Legal

Privacy Policy

Last updated: June 25, 2026

Who We Are

Rotowizards ("we", "our", or "us") operates RotoWizards.com, a fantasy football advice and membership platform. We are committed to protecting your personal information and being transparent about how we use it.

If you have any questions about this policy, contact us at Support@RotoWizards.com.

Information We Collect

Account Information

When you create an account, we collect your username and email address. We do not require your real name.

Payment Information

If you subscribe to a Pro membership, payments are processed by PayPal or Stripe. We never store your credit card or bank details on our servers. All payment data is handled directly by these PCI-compliant processors. We retain transaction metadata (timestamp, amount, subscription status) so we can manage your subscription.

Fantasy Team and League Data

When you connect a league from Sleeper, ESPN, or Yahoo — or enter team details manually — we collect and store:

Your team name, roster, and league scoring settings
Other teams in the league (their rosters and team names) so we can analyze your opponents
League rules (number of teams, roster slots, waiver type, FAAB balances, draft data, etc.)

This data is stored against your account and used to personalize the advice the Service provides. It is not shared with third parties for any purpose other than operating features you use (e.g. sending it to our AI providers when you ask the Crystal Ball a question).

Third-Party Platform Credentials

To refresh your league data on demand, we store credentials for the platforms you connect:

Sleeper: your Sleeper user ID and league ID. No password is needed — the Sleeper data we read is public.
ESPN: the SWID and espn_s2 session cookies you supply. These are encrypted at rest before being saved to our database.
Yahoo: the OAuth tokens you authorize at Yahoo's own consent screen. These are encrypted at rest.

You can revoke any of these by deleting the team on the My Teams page; we delete the stored credentials at that point.

AI Assistant Activity

When you use the Crystal Ball AI assistant, we transmit the content of your question along with relevant context (your league settings, roster, and recent conversation) to our AI providers (OpenAI, and Groq as fallback) so they can generate a response. We log only the following on our own servers:

A per-user daily question count, for rate-limiting purposes (resets at midnight)
An aggregate site-wide daily count of AI feature usage, for operations (retained for 60 days)

We do not store the text of your individual AI questions or answers on our servers. The AI providers we use may retain inputs according to their own policies — see "Third-Party Services" below.

Usage Data

We track page views on articles to power our "Most Popular" sorting feature. This data is anonymous and stored as aggregate view counts — we do not track individual user browsing behavior.

Contact Form Data

When you use our contact form, we collect your name, email address, and message content solely to respond to your inquiry.

Server and Session Logs

Like most websites, our hosting provider (Bluehost) automatically logs IP addresses, browser user-agent strings, and request timestamps at the server level for security and operations purposes. These logs are managed by Bluehost according to its own policies and are not directly accessible to us beyond standard troubleshooting needs. WordPress and the membership plugin we use (Simple Membership) may also record login timestamps and IP addresses against your account for security purposes.

How We Use Your Information

To create and manage your Rotowizards account
To process membership payments and send billing receipts
To respond to support requests and contact form submissions
To send account-related emails (password resets, membership updates)
To sync your league, roster, and scoring data from the third-party platforms you connect
To generate personalized advice through the Crystal Ball AI assistant, which requires transmitting your question and league context to our AI providers
To improve our content and features based on aggregate usage patterns

We do not sell or rent your personal information. We do not share your information with third parties for advertising or marketing purposes. We do share specific data with the service providers listed in "Third-Party Services" below, but only as required to operate the features you use (payment processing, AI advice, league data syncing, hosting, etc.).

Cookies

We use cookies to keep you logged in to your account and to remember your preferences. These are essential for the site to function properly. We also use standard WordPress cookies for session management.

We do not use advertising cookies or third-party tracking cookies.

Third-Party Services

We use the following third-party services, each with their own privacy policies. We share only the data necessary to make each feature work.

