitlist form and the /play/about-you form.
3. A free-text product suggestion or pilot idea, if you fill in the suggestion form. This field is optional.
4. Your chosen Coach (Bill or Dee) and your selected Listener tier (Casual, Studio, or Coach) from the /play onboarding flow. These choices are stored in your browser's localStorage so the broadcast can be tailored to you on return visits. We do not transmit your localStorage choices to our servers.

We collect, automatically, when you visit the site:

1. Standard server log data: your IP address, user agent (browser and operating system), the page you requested, the time of the request, and the referring URL. This is generated by the hosting layer and is normal for any website on the public internet.
2. Page-view and form-submit events: a record that a page was viewed or that a form was submitted, along with the path and a timestamp. We use this to measure how the waitlist funnel performs.
3. A hashed version of your email, used as a stable identifier inside our analytics tool so we can correlate the same person across page-view, form-submit, and email-engagement events without storing the raw email inside analytics.
4. UTM attribution: if you arrive at the site through a link with utm_source, utm_medium, utm_campaign, utm_content, or utm_term in the URL, we save those values for the duration of your browsing tab so we can attribute the eventual signup to the original campaign. This is stored in your browser's sessionStorage, not in a cookie, and it is cleared when you close the tab.

We do not collect:

1. Government identifiers, payment information, precise location, contacts, or device sensor data.
2. Health, biometric, financial, or political data.
3. Any data from third-party advertising networks. There are no advertising trackers on this site.

How we use it

We use the information above for a small number of clearly defined purposes:

1. To send you a confirmation email after you join the waitlist, so you know your signup was received.
2. To send infrequent product updates: launch announcements, beta invitations, and major changes to the waitlist program. You can opt out at any time by replying to any email with the word "remove" or by emailing hello@gamedai.app.
3. To produce anonymous funnel analytics: how many people land on a page, how many start the form, how many complete it, and which campaigns drive signups. We use these counts to decide what to build and where to invest, not to profile individuals.
4. To reply to product suggestions, if you sent one, when we have something useful to share back.
5. To detect and respond to abuse, fraud, or security incidents. Server logs may be reviewed if we suspect scraping, credential-stuffing, or denial-of-service activity.

We do not use your data to train third-party machine-learning models, and we do not sell or rent it to anyone.

Who we share it with

We use a small list of sub-processors, each of which receives only the minimum data required for the job they do for us. The current list, as of the effective date above, is:

1. Resend, for transactional and waitlist email. Resend operates email infrastructure in both EU and US regions and is bound by its standard data processing terms. Data shared: your email address, the email content we send, and engagement signals (open and click events) that come back through the Resend webhook at /api/resend-webhook on this site.
2. PostHog, for product analytics. We use PostHog US Cloud, project 412501. Data shared: page-view events, form-submit events, the hashed-email identifier described above, the UTM attribution values, and standard browser metadata that PostHog captures by default. Raw email is not sent to PostHog.
3. Vercel, for hosting and serverless route handlers. Vercel runs the static pages and API routes for this site at US and EU edge locations. Data shared: anything that flows through the website by definition (HTTP requests and responses), plus standard hosting telemetry.
4. Sentry, for error monitoring. This is pending and may be added later. If and when it is enabled, this section will be updated to describe what is sent. Sentry would receive runtime error stack traces and limited request metadata, not form contents.

We may also share information when we are legally required to do so (for example, in response to a valid subpoena or court order), or when we believe in good faith that disclosure is necessary to protect our rights or the safety of users.

We do not share your data with advertising networks, data brokers, or any party not listed above.

Cookies and similar technologies

This site uses very little client-side storage. The full picture is:

1. No advertising or cross-site tracking cookies are used at all.
2. PostHog deploys a single first-party analytics cookie, which begins with the prefix "ph_". This cookie identifies a returning visitor for analytics purposes. If you decline analytics through the cookie banner shown on first visit, this cookie is not set, and no analytics events are sent.
3. The site uses sessionStorage (a per-tab browser storage that disappears when you close the tab) to remember your UTM attribution values. This is functional, not tracking — it lets us attribute your signup to the campaign that brought you here, and it does not survive past the current browsing session.
4. Standard cookies set by the hosting layer for security and load balancing may be present. These are short-lived, first-party, and used only to make the site work.

You can clear cookies at any time through your browser. Declining the analytics cookie does not affect your ability to use the site or join the waitlist.

Data retention

Our retention practice is shaped by the fact that this is a pre-launch product and the dataset is small.

