Legal

Privacy Policy

Last Updated: June 8, 2026

1. Overview and Key Definitions

1.1 “Personal Information”

“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with an individual. Examples include name, email address, phone number, device identifiers, IP address, account credentials, and payment-related information (handled by our payment processor).

1.2 “Sensitive Personal Information”

“Sensitive Personal Information” may include certain data categories that receive additional protections under some laws, such as precise geolocation, government identifiers, financial account access credentials, and similar data. We generally do not require or intend to collect Sensitive Personal Information, and you should not provide it unless specifically requested for a legitimate purpose.

1.3 “Non-Personal Information”

“Non-Personal Information” means data that does not identify you specifically (e.g., aggregated analytics). If Non-Personal Information is combined with Personal Information, we treat the combined information as Personal Information.

1.4 “Processing”

“Processing” means any operation performed on Personal Information such as collecting, storing, using, disclosing, analyzing, transferring, or deleting.

2. The Types of Information We Collect and How We Collect It

We collect information in three primary ways: (A) information you provide directly, (B) information collected automatically, and (C) information received from third parties.

2.1 Information You Provide Directly

We collect information you provide when you:

• Create an account, register, or set up a profile
• Participate in our community features (e.g., posting, commenting, messaging)
• Contact us for support or other inquiries
• Sign up to receive communications (email and/or SMS) where applicable
• Participate in events, livestreams, surveys, or research activities
• Submit forms or otherwise communicate with us

This may include:

• Identifiers and contact details (name, email, phone number)
• Account information (username, password, authentication data)
• Profile information you choose to provide (profile photo, bio, preferences)
• Communications content (messages you send to us, support tickets, feedback)
• User Content you post or share (comments, posts, uploads)
• Event participation information

If you provide Personal Information about another person, you represent that you have authority to do so and that you have provided any required notices and obtained any required consent.

2.2 Information Collected Automatically

When you access or use the Services, we may automatically collect:

• Device and connection information (IP address, device type, operating system, browser type, language settings)
• Usage information (pages/screens viewed, features used, clicks, referring/exit pages, time spent, session duration)
• Approximate location information derived from IP address (not precise geolocation unless you explicitly enable it at the device level)
• Log data and diagnostics (crash reports, performance data, system activity)

We use technologies such as cookies, SDKs, pixels, local storage, and similar tools to collect this information where permitted by law. You may be able to control some tracking through your device settings and browser controls.

2.3 Information Received from Third Parties

We may receive information from third parties such as:

• Payment processors (e.g., Stripe) for confirmation of payments, subscription status, chargebacks, and fraud signals
  Note: We do not receive or store full payment card numbers. Those are handled by our payment processor.
• Communication providers used to send email/SMS (delivery status, bounce reports, opt-out status)
• Analytics providers (aggregated usage data, device/browser data)
• Identity/authentication providers if we support third-party sign-in in the future
• Platform providers (e.g., app stores) for installation and performance metrics
• Security and fraud prevention providers (risk signals, abuse detection)

We take reasonable steps to confirm that information received from third parties was collected with appropriate permission or otherwise lawfully shared.

3. How We Use Personal Information

We use Personal Information for the following business and operational purposes:

3.1 Provide, Maintain, and Improve the Services

• Create and manage accounts and user profiles
• Provide access to the Services and features
• Personalize user experience (where applicable)
• Operate community functionality (posts, comments, messaging, moderation)
• Diagnose, troubleshoot, and fix issues
• Improve performance, reliability, and security

3.2 Communications and Support

• Respond to your requests, inquiries, and support tickets
• Send administrative notices (changes to policies, security alerts, service updates)
• Provide service-related communications necessary to operate your account

3.3 Transactions and Billing

• Process payments via our payment processor
• Confirm purchases, renewals, cancellations, refunds (if applicable), and chargeback handling
• Perform accounting, auditing, reconciliation, and tax compliance processes

3.4 Safety, Security, and Abuse Prevention

• Detect, prevent, and investigate fraud, abuse, harassment, and unauthorized access
• Enforce our Terms, community standards, and acceptable use requirements
• Protect the rights, safety, and property of Duke’s Picks, our users, and others

3.5 Marketing and Promotional Communications (With Choice)

• Send newsletters and updates
• Send announcements or promotions consistent with your preferences and applicable law

You may opt out of marketing communications at any time as described in Section 9.

