Privacy Policy

Last updated: March 30, 2026

1. Introduction

Unstructured Ventures, LLC ("Pennant Games", "we", "us", "our") operates the hemrockpark.com website and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide

  • Account registration: Email address and password when you create an account. We hash passwords using industry-standard algorithms and never store them in plaintext.
  • Profile information: Username, display preferences, and any optional profile details you choose to provide.
  • Game content: Team names, player display names, league configurations, trade proposals, draft selections, and coaching settings.
  • Wallet addresses: If you choose to connect an Ethereum wallet, we store the public wallet address (not private keys, seed phrases, or passwords).
  • Communications: Any messages or feedback you send us directly.

2.2 Information Collected Automatically

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, time and date of access, and time spent on pages.
  • Device information: Device type, screen resolution, and unique device identifiers.
  • Cookies and similar technologies: Session cookies for authentication and preference cookies for theme settings. See Section 7 for details.

2.3 Information from Third Parties

  • Authentication providers: If we enable third-party sign-in in the future, we may receive your name, email, and profile picture from the provider.
  • Blockchain data: Publicly available Ethereum blockchain data to verify wallet ownership and legacy player claims.

3. How We Use Your Information

  • Provide the Service: Create and manage your account, operate game features (leagues, exhibitions, trades, drafts), display leaderboards and statistics.
  • Personalization: Remember your preferences (theme, saved lineups), display your claimed legacy players.
  • Communication: Send account-related emails (verification, password reset, important updates). We will not send marketing emails without your consent.
  • Security: Detect and prevent fraud, abuse, unauthorized access, and violations of our Terms of Service.
  • Improvement: Analyze usage patterns in aggregate to improve the Service, fix bugs, and develop new features.
  • Legal compliance: Comply with applicable laws, regulations, and legal processes.

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

  • Contract performance: Processing necessary to provide the Service you signed up for.
  • Legitimate interest: Improving the Service, ensuring security, preventing fraud.
  • Consent: Where you have given explicit consent (e.g., optional wallet connection).
  • Legal obligation: Where processing is required by law.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data in these limited circumstances:

  • Service providers: We use third-party providers for hosting (Vercel), database (Supabase), and AI features (Anthropic). These providers process data on our behalf under data processing agreements.
  • Other users: Your username, team name, league activity, and game statistics are visible to other users of the Service. Your email address is not shared with other users.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.
  • Aggregate data: We may share anonymized, aggregated statistics that cannot identify individual users.

6. Data Storage and Security

  • Your data is stored on servers operated by Supabase (PostgreSQL with row-level security policies) and hosted infrastructure providers.
  • Authentication tokens are encrypted and transmitted over HTTPS.
  • Passwords are hashed using bcrypt via Supabase Auth.
  • We implement access controls to limit who can access your data internally.
  • Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication session management. These cannot be disabled without breaking the Service.
  • Preference cookies: Store your theme preference (light/dark/system). These are optional.

We do not use advertising cookies, third-party tracking pixels, or analytics cookies that track you across other websites. We do not participate in ad networks or sell data to advertisers.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and all associated personal data. Some data may be retained as required by law or for legitimate business purposes.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit how we process your data.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, contact us at hello@hemrock.com. We will respond within 30 days.

9. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except as required by law.
  • Game data: Game statistics, play-by-play records, and league history may be retained in anonymized form after account deletion for the integrity of league records.
  • Log data: Server logs are retained for up to 90 days for security and debugging purposes.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child under 13 has created an account, please contact us.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers in compliance with applicable law.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Not be discriminated against for exercising your privacy rights

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and/or a prominent notice on the Service. The "Last updated" date at the top indicates the most recent revision.

14. Contact

For privacy-related questions, requests, or concerns, contact us at:

  • Email: hello@hemrock.com