1. Waitlist email addresses are retained until either you ask us to delete them or the operator deletes the waitlist (for example, after launch and migration to a full account system). At that point we will publish a clear notice and a self-serve deletion path.
2. Product suggestions submitted through the suggestion form are retained for product planning. We may keep them after deleting your email so we can review the idea later, but we will detach them from your identity on request.
3. Resend retains email content and engagement events according to its own retention policy. Open and click events captured through our webhook are stored alongside the matching email record.
4. Analytics events in PostHog are retained according to the PostHog organization default for our plan. We do not extend retention beyond that default.
5. Server logs from the hosting layer are retained for a short window (typically days to weeks) for operational and security reasons.

If you would like a current snapshot of retention windows for any specific system, write to hello@gamedai.app.

Your choices and rights

You have the following choices regardless of where you live:

1. Deletion: email hello@gamedai.app and we will remove your waitlist record. Please write from the email address you signed up with, or include enough information for us to identify the record.
2. Email opt-out: reply to any email we send with the word "remove" in the body, and we will stop sending you product updates. Confirmation emails for actions you took yourself (for example, the email that confirms your signup) may still be sent because they are part of the transaction.
3. Analytics opt-out: decline analytics through the cookie banner shown on first visit. You can also clear cookies later and re-decline on next visit.
4. Access: ask us what we have on file for you, and we will provide it within a reasonable time.

CCPA and California rights

If you are a California resident, the California Consumer Privacy Act gives you specific rights. Our practice maps to those rights as follows:

1. Right to know: you can ask what categories of personal information we have collected about you, the sources, the purposes, and who we shared it with. We answer access requests at hello@gamedai.app.
2. Right to delete: you can ask us to delete your personal information, subject to the limited exceptions allowed by law (for example, completing a transaction you started).
3. Right to correct: you can ask us to correct inaccurate personal information.
4. Right to opt out of sale or sharing: we do not sell or share your personal information for cross-context behavioral advertising. There is no opt-out switch because there is nothing to opt out of.
5. Right against discrimination: we will not deny service, charge a different price, or provide a different level of quality if you exercise any of these rights.

To exercise any of these rights, email hello@gamedai.app from the address tied to the data, or include enough information for us to verify your identity. We will respond within the timelines set by California law.

GDPR and EU/UK rights

If you are in the European Union, the European Economic Area, or the United Kingdom, the General Data Protection Regulation and the UK GDPR apply.

Our lawful bases for processing are:

1. Consent, for analytics. The cookie banner records your consent decision. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
2. Legitimate interest, for transactional email (the confirmation email after you sign up) and for basic security logging. The interest is operating the waitlist you asked to join and protecting the site against abuse.
3. Performance of a request you made, for sending the specific confirmation email tied to your signup.

You have the right to access your data, to rectify it, to have it erased, to receive a copy in a portable format, to restrict our processing of it, and to object to processing based on legitimate interest. You also have the right to lodge a complaint with your national data protection authority.

To exercise these rights, email hello@gamedai.app. If you are in the EU, the operator currently has no EU representative because the entity is pre-incorporation. This will be revisited at incorporation, and updates will be published here.

Children

This site is intended for users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has submitted information to the site, please email hello@gamedai.app and we will delete it.

The mobile product, when it ships, will set its own age policies, which may be more restrictive (for example, 16+ in some regions or 17+ on certain app stores). Those policies will be published with the app and are not covered by this notice.

Security

We use industry-standard transport-layer security (TLS) for all traffic to and from the site, and we restrict access to operational systems to the operator. Our sub-processors maintain their own security programs, which we rely on for the systems they run.

We have not had any known security incident affecting waitlist data as of the effective date of this notice. If we ever experience an incident that affects your personal information, we will notify you and the relevant authorities to the extent and within the timelines required by the laws that apply to you (for example, GDPR Article 33 and 34, or US state breach notification statutes).

No system is perfectly secure. If you believe you have found a vulnerability in this site, please email hello@gamedai.app with the details and we will respond.

Changes to this policy

This is a pre-launch product, and the company behind it has not yet been incorporated. The policy will change as the product takes shape. We will:

1. Update the "Effective" date at the top of this page whenever we change anything material.
2. Notify waitlist subscribers by email if a change materially expands what we collect, who we share it with, or how it is used.
3. Keep older versions on request, at hello@gamedai.app, so you can see what has changed.

Continuing to use the site after a change has been published constitutes acceptance of the updated policy.

Contact

For any privacy question, request, or concern, write to hello@gamedai.app.

Operator: gamedai (operator: Adnan Khan). The product is operated by an individual, pre-incorporation. The legal entity behind gamedai has not yet been formed; once it has, this section will be updated with the entity name, the registered address, and (for EU users) the designated representative if one is required.