Privacy Policy
Effective Date: May 10, 2026 | Last Updated: May 10, 2026
Rattlesnake Picks ("we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website at rattlesnakepicks.com and our automated sports trading service (collectively, the "Service").
1. Information We Collect
Information You Provide
| Data | Purpose |
|---|
| Email address | Account creation, login, password recovery, service communications |
| Display name | Personalization within the dashboard |
| Password | Account authentication (stored as a bcrypt hash; we never store plaintext passwords) |
| Kalshi API credentials | Connecting to your trading account for automated trade execution (encrypted at rest using Fernet/AES-128; we never store plaintext API keys) |
| Trading preferences | Configuring your risk parameters (leagues, stop loss, trade caps, daily limits) |
Information Collected Automatically
| Data | Purpose |
|---|
| IP address | Rate limiting, security, fraud prevention |
| Browser/device information | Rendering the Service correctly |
| Access timestamps | Security monitoring and debugging |
We do not use third-party analytics, tracking pixels, or advertising cookies. We do not sell, rent, or share your data with advertisers.
2. How We Use Your Information
- Provide the Service: Authenticate your account, execute trades via your connected Kalshi account, display your dashboard and trading data.
- Transactional communications: Send password reset emails, account security alerts, and essential service notifications. We do not send marketing emails.
- Security: Detect and prevent unauthorized access, abuse, and fraud.
- Improve the Service: Diagnose technical issues and improve reliability.
3. Data Storage and Security
- Database: Account data is stored in a Turso (libSQL) cloud database with encrypted connections.
- Passwords: Hashed using bcrypt with per-user salts. We cannot retrieve your plaintext password.
- API credentials: Encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256). The encryption key is stored separately from the database and is never exposed to client-side code.
- Sessions: Managed via cryptographically signed tokens (itsdangerous) with HTTP-only, Secure, SameSite=Strict cookies.
- Transport: All connections to the Service are encrypted via TLS (HTTPS). HSTS is enforced.
- Infrastructure: Hosted on AWS EC2 with security group restrictions, behind Nginx with rate limiting.
4. Data Sharing
We do not sell, rent, trade, or otherwise share your personal information with third parties except in the following limited circumstances:
- Kalshi: Your API credentials are used solely to connect to your Kalshi account and execute trades on your behalf. We transmit your credentials directly to Kalshi's API over encrypted connections.
- Email delivery: We use Mailgun to send transactional emails (password resets only). Mailgun receives only the recipient email address and message content necessary for delivery.
- Legal requirements: We may disclose information if required by law, subpoena, or court order, or to protect our rights, safety, or property.
5. Data Retention
- Account data is retained as long as your account is active.
- If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.
- Server access logs are retained for up to 90 days for security purposes.
6. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate information in your account settings.
- Delete your account and associated data by contacting us.
- Revoke API access at any time by deleting your API credentials in Settings or revoking them directly on Kalshi.
- Export your data by contacting us.
To exercise any of these rights, email support@rattlesnakepicks.com.
7. Cookies
We use only essential cookies required for the Service to function:
| Cookie | Purpose | Duration |
|---|
| rs_session | Authentication session token | 7 days |
| rs_csrf | Cross-site request forgery protection | 24 hours |
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
8. Children's Privacy
The Service is not intended for anyone under 18 years of age. We do not knowingly collect information from minors. If we learn that we have collected data from a minor, we will delete it promptly.
9. International Users
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions or requests, contact us at support@rattlesnakepicks.com.
Rattlesnake Picks