CFB Commissioner's Office
Admin login

Privacy policy

Effective date: June 13, 2026 · League Lines LLC · Template copy for review; not legal advice.

Overview

League Lines LLC (“League Lines,” “we,” “us,” or “our”) operates CFB Commissioner's Office, a Discord bot and web admin for managing fictional college football super leagues. This policy describes what information we collect, how we use it, and the choices you have. By using the bot or web admin, you agree to this policy.

Information we collect

  • Discord account data when you sign in to the web admin (via Discord OAuth): your Discord user ID, display name, avatar, email address if Discord provides it, and the list of Discord servers (“guilds”) you belong to, including whether you have server management permissions in those guilds.
  • Discord and league activity when you use the bot or web admin in a registered server: Discord user IDs, guild (server) IDs, channel IDs, and message or interaction data needed to run commands (for example, placing bets, entering stats, or configuring league settings).
  • League and wagering data stored for your guild: virtual coin balances, team assignments, bets, matchups, game results, futures markets, commissioner settings, and related statistics. This data is tied to Discord user IDs, not real-money accounts.
  • Schedule import images (optional Pro feature): if a commissioner uploads schedule screenshots for extraction, those images are processed by our vision provider to draft matchup rows. Images and extracted text may be stored until the import is completed or deleted.
  • System-admin access: if you are an authorized platform administrator, we store your email address, issue short-lived login tokens (stored in hashed form), and send magic-link emails for sign-in.
  • Server and security logs: our API and web app may log request metadata such as timestamps, HTTP method, route, status code, client IP address, user agent, and a request identifier. These logs help us operate and troubleshoot the service.
  • Contact inquiries: if you submit our contact form, we receive the name, email, subject, and message you provide.

How we use information

  • Provide, maintain, and improve the Discord bot, web admin, licensing, and related features.
  • Authenticate web admin and system-admin users and enforce access controls.
  • Store and display league data for commissioners and members in the servers where the bot is installed.
  • Send operational emails (such as system-admin magic links) and respond to support requests.
  • Monitor usage, prevent abuse, debug errors, and protect the security of our systems.
  • Comply with legal obligations and enforce our terms of service.

Legal bases (EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we process personal data where necessary to perform our contract with you or your server administrators, where we have a legitimate interest in operating and securing the service (balanced against your rights), and where you have given consent when required (for example, optional contact form submissions).

How we share information

  • Discord: the service is built on Discord. Discord receives data according to its own policies when you use Discord or authorize our OAuth application.
  • OpenAI: when schedule screenshot import is enabled, uploaded images are sent to OpenAI for text extraction. OpenAI’s policies govern their handling of that data.
  • Email delivery: magic-link emails are sent through our configured SMTP provider.
  • Infrastructure providers: we use United States–based hosting and database providers to run the API, bot, and website. They process data on our behalf solely within the United States.
  • Stripe: when you subscribe to a paid plan, payment is processed by Stripe. We receive your guild ID, subscription status, and billing metadata from Stripe, not full card numbers. Stripe's privacy policy governs payment data they collect at checkout.
  • Legal requirements: we may disclose information if required by law or to protect rights, safety, and security.

Cookies and similar technologies

The web admin uses session cookies to keep you signed in after Discord OAuth (via NextAuth). The separate system-admin console uses an httpOnly session cookie after email magic-link verification. We do not use third-party advertising cookies. You can control cookies through your browser settings, but disabling them may prevent sign-in.

Data location

We store and process personal data in the United States only. Our production infrastructure and databases are hosted with United States–based providers. If you access the service from outside the United States, you understand that your information will be transferred to and processed in the United States.

Data retention

We retain league and user data for as long as the bot remains in your Discord server and as needed to provide the service. Guild data may be deleted or anonymized after the bot is removed, subject to backup and legal retention requirements. Server logs are kept for a limited operational period. System-admin login tokens expire shortly after issuance and are consumed or discarded. Contact form messages are retained only as long as needed to respond.

Security

We use reasonable technical and organizational measures to protect data, including encrypted transport (HTTPS), access controls, and hashed storage for sensitive tokens. No method of transmission or storage is completely secure.

Your choices and rights

  • Discord settings: you can revoke our OAuth access in your Discord user settings and leave servers where the bot is installed.
  • Guild administrators: commissioners can manage league data through bot commands and the web admin, and can remove the bot from a server to stop new data collection for that guild.
  • Access, correction, or deletion: depending on your location, you may have rights to access, correct, delete, or export personal data, or to object to or restrict certain processing. Email hello@leaguelineshq.com or use our contact page. We will respond to verified deletion requests within 30 days. We may need to verify your identity, and we cannot delete data we must retain by law or that is stored in shared league records needed by other members.
  • Complaints: EEA/UK residents may lodge a complaint with their local data protection authority.

Children

The service is not directed at children under 13. Discord’s terms require users to meet Discord’s minimum age. We do not knowingly collect personal information from children under 13.

Governing law

This privacy policy is governed by the laws of the State of South Carolina, United States, without regard to conflict-of-law principles.

Changes to this policy

We may update this privacy policy from time to time. We will post the revised version on this page with an updated effective date. Continued use after changes constitutes acceptance of the updated policy.

Contact

League Lines LLC · Questions about this policy or a privacy request? Email hello@leaguelineshq.com or use our contact page.