Introduction

Moneyball.win is a free beta web application provided by Eagle Cross, Inc. (“we”, “us”, or “our”). It helps sales teams analyze their CRM opportunity data through analytics, insights, gamification, dashboards, and predictions.

We designed the service with security and simplicity in mind. Moneyball.win processes only limited, non-sensitive CRM opportunity data (specific deal and account fields such as stage, amount, close date, and sales rep owner). We do not collect, store, or process any personally identifiable information (PII), contact details, notes, or activity history.

All user data belongs to the using company (referred to as the “Member Organization” in our Terms of Service). The Member Organization fully controls who can access the service by inviting and managing its own team members.

Our Service Scope

• Data Collected: Limited CRM opportunity fields only (e.g., deal ID, name/title, stage, amount, close date, sales rep owner, account name and industry).
• One-Way Data Flow: The integration is read-only. Moneyball pulls data from the CRM but does not write back, update records, or push any changes into the CRM. No PII or sensitive personal data is collected.
• Use of Data: Strictly to provide the requested analytics and insights within the Member Organization
• Beta & Free: The service is currently provided free of charge on an “AS IS” basis.

Data Protection & Encryption

• Encryption and Tenant Isolation: All data is transmitted using industry-standard TLS 1.2+ encryption and is encrypted at the application layer before being written to storage. Each Member Organization’s stored data is protected with dedicated organization-specific Data Encryption Keys (DEKs) managed through Google Cloud, providing cryptographic isolation between Member Organizations and preventing cross-tenant access through shared encryption keys.
• Ephemeral Processing & Plaintext Minimization: Data is decrypted only when necessary to process it or serve a request. Local unencrypted database artifacts may be retained temporarily in the runtime environment for active use and short-lived caching, and are deleted once they are no longer needed.
• Customer Data Storage Location: Customer data is stored in Google Cloud (us-central1, United States).

Sub-Processors

We use the following U.S.-based sub-processors, each of which maintains its own compliance programs:

• Google Cloud
• Cloudflare
• Convex

Access Control & User Management

• The Member Organization is solely responsible for inviting, managing, and removing access for its own team members.
• Internal team access to Member Organization data for support or maintenance is strictly limited on a need-to-know basis and governed by internal access controls.

Incident Management

• We maintain internal processes for detecting and responding to security incidents, consistent with our Privacy Policy.

Compliance & Privacy

• Full details on data handling, retention, deletion, and user rights are in our publicly available Privacy Policy and Terms of Service.
• Data Retention: Upon cancellation or termination, we delete the Member Organization’s data as soon as reasonably practicable, but no later than 14 days.
• No Data Sales: We do not sell raw Member Organization data or use it for marketing or profiling.
• Governing Law: California law.

How to Request More Information

• Our latest Privacy Policy and Terms of Service are available on our website.
• For any specific questions, please contact us at support@moneyball.win. We are happy to discuss our approach.

Contact

Security & Privacy Inquiries: support@moneyball.win Moneyball.win – Provided by Eagle Cross, Inc.