Sleeper — provides public NFL player data and, when you import a Sleeper league, your team and league details. We do not send your Rotowizards account information to Sleeper.
ESPN Fantasy — if you import an ESPN league, we use the session cookies you provide to fetch your roster, league settings, and opponents' rosters. Requests to ESPN appear as coming from you. We do not send your Rotowizards account information to ESPN.
Yahoo Fantasy — if you import a Yahoo league, we use OAuth tokens you authorize at Yahoo's own consent screen to fetch your league data. We do not send your Rotowizards account information to Yahoo.
FantasyNerds — provides NFL projections, injury data, depth charts, and player metadata that we display in the Service. No personal data is sent to FantasyNerds.
Tavily — when you use the Crystal Ball AI, we may send NFL-related search queries to Tavily to retrieve current news. Queries do not include your Rotowizards account information; they may include public player or team names mentioned in your question.
OpenAI — primary provider for Crystal Ball AI responses. We send the content of your AI questions plus a system prompt that includes your league settings and roster context so the AI can give tailored advice. OpenAI's terms govern their handling of these inputs.
Groq — fallback provider for Crystal Ball AI when OpenAI is unavailable. Same data flow as OpenAI.
PayPal — processes Pro subscription payments. PayPal handles your payment information directly; we never see or store your card or bank details.
Stripe — alternative payment processor for Pro subscriptions. Same data flow as PayPal.
Simple Membership (SWPM) — WordPress plugin that manages your account, subscription status, and payment metadata. Data stays on our servers.
Bluehost — our hosting provider. All Rotowizards data (account information, league data, AI usage counts) is stored on Bluehost's US-based servers. Bluehost provides infrastructure-level security and may log server-level events as described above.
Cloudflare — provides bot and abuse protection (Cloudflare Turnstile) on forms such as login, registration, and contact. To distinguish humans from automated traffic, Turnstile may process your IP address and browser/device signals. We do not use Cloudflare for advertising or cross-site tracking.

Data Retention

We retain different categories of data for different periods:

Account information (username, email, subscription status): retained as long as your account is active. Deleted within 30 days of account closure.
Fantasy team and league data: retained as long as your account is active or until you remove the team via My Teams. Deleted within 30 days of account closure.
Third-party platform credentials (ESPN cookies, Yahoo tokens, Sleeper IDs): retained until you remove the team they are attached to, or your account is closed. Encrypted at rest while stored.
Page view counts: aggregated only. Purged automatically on a 10-day rolling basis. Contains no personally identifiable information.
AI usage counts: per-user daily counts reset at midnight. Aggregate site-wide daily counts retained for 60 days.
Payment transaction metadata: retained as required by tax and accounting law, typically 7 years.
Server logs: retained by our hosting provider (Bluehost) per their own retention policies.

If you want immediate deletion rather than waiting for the 30-day window, contact Support@RotoWizards.com.

Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and associated data
Withdraw consent for any data processing at any time

To exercise any of these rights, email us at Support@RotoWizards.com.

California Residents (CCPA / CPRA)

If you reside in California, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know what personal information we collect, use, and (if any) share or sell
Right to delete the personal information we hold about you
Right to correct inaccurate personal information
Right to opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising
Right to limit the use of sensitive personal information
Right to non-discrimination for exercising any of these rights

We do not sell or share personal information for advertising purposes. We do not use sensitive personal information for any purpose beyond providing the Service. To exercise these rights, email Support@RotoWizards.com with the subject line "California Privacy Request."

Other US State Privacy Laws

Residents of Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive consumer privacy laws have rights similar to those described above — including the right to access, correct, delete, and (where applicable) opt out of certain processing. To exercise any of these rights under any US state privacy law, email Support@RotoWizards.com with a description of your request and the state in which you reside.

Security

We take reasonable precautions to protect your information. Passwords are stored using industry-standard one-way hashing. Third-party platform credentials (ESPN cookies, Yahoo OAuth tokens) are encrypted at rest before being saved to our database. Payment transactions are encrypted in transit via SSL and handled entirely by our payment processors.

No method of transmission over the internet is 100% secure. While we do our best to protect your data, we cannot guarantee absolute security.

Children's Privacy

Rotowizards is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with their information, please contact us at Support@RotoWizards.com and we will delete it.

Users between the ages of 13 and the age of majority in their jurisdiction must have the consent of a parent or legal guardian to use the Service, as described in our Terms of Service.

International Users

Rotowizards is operated from the United States and hosted on US-based servers. By using the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction.

If you reside in the European Economic Area, the United Kingdom, or any other jurisdiction with GDPR-equivalent data protection laws, you have additional rights including access, rectification, erasure, restriction of processing, objection, and data portability. We will honor these rights on the same basis as the rights described above. To exercise them, contact Support@RotoWizards.com.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and may also notify you by email or through the Service. Continued use of the Service after the effective date of any modification constitutes acceptance of the updated policy.

Contact Us

Questions or concerns about this Privacy Policy? Reach out: