Privacy Policy

Last updated: June 26, 2026

League Ledger ("we", "us") helps you aggregate your fantasy football leagues across platforms into a single portfolio view. This document describes what we collect, what we store, and what we do not.

What we collect

To sync your leagues, you provide:

  • Sleeper — your public username.
  • ESPN — you sign in to ESPN inside an in-app web view. We capture the SWID + espn_s2 cookies that ESPN sets and your team page URL. We do not see your password.
  • Fleaflicker — your account email (used as a public lookup; Fleaflicker does not require a password for league reads).
  • MyFantasyLeague — your league ID and team name (we match you to your franchise by name).
  • Yahoo — a Yahoo OAuth access token, when supported.
  • Account email + password — for your League Ledger account itself, managed by Supabase Auth and stored encrypted at rest.

Where credentials live

On your device, in iOS Keychain. Encrypted at rest, scoped to this app, automatically erased when you sign out of League Ledger. The credentials never sit in our database.

When a sync runs (initial import, your tap on the Sync button, or the daily background refresh), the iOS app forwards your stored credentials to our Supabase Edge Function. The function uses them strictly as a Cookie: header (ESPN/Yahoo), a query parameter (Sleeper/Fleaflicker/MFL), or a form body (Yahoo OAuth refresh) to read your league from the source platform. After the read, the credentials are dropped from memory. They are never written to disk on our servers.

Sign out from Settings to wipe every saved credential from the Keychain.

What we DO store on our servers

Only the synced results:

  • Your leagues, weekly rosters, team names, scores, and matchup history.
  • Cross-league derived data — portfolio weights, rooting board calculations.
  • Your account email + Supabase auth row.
  • Application error reports (no PII; sanitized error messages, app version, device model identifier like "iPhone17,1").
  • If you turn on Live Game Pings in Settings: an APNs device token + a stable per-install device ID, used only to send you a single notification when one of your leagues enters a live game window. The token is dropped when you turn the toggle off or sign out, and is automatically purged server-side if the device hasn't checked in for 180 days.

All user data is scoped by your user ID through Supabase Row-Level Security policies. You cannot read anyone else's data; nobody else can read yours.

Third parties

We do not sell, share, or rent your data. We do not run third-party analytics SDKs that fingerprint you. The platforms we sync from (Sleeper, ESPN, Yahoo, Fleaflicker, MFL) see the requests our edge function makes on your behalf — those go through their own privacy practices.

Hosting: Supabase (database + auth) and Vercel (web companion). Crash reporting: Sentry, when configured. Apple TestFlight + App Store handle iOS distribution and the standard Apple privacy disclosures apply there.

Children

League Ledger is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Your rights

You can:

  • Delete any league from the app (soft delete; row is marked inactive).
  • Sign out — wipes the device-side credentials.
  • Delete your account entirely from inside the app: Settings → Delete Account → confirm. This immediately and permanently removes every row keyed to your account (leagues, rosters, matchups, push tokens, error logs, profile, auth row) and signs you out. No email exchange or wait period — it happens in the tap.
  • Export your data first if you want a copy: Settings → Export My Data returns a JSON file with every league, roster, and matchup row we hold for you.
  • If anything blocks an in-app deletion, email support@leagueledger.co and we'll handle it manually within 7 days.

Changes to this policy

If we make material changes, the new policy will be posted here and dated above. Continued use of the app constitutes acceptance.

Contact