Last Updated: April 7, 2026
This Privacy Policy describes how BWAY FAN LLC (the "Company," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you access or use the Broadway Fandom Fantasy League (BFFL) website, progressive web app, and iOS mobile application, including bfflbway.com and related app experiences we make available (collectively, the "Service").
The Service is hosted on Vercel and uses third-party service providers to operate core functions, including Supabase (database, storage, and backend services), Airtable (operational workflows, reporting, and/or parallel administrative records during a transition period, where applicable), Clerk (authentication), Apple Inc. ("Apple") (Sign in with Apple and App Store distribution, if applicable), Meta Platforms, Inc. ("Meta") (Facebook Login and Meta Business Tools such as the Meta Pixel, Conversions API, or mobile attribution and measurement tools, if enabled), Google (Google sign-in, Google Analytics, Google Ads tags, Firebase or other mobile analytics or measurement tools, and related advertising or measurement services, if enabled), Vercel (hosting and analytics), Wix (website hosting, site content, support/contact pages, or registration/contact forms on bwayfan.com, where applicable), SendGrid (transactional email delivery), Broadway Index LLC (affiliate analytics, reporting, and partner-services support, where applicable), and any payment processor or app marketplace operator we use if we later offer paid features, paid season access, subscriptions, or other digital purchases.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, you consent to the collection, use, and disclosure of information as described herein.
When you create an account and use the Service, we may collect information you provide to us, including without limitation:
When you access the Service, we and our service providers may automatically collect certain information, including without limitation:
We use Clerk for authentication and identity management. Depending on availability, you may create an account and sign in using (i) email and password, (ii) Google, (iii) Facebook ("Facebook Login"), and/or (iv) Apple ("Sign in with Apple"). Availability of authentication methods may vary by platform, operating system, app version, and over time.
If you choose Facebook Login, Meta will provide (through Clerk) your Facebook-associated email address and your public profile name (i.e., the name associated with your Facebook account). We do not request and do not receive additional Facebook profile information, such as your friends list, posts, photos, or other account data.
If you choose Sign in with Apple, Apple may provide (through Clerk) your name, your Apple Account-associated email address, and/or an Apple private relay email address if you choose Apple's "Hide My Email" option. We do not request and do not receive additional Apple account information beyond what is needed to authenticate you and create or maintain your account.
Third-Party Login Policies. When you use Google, Facebook Login, or Sign in with Apple, your interaction with those providers is also subject to the provider's own terms and privacy policy, in addition to this Privacy Policy. We do not control those providers' practices, and they may collect information directly from you in connection with authentication.
Token Handling and Access Scope. The Company does not store Facebook or Apple access tokens and does not use social login methods to access third-party account data beyond the initial sign-in, account verification, and related account-maintenance functions supported by Clerk. Any authentication tokens, if used, are handled by Clerk solely for purposes of enabling sign-in.
Apple Private Relay and Re-identification. If you choose to anonymize your email address through Sign in with Apple, we will not attempt to link that anonymized Apple login data with information that directly identifies you and that was obtained outside Sign in with Apple without your consent.
We may use information we collect for the following business and commercial purposes, including without limitation to:
Certain information is visible to other users by design, subject to your settings and actions:
We may share information with vendors, consultants, and other service providers that perform services on our behalf ("Service Providers"), including without limitation Supabase (database, storage, and backend services), Airtable (operational workflows, reporting, and/or parallel administrative records during a transition period, where applicable), Clerk (authentication and social login), Vercel (hosting and analytics), Wix (website hosting, site content, support/contact pages, or registration/contact forms on bwayfan.com, where applicable), Apple (Sign in with Apple authentication data, when you choose that option), Meta (Facebook Login and Meta Business Tools for advertising, attribution, and measurement), Google (Google sign-in, Google Analytics, Google Ads conversion tracking, and related measurement or advertising services, if enabled), SendGrid (transactional email delivery), and Broadway Index LLC (affiliate analytics, reporting, and partner-services support, where applicable). Service Providers are authorized to use information only as necessary to provide services to us.
We may create and disclose aggregated and/or de-identified analytics, trend summaries, benchmark data, consensus reporting, and similar business intelligence derived from Service activity to affiliated entities, including Broadway Index LLC, and to approved business partners. These outputs are intended not to identify individual users. Except as otherwise described in this Privacy Policy, we do not disclose your directly identifying account information, login credentials, email address, or private ballot activity tied to you as a named individual to external partners without your consent or another lawful basis.
