Privacy Policy

Last updated: April 2026

Data Controller

FightEdge is owned and operated by Scene Zero LLC. All references to "FightEdge," "we," "us," or "our" in this policy refer to Scene Zero LLC. For privacy inquiries, contact us via our contact form.

1. Information We Collect

Account Data: When you create an account, we collect your username, email address (optional), and a securely hashed password. We never store plaintext passwords.

Betting Data: If you use the bet tracker, we store your logged bets (fighter names, amounts, odds, results) to calculate your personal ROI. This data is tied to your account and not shared.

Payment Data: If you subscribe to FightEdge Pro, payment is processed by Stripe. We store your Stripe customer ID and subscription ID to manage your account. We never store credit card numbers, CVVs, or bank account details on our servers — Stripe handles all sensitive payment data under PCI-DSS Level 1 compliance.

Usage Data: We log standard web server data (IP addresses, page views, timestamps) for security and performance monitoring.

Analytics: We use Google Analytics (GA4) to understand how visitors use FightEdge. GA collects anonymous usage data (pages visited, time on site, device type). No personally identifiable information is sent to Google. You can opt out using a browser extension.

2. How We Use Your Data

  • To provide and improve the FightEdge prediction service
  • To process and manage your subscription (if you subscribe to Pro)
  • To send email notifications you opted into (event alerts, accuracy reports)
  • To compute your personal betting ROI and track record
  • To prevent abuse and maintain service security

3. Data Sharing

We do not sell, rent, or share your personal data with any third parties. Your betting history, predictions, and account information are private.

4. Data Security & Protection

We take the protection of your data seriously. Here is exactly how your information is secured:

Password Protection

  • Passwords are hashed using PBKDF2 with SHA-256 (1,000,000 iterations, 16-byte random salt)
  • We never store plaintext passwords — even our team cannot see your password
  • If our database were ever compromised, your password would be computationally infeasible to reverse

Infrastructure Security

  • Hosted on Amazon Web Services (AWS) — the same cloud infrastructure used by Netflix, Airbnb, and NASA
  • Your data is stored on AES-256 encrypted disks (encryption at rest) — even if someone physically stole the hard drive, the data would be unreadable
  • All traffic is encrypted via HTTPS/TLS (encryption in transit) — powered by Cloudflare SSL
  • The application runs inside a Virtual Private Cloud (VPC) — the database is not accessible from the public internet
  • Daily automated backups to Amazon S3 with 30-day retention

Application Security

  • Session cookies are HttpOnly and SameSite protected — prevents cross-site attacks
  • All forms use CSRF (Cross-Site Request Forgery) protection
  • Rate limiting on login, registration, and sensitive endpoints prevents brute-force attacks
  • Security headers enforced: X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Referrer-Policy (strict-origin-when-cross-origin)
  • Email verification required for all new accounts — prevents spam registrations

Payment Security

  • All payment processing handled by Stripe (PCI-DSS Level 1 certified — the highest level of payment security)
  • Your credit card number, CVV, and billing details are never stored on our servers — they go directly to Stripe
  • We only store a Stripe customer ID to manage your subscription — this ID cannot be used to make charges
  • Stripe webhook communications are verified with cryptographic signatures to prevent tampering

What We Store vs What We Don't

What We Store
  • Username
  • Email address
  • Hashed password (irreversible)
  • Subscription status
  • Bet history (if you use the tracker)
  • Notification preferences
What We Never Store
  • Credit card numbers
  • Bank account details
  • Plaintext passwords
  • Social Security numbers
  • IP addresses (beyond standard logs)
  • Advertising or ad-tracking data

5. Data Retention

  • Active accounts: Your data is retained for the lifetime of your account.
  • Deleted accounts: All personal data is permanently deleted immediately upon account deletion. This action is irreversible.
  • Cancelled subscriptions: Your account data (username, email, bet history, predictions) is preserved on the Free tier. Only billing data is removed.
  • Server logs: IP addresses and access logs are retained for 30 days for security purposes, then automatically purged.
  • Backups: Encrypted backups are retained on AWS S3 for 30 days. Deleted account data is removed from backups within this retention window.

