CFM OS

CFM OS: Privacy Policy

Last updated: 2026-05-08

This Privacy Policy explains what information CFM OS ("the Service", "we", "us") collects, why we collect it, how we use it, and what choices you have.

1. What we collect

1.1 From your Discord server

When the bot operates in your server, we process:

  • The Discord IDs of members who interact with the bot
  • The contents of messages that mention the bot, post in feature-specific channels, or invoke a bot command
  • Reactions on bot-posted messages
  • The channel and role configuration your commissioner sets
  • Your league's settings: name, branding, currency, feature preferences

1.2 From your Madden franchise

When your league is connected to a Madden franchise, we receive the data the franchise exports each week:

  • Schedules, scores, and game statuses
  • Team rosters and metadata
  • Player statistics across passing, rushing, receiving, defense, kicking, and punting
  • Standings

This data is stored separately for your league. It is not commingled with other leagues' data.

1.3 From Stripe (your payment processor)

We receive billing-related data from Stripe:

  • The email address you provided at checkout
  • Your payment status (active, canceled, past due)
  • The Discord server you tied to the subscription

We do not see your full credit card number. Stripe handles all card data.

1.4 What we do not collect

  • IP addresses of Discord users
  • Direct message content unrelated to bot interactions
  • Any data from servers the bot has not been invited to
  • Any data outside your league's Discord server

2. How we use the information

  • Operate the Service. Render player profiles, score game results, generate recaps and debates, gate features behind your commissioner's settings.
  • Bill the subscription. Keep your access tied to your payment status.
  • Improve the Service. Investigate bugs and monitor errors. Diagnostic logs are kept for 30 days, then purged.
  • AI generation. The structured league data we send to our AI provider (game stats, persona prompts, your league's published knowledge) is processed per their terms. We do not send Discord user IDs or message content to the AI provider unless explicitly part of a player's "ask the league concierge" request.

3. Who we share with

We do not sell, license, or rent your data to third parties. We share data only with the providers we use to operate the Service:

  • Google Firebase: our database provider for league storage
  • Anthropic: our AI provider, when AI features run
  • Stripe: our payment processor, for subscription billing
  • Discord: by definition, your bot interactions go through the Discord platform

Each provider has its own privacy practices. We use them only for the purposes listed above.

4. Data retention

  • Active league data. Retained for the lifetime of your subscription.
  • After cancellation. Retained for 30 days in operational backups, then purged.
  • Diagnostic logs. Retained for 30 days.
  • Stripe billing records. Retained per Stripe's standard policy.

You may request earlier deletion at any time by contacting us.

5. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access. Request a copy of the data we hold for your league.
  • Correct. Ask us to fix inaccurate data.
  • Delete. Request deletion of your league data ahead of the 30-day post-cancellation purge.
  • Port. Request your league data in a machine-readable format.
  • Object or restrict. Ask us to limit certain processing. This may make the Service unusable for your league.

To exercise these rights, contact us at the email on file with your Stripe subscription. We respond within 30 days.

GDPR (EU/UK) and CCPA (California) tenants may also have additional statutory rights, including the right to lodge a complaint with a supervisory authority.

6. Children

The Service is not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect personal data from children. If you believe a child has interacted with the Service, contact us and we will delete the data.

7. Security

  • All data in transit between Discord, the bot, and our database is encrypted.
  • The connection between your Madden franchise and our service uses a secret token unique to your league. Your commissioner can rotate this token at any time.
  • Database access is restricted to the operator and our database provider per their security model.
  • No system is fully secure. We follow industry standard practices but cannot guarantee absolute security.

8. Contact

For data requests, complaints, or questions, contact us at the email on file with your Stripe subscription.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the bot or email at least 14 days before they take effect.

CFM OS is operated by an independent commissioner. It is not affiliated with EA Sports, the NFL, the NCAA, or any professional or collegiate sports league.