Request Access
← Back to The Cold Line

Privacy Policy

Last updated: April 14, 2026

1. Introduction

The Cold Line (“we,” “us,” or “our”) operates the website thecoldline.com (the “Platform”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Platform.

By using the Platform, you consent to the data practices described in this policy. If you do not agree, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

  • Account registration: email address, username (optional), password (cryptographically hashed — we never store your plaintext password)
  • Profile information: profile photo (optional), preferred sportsbook
  • Bet tracking data: sport, teams, sportsbook, bet type, odds, stake amount, line, settlement status, and profit/loss for bets you manually log or import via CSV
  • MLB builds: custom metric configurations, selections, and analysis you create using the Cold Line Builder
  • Game chat messages: text content, username, and timestamps for messages you post in game threads
  • Feedback and support: questionnaire responses, access requests, bug reports, and support tickets including any comments or descriptions you provide
  • Edge Scanner preferences: preferred sportsbook, edge thresholds, Kelly sizing mode, bankroll amount, notification preferences
  • Notification settings: alert type preferences, delivery channels (email, SMS, Telegram), phone number and Telegram chat ID if provided, quiet hours configuration

2.2 Information Collected Automatically

  • IP address: collected on login, account creation, access requests, and analytics events
  • User agent: browser and device information, collected with IP address
  • Page views: URL path, page title, referrer, and timestamp for each page you visit
  • Search terms: if you arrive via a search engine, we record the search query from the referrer URL
  • Session data: login timestamps, last activity timestamps, session duration
  • Session replacement events: when your session is ended because your account was accessed from another device, we log the event time plus the masked IP, approximate location, and device details for the old and new sessions for security monitoring

2.3 Information We Do Not Collect

  • We do not collect or store payment card numbers, bank account details, or financial credentials — these are handled exclusively by our payment processor (see Section 5)
  • We do not access your sportsbook accounts — CSV uploads are initiated entirely by you
  • We do not collect precise geolocation data (GPS coordinates)
  • We do not use third-party advertising trackers or sell data to advertisers

3. How We Use Your Information

  • Provide the service: authenticate your identity, deliver analytics and predictions, process your builds and bet logs, power game chat
  • Personalize your experience: remember your preferred sportsbook, apply your Edge Scanner thresholds, pre-fill forms with your defaults
  • Cold Line model alignment: when you log a bet, we compare it against our model’s prediction to calculate agreement and edge percentage — this data is shown only to you
  • Model calibration: we use aggregated, de-identified prediction accuracy data (Plate Read outcomes, Edge Scanner results) to improve our models. Individual bet data is never used for model training.
  • Security: detect unauthorized access, enforce single-session policy, identify account sharing patterns, rate-limit abusive requests, and maintain audit logs
  • Communication: send password reset emails, notification alerts you have opted into, and critical service announcements
  • Analytics: understand how the Platform is used in aggregate to improve features and performance

4. How We Store and Protect Your Information

4.1 Storage

Your data is stored using industry-standard cloud infrastructure providers. Personal data is kept in secure, access-controlled databases. Temporary data such as session tokens and rate-limiting counters is stored in encrypted caching layers.

4.2 Security Measures

  • Passwords are cryptographically hashed before storage — plaintext passwords are never stored or logged
  • Authentication tokens are stored in secure, HTTP-only cookies inaccessible to client-side scripts
  • All data in transit is encrypted via HTTPS/TLS
  • API endpoints are protected by authentication and rate limiting
  • Automated monitoring detects and responds to suspicious access patterns
  • Administrative actions are logged in an audit trail
  • Sessions expire after inactivity and have a maximum lifetime

4.3 Data Retention

  • Account data: retained for the lifetime of your account
  • Saved builds and tracking data: retained for the lifetime of your account unless you delete them
  • Analytics events: retained in aggregate for up to 24 months
  • Security logs: retained for up to 90 days
  • Password reset tokens: expire automatically after a short period
  • Chat messages: retained for the lifetime of the game thread

5. Third-Party Services

We use third-party infrastructure and data providers to operate the Platform. These services receive only the minimum data necessary for their function. Services that provide sports data, odds, scores, or weather receive no user data whatsoever.

Your personal data (email, session tokens) is shared only with our hosting, database, and email delivery providers as required to operate the Platform.

5.1 Payment Processor (LemonSqueezy)

Subscription payments and the Offshore Edge Scanner add-on are processed by LemonSqueezy (Lemon Squeezy US LLC), who acts as our Merchant of Record. When you purchase a subscription, LemonSqueezy collects and stores:

  • Your payment card details (card number, expiration, CVC) — we never see these
  • Your billing address (for tax calculation and receipts)
  • Your name and email address (passed from your Cold Line account at checkout)
  • Transaction history, invoices, and receipts

LemonSqueezy is responsible for PCI compliance, sales tax / VAT collection in 190+ countries, fraud prevention, chargeback handling, and invoicing. The only data we receive from LemonSqueezy is the subscription status, plan tier, renewal date, and a non-sensitive customer ID — we use this to determine what features are unlocked on your account.

LemonSqueezy's privacy policy governs the data they collect from you: https://www.lemonsqueezy.com/privacy. Under the GDPR, LemonSqueezy acts as an independent controller for payment data, not a processor on our behalf.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

6. Cookies

We use a single essential authentication cookie to maintain your login session. This cookie is HTTP-only (inaccessible to JavaScript), contains no personal information, and expires after a set period or upon logout. It is required for the Platform to function.

We do not use advertising cookies, social media tracking cookies, or third-party analytics cookies.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your account and associated data
  • Export: request your bet history and build data in a portable format
  • Opt-out: disable notification channels or analytics tracking

To exercise any of these rights, contact us at privacy@thecoldline.com. We will respond within 30 days.

California Residents (CCPA)

California residents have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a verifiable consumer request, email privacy@thecoldline.com.

European Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under the GDPR including the right to data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing your data is contract performance (providing the service you signed up for) and legitimate interests (security and service improvement).

8. Children’s Privacy

The Platform is not intended for anyone under 21 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a person under 21, we will delete that information promptly.

9. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Material changes will be communicated via email.

11. Contact

For privacy-related questions or requests, contact us at privacy@thecoldline.com.