6. Your Rights

Access: You can view all your data in your profile and bet tracker at any time.

Deletion: You can delete your entire account and all associated data from your Profile Settings page. This action is immediate and irreversible. If you have an active subscription, cancel it first via the billing portal.

Subscription Management: You can cancel, upgrade, or downgrade your Pro subscription at any time through the Stripe billing portal (accessible from your Profile page). Cancellation takes effect at the end of your current billing period.

Data Export: Contact us to request a full export of your data.

Do Not Sell My Information: We do not sell personal information. No opt-out is needed because no sale occurs. Payment data handled by Stripe is governed by their privacy policy and is never sold.

7. California Privacy Rights (CCPA)

California residents have the following rights under the California Consumer Privacy Act:

  • Right to Know: You may request details about the personal information we collect, use, and disclose.
  • Right to Delete: You may request deletion of your personal information via the account deletion feature on your Profile page.
  • Right to Opt-Out: We do not sell personal information to third parties. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not deny services, charge different prices, or provide different quality based on your exercise of privacy rights.

To exercise these rights, use the self-service tools on your Profile page or contact us via the Contact form. We will verify your identity before processing requests.

8. European Data Protection (GDPR)

If you are in the EEA or UK, our legal bases for processing your data are:

  • Consent: Account creation and email communications
  • Contract Performance: Providing subscription services you purchased
  • Legitimate Interest: Security, fraud prevention, service improvement, and anonymous analytics

Your additional rights include: access, rectification, erasure, restriction of processing, data portability, and the right to object. Contact us via the Contact form to exercise any of these rights. We will respond within 30 days.

We do not have a Data Protection Officer as we are a small business, but all privacy inquiries are handled with the same level of care and legal compliance.

9. Automated Decision-Making

FightEdge uses statistical models (a proprietary rule + Elo predictor with isotonic calibration) and Monte Carlo simulations to generate fight predictions. These are statistical analyses provided for informational purposes — they do not make decisions that have legal or similarly significant effects on you. Your subscription status, account access, and billing are managed through standard authentication and payment processing, not automated profiling.

10. Cookies

We use essential cookies for session management (keeping you logged in). Google Analytics (GA4) sets anonymous analytics cookies (_ga, _ga_*) to measure site usage. We do not use advertising cookies, Facebook Pixel, or any ad-tracking cookies. You can opt out of GA via a browser extension.

11. Third-Party Services

FightEdge uses the following external services:

  • Stripe — Payment processing for Pro subscriptions. Stripe receives your payment details (card number, billing address) directly — this data never touches our servers. See Stripe's Privacy Policy.
  • Google Analytics (GA4) — Anonymous usage analytics. No PII is sent. See Google's Privacy Policy.
  • Sentry — Error monitoring for application stability. May receive technical error data (stack traces, request URLs). No passwords or payment data is sent. See Sentry's Privacy Policy.
  • SendGrid — Email delivery for verification and notifications. Receives your email address when we send you emails. See Twilio/SendGrid Privacy Policy.
  • Amazon Web Services (AWS) — Cloud hosting and data storage. See AWS Privacy Policy.
  • The Odds API — Live sportsbook odds (no user data is sent)
  • Arctic Shift API — Public Reddit discussion threads for sentiment analysis (no user data is sent)
  • MMA Intel / DRatings — Public prediction pages for expert consensus (no user data is sent)

12. Contact

For privacy questions or data requests, contact Scene Zero LLC via our contact form or by mail:

Scene Zero LLC
7901 4th N STE 300
St. Petersburg, FL 33702

13. Disclaimer

FightEdge is a product of Scene Zero LLC, provided for informational and entertainment purposes only. Predictions are not guaranteed and should not be the sole basis for betting decisions. Please gamble responsibly. If you or someone you know has a gambling problem, call 1-800-GAMBLER.