3.6 Analytics and Research

• Analyze usage trends to improve and maintain the Services
• Measure effectiveness of communications and platform performance
• Generate aggregated reports that do not identify you

3.7 Legal and Compliance

• Comply with applicable laws, lawful requests, court orders, subpoenas, and regulatory obligations
• Establish, exercise, or defend legal claims
• Protect against harm to our users or the public where reasonably necessary

4. Categories of Personal Information Collected and Disclosed

The following describes the categories of Personal Information that Duke’s Picks LLC may collect, use, and disclose for business purposes. Whether a particular category is collected depends on how you interact with the Services. Duke’s Picks does not sell Personal Information for monetary compensation.

Identifiers

• Examples: name, email address, phone number, username, account ID, IP address
• Sources: provided by you; collected automatically; service providers
• Purposes: account creation and authentication, customer support, communications, security, fraud prevention
• Disclosures for business purposes: hosting providers, email/SMS delivery vendors, analytics and security providers

Account Credentials

• Examples: passwords, authentication tokens, login credentials
• Sources: provided by you; generated by the Services
• Purposes: authentication, account access, account security
• Disclosures for business purposes: hosting and security providers strictly as necessary to operate and secure the Services

Customer Records and Account Data

• Examples: support requests, preferences, settings, account history
• Sources: provided by you; generated through use of the Services
• Purposes: customer support, service delivery, operations, compliance
• Disclosures for business purposes: customer support tools, hosting providers

User Content

• Examples: posts, comments, messages, uploads, community interactions
• Sources: provided by you
• Purposes: community features, moderation, service functionality
• Disclosures for business purposes: hosting providers; moderation and security tools where applicable

Commercial Information

• Examples: transaction confirmations, subscription status, refunds, chargebacks
• Sources: payment processors; you
• Purposes: billing, accounting, fraud prevention, access management
• Disclosures for business purposes: payment processors; accounting and audit vendors where required

Internet or Network Activity Information

• Examples: pages viewed, features used, session logs, analytics events
• Sources: collected automatically; analytics tools
• Purposes: performance monitoring, analytics, security, service improvement
• Disclosures for business purposes: analytics providers, performance monitoring vendors, security vendors

Approximate Location Information

• Examples: location derived from IP address (not precise location)
• Sources: collected automatically
• Purposes: security, fraud prevention, basic analytics
• Disclosures for business purposes: security and analytics providers

Communications Data

• Examples: email delivery status, SMS delivery reports, opt-out status, bounce logs
• Sources: communications service providers
• Purposes: message delivery, preference management, compliance
• Disclosures for business purposes: email and SMS delivery providers

Device and Technical Information

• Examples: device type, operating system, browser type, app version, crash logs
• Sources: collected automatically; platform providers
• Purposes: diagnostics, security, performance optimization
• Disclosures for business purposes: analytics, performance monitoring, and hosting providers

Important Notes

• Duke’s Picks does not sell Personal Information for monetary compensation.
• Text message opt-in data and consent records are never shared with third parties for marketing purposes.
• All disclosures are limited to what is reasonably necessary to operate, secure, and improve the Services or comply with law.

5. Legal Bases for Processing (EEA/UK/Switzerland and Similar Jurisdictions)

If you are located in the EEA, UK, Switzerland, or another jurisdiction requiring a lawful basis, we process Personal Information under one or more of the following bases:

• Performance of a contract (to provide the Services you request)
• Legitimate interests (security, fraud prevention, service improvement, basic analytics, business operations) unless overridden by your rights
• Consent (e.g., certain marketing communications, where required by law)
• Legal obligation (tax, accounting, regulatory compliance)
• Vital interests (where necessary to protect someone’s safety)

You may withdraw consent where applicable at any time, without affecting the lawfulness of processing before withdrawal.