We use data obtained through Sign in with Apple solely for authentication, account access, account administration, fraud prevention, security, and related Service operations. We do not share or sell data obtained through Sign in with Apple to advertising platforms, data brokers, or information resellers. If you choose Apple's anonymized email option, we do not attempt to re-identify that data with information obtained outside Sign in with Apple without your consent.
We may disclose information if required to do so by law or in the good-faith belief that such disclosure is reasonably necessary to (a) comply with legal process; (b) enforce these policies or our Terms of Service; (c) respond to claims that any content violates rights of third parties; or (d) protect the rights, property, or safety of the Company, our users, or the public.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, dissolution, or sale or transfer of some or all of our assets, information may be transferred as part of that transaction, subject to applicable law.
If you use our iOS app, you should also review the information we provide in the App Store privacy label and inside the app at the time of download and use. Those disclosures summarize categories of data collected through the app and should be read together with this Privacy Policy.
We retain personal information for as long as reasonably necessary to provide the Service, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods may vary depending on the category of information and the applicable context.
Examples (non-exhaustive):
We implement commercially reasonable technical and organizational measures designed to safeguard information, including authentication and password protections through Clerk, encryption in transit (SSL/TLS), and access controls for sensitive operations.
However, no method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, while we strive to protect your information, we cannot and do not guarantee absolute security.
If we determine that a security incident or data breach has compromised personal information, we will provide any notices required by applicable law.
You may update your display username and certain preferences through your account settings. You may request deletion of your account and associated data by contacting privacy@bwayfan.com and, where available, by using self-service deletion controls in your account settings on the Service. Please review our Data Deletion Policy for details regarding the scope and timing of deletions.
You may opt out of Google Analytics via the Google Analytics Opt-Out Browser Add-on, manage Google ad personalization through Google Ads Settings, and manage Meta advertising preferences through your Facebook or Instagram ad settings. You may also control cookies through your browser settings and, where offered, our consent tools; however, disabling certain cookies may limit functionality.
Depending on your state of residence, you may have rights to access, delete, correct, or opt out of certain processing. To submit a request, contact privacy@bwayfan.com and we will respond as required by applicable law.
If applicable, California residents may have rights to know the categories and specific pieces of personal information we collect, use, disclose, and retain; to request deletion or correction; to request portability; to opt out of the sale or sharing of personal information; and to be free from discrimination for exercising those rights.
We do not sell personal information for money. However, certain analytics, attribution, and marketing-related technologies we use or may enable, including Meta Business Tools, Google tags, Google Ads conversion tracking, remarketing technologies if enabled, or similar tools, may be considered "sharing" or cross-context behavioral advertising under California law. You may submit a request to know, delete, correct, or opt out by emailing privacy@bwayfan.com with the subject line "California Privacy Request."
We do not use or disclose sensitive personal information for purposes that would require us to offer a separate right to limit under California law, except as otherwise permitted by law.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, and the Service is offered to you, you may have rights under applicable data protection law, including the rights to access, correct, delete, restrict, object to certain processing, request portability, and withdraw consent where processing is based on consent.
Our legal bases for processing may include performance of a contract (for account creation, predictions, and Service delivery), legitimate interests (for security, fraud prevention, product improvement, and internal analytics), compliance with legal obligations, and your consent where required. If and when applicable law requires prior consent for non-essential analytics or advertising technologies, we will seek that consent before using those technologies for affected users.
We are based in the United States. If personal information is transferred internationally, we will use applicable safeguards where required by law.
You may contact privacy@bwayfan.com to exercise applicable rights or to obtain more information. You may also have the right to lodge a complaint with your local supervisory authority.
The Service is not directed to children under thirteen (13) (or sixteen (16) in the EU/EEA). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without required consent, we will take steps to delete such information promptly.
The Service may contain links to third-party websites or services (including social media). We do not control and are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third-party site or service you visit.
We may update this Privacy Policy from time to time in our discretion by posting an updated version with a revised "Last Updated" date. If changes are material, we may provide additional notice (such as by email or in-Service notice), as required by applicable law.
Questions or requests:
Email: privacy@bwayfan.com
Website: bwayfan.com
Mailing address: 94 Wanaque Ave. #149, Pompton Lakes, NJ, 07442