Effective date: __ (pending review) · Last updated: May 2026
The Colosseum (“The Colosseum,” “we,” “us,” or “our”) operates the website at thecolosseumapp.com and related services that let users participate in sports pools, daily games, and related contests (the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to everyone who uses the Service.
We've tried to keep this in plain language. If anything is unclear, email us at hello@thecolosseumapp.com and we'll explain.
1 · Information we collect
Account information you give us
When you create an account, we collect your email address, your name (display name and/or full name), and your phone number. If you sign in with Google, we receive the same fields plus your Google profile picture URL from Google's OAuth service. We store a hashed version of your password — never the password itself.
Pool participation
When you enter a pool or contest, we record your entry name, the picks you make, payment status (e.g. whether you've paid your buy-in), and your results. Where applicable we keep a historical record of past entries across pools to display your profile history.
Daily game play
When you play the Daily Challenge or related games, we record your guesses, scores, streak data, and which puzzle you played on which date.
Usage data
We collect basic usage data through Vercel Analytics, which is designed to be privacy-friendly — it does not set cookies and does not track you across sites. We may log your IP address, browser type, and pages visited for security, debugging, and product improvement.
Communications preferences
We record your opt-in status for web push notifications, email, and (if and when offered) SMS, along with any preferences you set.
2 · How we use your information
We use the information we collect to:
- Operate the Service — authenticate you, save your picks, compute scores, render leaderboards, and run our scoring pipelines;
- Communicate with you about your account and pools you're in (e.g. entry confirmations, deadline reminders, winner notifications);
- Send marketing emails about new pools, daily games, and Colosseum updates — but only if you've opted in, and you can opt out at any time;
- Improve the product — diagnose bugs, understand which features get used, plan improvements;
- Detect and prevent fraud, abuse, and security incidents;
- Comply with applicable law.
3 · How we share your information
We share data with the following third-party service providers (“sub-processors”) strictly to operate the Service:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and storage. Stores account, profile, pool entry, and gameplay data. |
| Vercel | Web hosting and analytics. Privacy-friendly analytics (no cookies, no cross-site tracking). |
| OAuth sign-in if you choose to sign in with Google. Returns your email, name, and profile image URL. | |
| Resend | Transactional email delivery (account confirmation, pool notifications, recaps). |
| RapidAPI / SlashGolf | Live golf tournament data for golf pools. We send no personal data; we receive scoring info from the API. |
| The Odds API | Moneyline odds for the March Madness pool. No personal data sent. |
| ESPN public data | Live scores, schedules, and team/player data displayed across the Service. No personal data sent. |
We may also disclose information when required by law (e.g. valid legal process), to protect the rights, safety, or property of The Colosseum or others, or in connection with a merger, acquisition, or sale of assets (in which case we'll notify you in advance).
We do not sell your personal information. We do not share your data with advertisers or marketing networks. We do not use third-party advertising trackers.
4 · Payments
The Colosseum currently does not process payments directly. Pool buy-ins and payouts are handled between participants outside the platform (e.g. Venmo, Zelle, or in-person cash). We do not collect, store, or transmit your payment-card information. If and when we add platform-handled payments in the future, this Privacy Policy will be updated to describe the payment processor we use and what additional data is collected.
5 · Cookies and similar technologies
We use a small number of cookies and similar technologies:
- Authentication cookies set by our auth provider (Supabase) to keep you signed in. These are essential to the Service.
- Local storage in your browser to remember preferences (e.g. theme, pinned content).
- We do not use third-party advertising cookies, behavioral retargeting pixels, or cross-site trackers.
6 · How we communicate with you
We send transactional emails (account confirmations, pool entry confirmations, deadline reminders, recaps) that relate to your use of the Service. Where required by law, transactional emails do not require separate opt-in. We may also send marketing emails (new pool launches, product updates) but only if you opt in, and every marketing email includes a one-click unsubscribe link.
Web push notifications
If you grant your browser permission to send push notifications from The Colosseum, we may send notifications about pool deadlines, scoring updates, and game results. You can revoke this permission at any time in your browser settings.
Phone / SMS
We collect your phone number at sign-up so we can contact you about urgent matters related to your account or a pool you're in (e.g. payment confirmation, prize disbursement). At this time we do not send automated marketing or transactional SMS. If we add automated SMS in the future, we will request your separate explicit consent before doing so, and we will honor standard opt-out keywords (STOP, UNSUBSCRIBE).
7 · How long we keep your data
We keep your account data for as long as your account is active. If you delete your account, we delete or anonymize your personal information within 90 days, except where we are required to retain certain records for legal, accounting, or fraud-prevention reasons. Aggregated and de-identified data that cannot be linked back to you (e.g. pool participation counts, daily-game-play statistics) may be retained indefinitely.
8 · Your rights
Regardless of where you live, you have the following rights with respect to your information:
- Access — see what we have about you;
- Correction — fix anything that's wrong;
- Deletion — close your account and have your data removed (subject to the retention rules above);
- Portability — get a machine-readable copy of your data.
To exercise these rights, use the “Delete my account” option on your profile, or email hello@thecolosseumapp.com.
California residents (CCPA / CPRA)
If you are a California resident, you have the rights described above plus additional rights under the California Consumer Privacy Act, including the right to know what categories of personal information we collect and to opt out of any sale of your personal information. As described in Section 3, we do not sell personal information.
EU / UK residents (GDPR / UK GDPR)
If you are in the European Union or United Kingdom, you have rights under the GDPR including the rights described above, plus the right to object to processing, the right to restrict processing, and the right to lodge a complaint with your local data-protection authority. Our legal basis for processing is generally (a) contract — we need to process your data to provide the Service to you — and (b) consent for marketing communications. Note: The Colosseum is operated from the United States and primarily serves U.S. users. If you use the Service from outside the United States, your information will be transferred to and processed in the United States.
9 · Children's privacy
The Service is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided us with personal information, please contact us at hello@thecolosseumapp.com and we will delete it.
10 · Security
We use industry-standard measures to protect your information, including HTTPS-only transport, hashed passwords (we never store plaintext passwords), and row-level security policies on our database so that one user cannot access another user's data. No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting your data, we will notify you as required by applicable law.
11 · Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we'll update the “Last updated” date at the top, and for material changes we'll notify you by email or via a prominent notice in the Service before the change takes effect. Your continued use of the Service after a change indicates your acceptance of the updated policy.
12 · Contact us
Questions, requests, or complaints about this Privacy Policy? Email us at hello@thecolosseumapp.com.
This document is a draft pending review by counsel. Sections most likely to need attorney revision: Section 4 (Payments) when Stripe is added, Section 6 (Phone/SMS) when automated SMS is added, and Section 9 (Children's privacy) if the age gate is changed from 18 to 21 for paid contests.