6. How We Share Personal Information

We do not sell your Personal Information for monetary compensation. We may share Personal Information in the following circumstances:

6.1 Service Providers (“Processors”)

We share Personal Information with trusted vendors who perform services on our behalf, such as:

• Payment processing (e.g., Stripe)
• Email and SMS delivery and messaging services
• Hosting, cloud infrastructure, and content delivery networks
• Analytics and performance monitoring
• Customer support tools
• Security, fraud detection, and abuse monitoring

These providers are permitted to process Personal Information only to provide services to us and are required to protect it consistent with this Privacy Policy and applicable law.

6.2 Legal, Safety, and Enforcement

We may disclose Personal Information if we reasonably believe it is necessary to:

• Comply with a legal obligation or valid legal process
• Respond to lawful requests by public authorities
• Protect the rights, property, and safety of Duke’s Picks, our users, or the public
• Investigate suspected fraud, security threats, or violations of our Terms

6.3 Business Transfers

If we engage in a merger, acquisition, reorganization, financing, bankruptcy, dissolution, or sale/transfer of assets, Personal Information may be transferred as part of that transaction, subject to appropriate protections.

6.4 With Your Consent

We may share Personal Information with third parties when you direct us to do so or otherwise provide consent.

6.5 Aggregated or De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

7. Special Rule for SMS and A2P / Opt-In Data

We do not share or sell your SMS/text messaging opt-in data, mobile number, or consent records to third parties for their marketing purposes.

All categories of sharing described in this Privacy Policy exclude text messaging originator opt-in data and consent. This information will not be shared with any third parties, except with vendors and providers necessary to deliver text messaging services, comply with law, or protect the security and integrity of the Services.

8. Cookies, SDKs, and Similar Technologies

8.1 How We Use Cookies

We use cookies, pixels, SDKs, and similar technologies to operate and improve the Services, including:

• Authentication and session management
• Security and fraud prevention
• Preferences and settings storage
• Analytics and performance monitoring

You can control cookies through your browser settings and may control certain mobile tracking permissions through your device settings. If you disable cookies or tracking, some features may not function properly.

8.2 Website Analytics

On our public website we use two analytics tools to understand how people find and use the site. We have deliberately kept data collection to a minimum, and one of the two does not run at all unless you choose to allow it.

8.3 Cloudflare Web Analytics (Cookieless)

Cloudflare Web Analytics is a privacy-first measurement tool that does not use cookies and does not collect personally identifiable information. It records aggregate counts only — such as page views, the country a visit comes from, the browser used, and the page that referred you. Because it sets no cookies and stores no persistent identifier tied to you, it runs for all visitors and is not governed by the cookie consent banner.

8.4 Google Analytics 4 (Opt-In)

We also use Google Analytics 4 (“GA4”) for more detailed usage reporting, such as page views, general device and browser information, and approximate location at the country level. GA4 uses cookies, so we treat it as strictly opt-in. By default GA4 loads in a “consent denied” state and collects nothing; it only begins measuring after you select “Accept” on our cookie consent banner. We also instruct GA4 to anonymize IP addresses. If you select “Decline,” or simply do not interact with the banner, no Google Analytics cookies are set and no GA4 data is collected for your visit. GA4 data is processed by Google; for more detail you can review Google’s Privacy Policy and Google’s Consent Mode documentation.

8.5 Managing or Changing Your Consent

Your choice is remembered in your browser’s local storage under the key dp_consent. You can change your mind at any time: clearing your browser’s site data for dukespicks.com, or removing the dp_consent value, will bring the banner back on your next visit so you can opt in or out again. You can also block or delete analytics cookies directly through your browser settings.

8.6 Legal Basis and Opt-Out

Where required by law, we rely on your consent as the legal basis for Google Analytics, and on our legitimate interest in understanding and improving the Services as the basis for cookieless Cloudflare Web Analytics, consistent with the GDPR and similar frameworks. You may withdraw consent at any time as described above. If you are a California resident, you may opt out of analytics tracking through the banner and your browser settings; we do not sell your Personal Information for monetary compensation.

9. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect Personal Information against unauthorized access, use, alteration, and disclosure.

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and notifying us immediately if you believe your account has been compromised.

If you believe your interaction with us is no longer secure, contact us at support@dukespicks.com.

