Privacy Policy

DiamondOps is operated by RetroGhostLabs, a sole proprietorship based in Maryland, USA. Our primary domain is diamondops.gg. This Privacy Policy explains what personal data we collect, how we use it, how we share it, and your rights regarding your data. If you have any questions, contact us at support@diamondops.gg.

When you use DiamondOps, we may collect the following categories of information:

• Account data — email address and display name provided via Sign in with Apple or Sign in with Google, along with your Apple ID or Google ID used for authentication
• Gamertag — your MLB The Show gamertag, if you choose to provide it (optional)
• Usage data — pages visited, features used, actions taken, session duration, and interaction patterns
• Portfolio data — card inventory and collection data that you choose to sync with the Service
• Payment data — subscription billing is processed entirely by Stripe. We do not store, process, or have access to your credit card numbers or full payment details. We receive only transaction confirmations and subscription status from Stripe.
• Device data — IP address, browser type and version, operating system, device type, screen resolution, and referring URL
• Advertising data — information about your interactions with advertisements served through Google AdSense, including ad impressions and clicks

We use the data we collect for the following purposes:

• Provide, operate, and maintain the Service and its features
• Authenticate your identity and manage your account
• Process and manage your subscription through Stripe
• Send transactional emails related to your account, billing, and Service updates
• Analyze usage patterns to improve the Service and prioritize feature development
• Detect, prevent, and respond to fraud, abuse, security incidents, and Terms of Service violations
• Serve relevant advertisements to Free tier users and guests via Google AdSense
• Comply with legal obligations and respond to lawful requests

We do not sell your personal data to third parties.

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, we process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the Service you have subscribed to, including account management, authentication, and subscription billing
• Legitimate interests — processing necessary for our legitimate interests, such as improving the Service, analyzing usage, detecting abuse, and maintaining security, where those interests are not overridden by your rights
• Consent — where you have given explicit consent, such as for marketing communications. You may withdraw consent at any time.

We use the following third-party services that may process your data. Each service operates under its own privacy policy:

• Stripe — payment processing and subscription billing
• Apple / Google — authentication via Sign in with Apple and Sign in with Google
• Sentry — error tracking and application performance monitoring
• Google AdSense — advertisement delivery and personalization
• Vercel — application hosting and infrastructure
• Cloudflare — content delivery network (CDN) and object storage

We encourage you to review the privacy policies of these services to understand how they handle your data.

DiamondOps uses Google AdSense to serve advertisements. Google AdSense may use cookies and similar technologies to serve ads based on your prior visits to this or other websites. Google may collect and use data about your browsing activity to personalize the ads you see.

Free tier users and guests (unauthenticated visitors) will see advertisements within the Service. Paid subscribers (Lite, Pro, and Diamond tiers) enjoy an ad-free experience.

You can manage your ad personalization preferences through Google's Ad Settings or by opting out of personalized advertising through the Digital Advertising Alliance.

We use the following browser storage mechanisms:

• Session cookies — httpOnly cookies used for authentication and maintaining your logged-in session. These are essential for the Service to function and cannot be disabled.
• Local storage — used to store your preferences including theme (light/dark mode), UI preferences, and Early Access welcome dismissal state. Your selected game year is stored locally and also sent to our servers as part of API requests to return the correct data.

We do not use cross-site tracking pixels or tracking cookies. However, Google AdSense may set its own cookies for ad delivery and personalization as described in Section 6.

We retain your personal data for as long as your account remains active and as needed to provide the Service.

You may request deletion of your account at any time from your account settings page. When you submit a deletion request, your account enters a 7-day grace period during which you can cancel the deletion and restore full access. After the grace period expires, all personal data associated with your account is permanently deleted within 24 hours. This action cannot be undone.

We may retain certain data beyond this period only where required to comply with legal obligations, resolve disputes, or enforce our agreements.

Anonymized and aggregated analytics data that cannot be used to identify you may be retained indefinitely for Service improvement purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your account and personal data
• Portability — request your data in a structured, commonly used, machine-readable format
• Restrict processing — request that we limit how we process your data in certain circumstances
• Withdraw consent — where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact support@diamondops.gg. We will respond to your request within 30 days.

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

• Right to know — you may request information about the categories and specific pieces of personal data we have collected about you, the purposes for collection, and the categories of third parties with whom we share it
• Right to delete — you may request deletion of personal data we have collected from you, subject to certain exceptions
• Right to opt-out of sale— we do not sell your personal data. If this changes, we will provide a “Do Not Sell My Personal Information” link
• Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights

To submit a CCPA request, contact support@diamondops.gg. We will verify your identity before processing your request.

DiamondOps is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

By using the Service, you consent to the transfer of your data to the United States. Where required by applicable law, we will implement appropriate safeguards (such as Standard Contractual Clauses) for international data transfers.

DiamondOps is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at support@diamondops.gg and we will take steps to delete such data.

There is currently no industry-wide standard for how websites should respond to Do Not Track (“DNT”) browser signals. We do not currently respond to DNT signals, but we limit data collection to what is necessary for the Service to function and do not engage in cross-site tracking. You can manage ad personalization through your Google Ad Settings.

We implement reasonable technical and organizational security measures to protect your personal data, including HTTPS encryption for all data in transit, encrypted storage for sensitive data at rest, and role-based access controls for internal systems.

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. You use the Service at your own risk.

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. For material changes, we will make reasonable efforts to notify you via email or in-app notification.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at support@diamondops.gg.