Privacy Policy
Effective: July 14, 2025
1. Who We Are
Cashman Picks LLC (“HoofSignal,” “we,” “us,” or “our”) operates the website hoofsignal.com and any related apps, APIs, e-mail services, Discord bots, or Slack integrations (collectively, the “Service”).
2. What We Collect & Why
| Category | Examples | Purpose | Legal Basis (GDPR) |
|---|---|---|---|
| Account Data | Name, e-mail, username, password hash | Create and secure your account; authenticate log-ins | Art. 6 (1)(b) – contract |
| Payment Data | Card last 4 digits, billing address, subscription plan; raw card data handled only by Stripe | Process payments, prevent fraud, handle refunds | Art. 6 (1)(b) & (f) |
| Usage Data | IP, device/OS, pages visited, referrals, clickstream, in-app actions | Diagnose bugs, improve features, analyze popularity | Art. 6 (1)(f) – legitimate interest |
| Marketing Data | E-mail opens/clicks, ad campaign IDs, opt-in status | Send newsletters or promotions you’ve asked for | Art. 6 (1)(a) – consent |
| Sensitive Data | None intentionally collected. Don’t give us your SSN, health info, or anything that could identify a minor gambler. | n/a | n/a |
3. Cookies & Tracking
We use:
- Essential cookies (session & auth) — cannot be disabled.
- Analytics — Google Analytics 4 with IP anonymization.
- Marketing pixels — Meta Pixel and X (formerly Twitter) conversion tags, enabled only after explicit opt-in.
You can clear or block cookies in your browser. The site still works, but certain features (login, cart) will break if essential cookies are blocked.
4. How We Share Data
| Recipient | What & Why | Safeguards |
|---|---|---|
| Stripe | Payment tokenization & billing events | PCI-DSS compliance, EU-US Data Privacy Framework |
| Mailgun / Postmark | Transactional e-mails | SCCs + DPF |
| Google LLC | Analytics | IP truncation, no cross-site ad personalization |
| Affiliates & Successor Entities | If we merge, sell assets, or go bankrupt, data transfers with the business | Contractual duty to honor this Policy |
| Law Enforcement | When legally compelled or needed to protect life or property | We’ll fight overbroad requests |
We never sell personal data for money.
5. International Transfers
Servers are in the United States (Ohio region). For EU/UK visitors we rely on DPF or Standard Contractual Clauses.
6. Your Rights
| Jurisdiction | Rights |
|---|---|
| EU/UK GDPR | Access, rectify, erase, restrict, portability, object, automated-decision review |
| California CPRA | Know, delete, correct, opt-out of “selling”/“sharing,” limit sensitive data |
| Other U.S. States | Similar rights (VA, CO, CT, UT) – see State‐Specific Addendum |
Submit requests at privacy@hoofsignal.com. We verify identity via e-mail + account token.
7. Data Retention
Account data persists until you delete your account or 5 years after last paid subscription, whichever comes first. Billing records retained 7 years for IRS compliance.
8. Security
All traffic forced to TLS 1.3. Secrets stored in AWS Secrets Manager. We follow OWASP Top 10 best practices. No security is infallible—if we suffer a breach we’ll notify you and regulators within 72 hours.
9. Children
The Service is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe a child has provided data, email us for removal.
10. Changes
Material changes → 14-day e-mail notice and banner. Non-material tweaks → update date stamp only.
11. Contact
Cashman Picks LLC
PO Box [###]
Tulsa, OK 741XX
benny@hoofsignal.com