10. Your Choices: Email, SMS, and Marketing Preferences

10.1 Email Preferences

You may opt out of marketing emails at any time by using the unsubscribe link in the footer of an email. Even if you opt out of marketing emails, we may still send you service-related or transactional emails necessary to operate your account.

10.2 SMS Preferences

If you have opted in to SMS, you may opt out at any time by replying STOP to a message. You may receive a final confirmation message. For help, reply HELP or contact support@dukespicks.com.

10.3 Device Permissions

You can adjust permissions such as notifications and location sharing in your device settings. If you disable certain permissions, some features may not function as intended.

11. Data Retention

We retain Personal Information only for as long as reasonably necessary to:

• Provide the Services
• Maintain your account
• Comply with legal, tax, accounting, and regulatory requirements
• Resolve disputes and enforce agreements
• Prevent fraud and abuse and maintain security

Retention periods vary based on:

• The type of data
• The purpose of processing
• Legal obligations and limitations periods

When Personal Information is no longer required, we will delete, anonymize, or securely dispose of it in accordance with our retention practices and applicable law.

12. Children’s Privacy

The Services are not intended for children under 16 (or under 13 where applicable law sets that as the minimum age). We do not knowingly collect Personal Information from children.

If you believe a child has provided us Personal Information, please contact support@dukespicks.com, and we will take steps to delete it as required by law.

13. Links and Third-Party Services

The Services may contain links to or integrations with third-party websites, apps, and services. We are not responsible for the privacy practices of third parties, and this Privacy Policy does not apply to information you provide to or that is collected by third parties.

We encourage you to review the privacy policies of those third parties before providing information.

14. Do Not Track

Some browsers offer a “Do Not Track” (“DNT”) setting. At this time, the Services do not respond to DNT signals. You can still manage cookies and certain tracking as described above.

15. Your Privacy Rights (General)

Depending on where you live, you may have rights regarding your Personal Information, including rights to:

• Access your Personal Information
• Correct inaccurate information
• Delete certain information
• Object to or restrict certain processing
• Obtain a portable copy of your Personal Information
• Opt out of certain targeted advertising (where applicable)
• Withdraw consent (where processing is based on consent)

To exercise these rights, contact us at support@dukespicks.com. We may request information to verify your identity and protect your privacy.

We will not discriminate against you for exercising your rights.

16. European Privacy Rights (GDPR / UK GDPR / Switzerland)

If you are located in the EEA, UK, or Switzerland, you may have rights to:

• Request access, correction, deletion, and portability
• Object to processing or request restriction
• Withdraw consent at any time where applicable

You also have the right to lodge a complaint with your local data protection authority.

17. International Transfers

Duke’s Picks LLC is based in the United States, and we may process and store Personal Information in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

Where required, we take measures designed to ensure an adequate level of protection for transferred data consistent with applicable law (such as contractual safeguards).

18. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have the right to:

• Know what categories of Personal Information we collect and how we use it
• Request access to specific pieces of Personal Information
• Request correction of inaccurate Personal Information
• Request deletion of certain Personal Information
• Opt out of “sale” or “sharing” of Personal Information (as defined by law)
• Limit use and disclosure of certain Sensitive Personal Information (where applicable)
• Not be discriminated against for exercising rights

We do not sell Personal Information for monetary compensation. We also do not share text messaging opt-in data or consent with third parties for their marketing.

To submit a request, contact support@dukespicks.com. We may need to verify your identity before fulfilling your request.

You may designate an authorized agent to submit requests on your behalf where permitted by law. We may require proof of authorization and identity verification.

19. Colorado Privacy Rights (CPA), Virginia (VCDPA), Connecticut (CTDPA), Utah (UCPA) and Other U.S. State Laws

Residents of certain U.S. states may have rights to access, correct, delete, and obtain a copy of Personal Information, and to opt out of targeted advertising, sale, or certain profiling as defined by applicable law.

To exercise these rights, contact support@dukespicks.com. If we deny your request, you may have the right to appeal by contacting us at the same email and stating that you are appealing a privacy decision.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the “Last Updated” date above when changes are made. Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

21. How to Contact Us

If you have questions about this Privacy Policy, your Personal Information, or your privacy rights, contact:

Duke’s Picks LLC
Email: support@dukespicks.com