Duello

Privacy Policy

Last updated: February 28, 2026

1. Introduction

Duello ("we", "us", or "our") operates the website duelloai.com and the Duello Sync Chrome extension. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

  • Account Information: When you create an account, we collect your email address and a hashed version of your password. We never store plain-text passwords.
  • Fantasy Roster Data: When you use the Duello Sync extension or manually import your team, we process your fantasy roster data (player names, positions, teams) to display it in the app. This data is stored locally in your browser's localStorage. If you are logged in, a copy of your roster and league configuration (league ID and team ID only) may also be stored on our servers to enable cross-device sync.
  • ESPN/Yahoo Cookies: If you provide ESPN authentication cookies (espn_s2 and SWID) via manual import or the Chrome extension, these are stored locally in your browser's localStorage to enable automatic roster re-syncing. They are sent to our server only in transit to proxy requests to ESPN's API on your behalf and are never persisted on our servers. For Yahoo, the extension reads roster data directly from the page DOM and does not access any cookies.
  • Usage Data: We track anonymous feature usage counts (e.g., number of trade analyses) to enforce free-tier limits. No personally identifiable information is included.
  • Payment Information: Payments are processed by Polar. We do not store credit card numbers or payment details on our servers.

3. Chrome Extension — Permissions & Justification

The Duello Sync Chrome extension requests the following permissions:

  • cookies: Used exclusively to read ESPN Fantasy authentication cookies (espn_s2, SWID) so the extension can fetch your league data from the ESPN Fantasy API. No cookies are stored, shared, or sent to any third-party service.
  • scripting: Used exclusively to inject a content script into Yahoo Fantasy pages to read your roster data from the page DOM. This is necessary because Yahoo does not provide a public API for fantasy roster data. The script only reads player names, positions, and team information visible on the page. No data is modified, and no scripts run on any other websites.
  • activeTab: Used to detect whether the current tab is an ESPN or Yahoo Fantasy page and to read the page URL for league/team identification.
  • storage: Used to save user preferences (such as the app URL setting) locally in Chrome's sync storage.
  • Host permissions: Limited to espn.com, fantasysports.yahoo.com, and duelloai.com domains. The extension only communicates with these specific sites.

4. How We Use Your Information

  • To display your fantasy roster and provide AI-powered analysis
  • To authenticate your account and manage subscriptions
  • To enforce usage limits on the free tier
  • To improve our services based on anonymous usage patterns

5. Data Storage & Security

Fantasy roster data is stored in your browser's localStorage. For logged-in users, roster data and league configuration (league ID and team ID) may be synced to our servers to enable cross-device access. ESPN authentication cookies are stored only in your browser and are never persisted on our servers. Account authentication uses JWT tokens with secure HTTP-only practices. All data in transit is encrypted via HTTPS. We do not sell, share, or transfer your personal data to third parties.

6. Third-Party Services

  • ESPN Fantasy API: Used to fetch league and roster data when you choose to sync via ESPN. Player statistics and game data are sourced from publicly accessible ESPN endpoints.
  • BallDontLie API: Used as a supplementary source for NBA player statistics and search.
  • MLB Stats API: Used for MLB player statistics and search.
  • Google Gemini: Used to generate AI-powered fantasy sports analysis. Player data sent to the AI is not linked to your personal identity.
  • Polar: Used for payment processing and subscription management. See Polar's Privacy Policy.

7. Your Rights

You can delete your locally stored data at any time by clearing your browser's localStorage. To request deletion of your account, contact us at the email below.

8. Contact

If you have any questions about this Privacy Policy, please contact us at support@duelloai.com.