Privacy Policy

Last updated: June 30, 2026

AVRA AI LLC ("AVRA," "we," "us," "our") operates the AVRA fantasy football decision platform at tryavra.com (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. By using the Service you agree to the practices described here.

1. Information we collect

Information you give us directly:

  • Your email address when you join the waitlist (that is all the waitlist collects). Your email and name when you create an account or contact us.
  • Account profile data, username, display name, time zone, communication preferences, optional avatar URL.
  • Fantasy account identifiers you choose to link (e.g., your Sleeper username + numeric user ID). We use these to read your public league data; we do not access private credentials.
  • Payment information you provide to our payment processor (Stripe) for paid plans. AVRA does not receive or store card numbers.
  • Messages you send us via the contact form, email, or support channels.

Information collected automatically:

  • Standard log data, IP address, browser type, device characteristics, pages viewed, timestamps.
  • Authentication metadata, session tokens, last sign-in time, user-agent strings.
  • Usage signals, which leagues you sync, which recommendations you act on, refresh frequency. This drives our model improvements and feature decisions.
  • Cookies and local storage for session persistence + remembering your active league.

Information from third parties: when you connect a fantasy platform, we receive public league + roster + transaction data from that platform's public API (e.g., Sleeper). We do not request credentials. We do not seek or intentionally collect special-category or sensitive personal data (such as health, biometric, precise geolocation, or government-ID information).

2. How we use information

  • To operate the Service, load your leagues, compute projections, deliver recommendations.
  • To improve our models, aggregated usage signals refine our machine-learning predictions.
  • To communicate with you, transactional emails (welcome, password reset, billing receipts) and, with your consent, product updates.
  • To process payments and prevent fraud, via Stripe.
  • To monitor security, detect abuse, and protect the platform.
  • To comply with legal obligations and respond to lawful requests.

Legal basis (EEA/UK users): where the GDPR applies, we process your data to perform our contract with you (operating the Service and your account), on the basis of our legitimate interests (securing the platform, preventing abuse, and improving our models with aggregated signals), to comply with legal obligations, and, for product and marketing communications, on the basis of your consent, which you can withdraw at any time. AVRA does not make decisions producing legal or similarly significant effects about you based solely on automated processing; you make all final roster decisions yourself.

3. Who we share information with

We do not sell your personal data, and we do not share it for cross-context behavioral advertising (as those terms are defined under California law). We share limited information only with the following service providers, and only as needed to operate the Service:

  • Supabase, our database and authentication provider. Stores all account, league, and usage data.
  • Resend, sends our transactional and account emails.
  • Stripe, processes payments. Stripe receives your billing information directly; AVRA does not store card data.
  • Modal Labs, runs our machine-learning training jobs on aggregated, non-personally-identifying data.
  • Fantasy platforms (e.g., Sleeper), we read your public league data via their official APIs.
  • Law enforcement or regulators, when required by valid legal process.

4. Data security

We protect data with industry-standard safeguards: TLS encryption in transit, encryption at rest, row-level security on every database table, scoped API tokens, and least-privilege access for our team. No system is perfectly secure; if we ever discover a breach affecting your data we will notify you promptly as required by law.

5. Data retention

We retain your account information for as long as your account is active. If you delete your account, we soft-delete first (7-day grace period to recover) and then permanently remove your personal data, except where retention is required for legal, accounting, or fraud-prevention reasons. Aggregated, non-identifying data may be retained indefinitely to improve our models.

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate personal data.
  • Delete your personal data (GDPR Article 17, CCPA right to delete).
  • Export your data in a portable format (GDPR Article 20).
  • Object to or restrict certain processing.
  • Withdraw consent for marketing communications at any time.
  • Lodge a complaint with your local data-protection authority (EEA/UK users).
  • Not be discriminated against for exercising any of these rights.

Most of these rights can be exercised directly in your account settings (My account, Danger zone). For anything else, email [email protected]. You may use an authorized agent to submit a request on your behalf where the law allows, and we will verify your identity before acting on a request.

7. Cookies and tracking

We use cookies and local storage for essential session management (keeping you signed in) and for remembering your preferences (active league, time zone). We also set one first-party cookie that records how you first reached the site (the campaign tags in the link you followed, and the referring page) so we can understand which channels bring people to AVRA and improve them. It stays on your device, holds only that referral information, and is never shared with advertising networks. We do not use third-party advertising trackers or advertising pixels. If we ever add analytics beyond this first-party use, we will update this policy and offer a clear opt-out.

8. Children

The Service is not intended for children under 13 (or under 16 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact [email protected] and we will delete it.

9. International users

AVRA AI LLC operates in the United States. If you access the Service from outside the U.S., you understand and consent to the transfer and processing of your information in the U.S., where data-protection laws may differ from those in your country. Where we transfer the personal data of EEA or UK users to the United States, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to protect that data.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date and, where appropriate, notify you by email or in-product banner. Continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy or our data practices? Reach us at [email protected], via the contact form, or at:

AVRA AI LLC
Attn: Privacy
United States