Privacy Policy

Last updated: December 6, 2025

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

Personal Information:

  • Email address (for account creation and authentication)
  • Password (encrypted and stored securely via Supabase Auth)
  • User ID (automatically generated for account identification)
  • Payment information (processed and stored securely by Stripe, not on our servers)
  • Stripe Customer ID (for subscription management)

Betslip and Usage Data:

  • Saved parlay tabs and analysis (player selections, prop values, bet lines)
  • Daily usage metrics (number of legs added per day for free tier limits)
  • Premium subscription status
  • Timestamps of account creation and data updates

Analytics and Behavioral Data (via PostHog):

  • Page views and navigation patterns
  • Feature usage events (e.g., player views, betslip interactions)
  • User session data and authentication events
  • Device information, browser type, and operating system
  • IP address and general location data
  • Anonymized behavioral analytics and product usage metrics

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Send you technical notices and support messages
  • Respond to your comments and questions
  • Personalize your experience and content
  • Monitor and analyze usage patterns
  • Detect, prevent, and address technical issues

3. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

  • Service Providers: We share information with trusted third parties who assist us in operating our service (e.g., Supabase for data storage, Stripe for payments)
  • Legal Requirements: We may disclose information if required by law or to protect our rights
  • Business Transfers: In connection with any merger, sale, or transfer of assets
  • Consent: With your explicit consent for other purposes

4. Data Security

We implement appropriate security measures to protect your personal information:

  • Encryption of data in transit and at rest
  • Secure authentication and authorization
  • Regular security assessments and updates
  • Access controls and monitoring
  • Secure payment processing through Stripe

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Storage and Retention

We store your information using Supabase (PostgreSQL database) with the following retention policies:

  • Account Data: Email, user ID, and authentication data retained while your account is active
  • Subscription Data: Premium status, Stripe customer ID, and subscription details retained for billing and service delivery
  • Saved Parlays: Betslip tabs and parlay data stored in our database and synced across devices
  • Daily Usage Data: Leg count tracking for free tier limits (resets daily)
  • Analytics Data: PostHog collects and retains behavioral data according to their retention policies
  • Payment Data: Credit card and payment information handled exclusively by Stripe (never stored on our servers)

You may request deletion of your account and associated data at any time. Upon deletion, all personal data will be removed from our systems, except where we are required to retain it by law.

6. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your login session (via Supabase authentication cookies)
  • Remember your saved betslip tabs and preferences
  • Track analytics and user behavior (via PostHog cookies)
  • Analyze page views, feature usage, and navigation patterns
  • Improve our service based on usage data

PostHog uses cookies to track user sessions and behavior across our platform. You can control cookie settings through your browser preferences, though this may affect functionality and prevent certain features from working properly.

6a. Geographic-Based Privacy Controls

We use IP-based geolocation to determine your approximate location and apply region-specific privacy protections:

  • European Union, Canada, and Brazil: We will request your consent before loading any analytics or tracking tools.
  • United States and other regions: Analytics are loaded automatically to improve our service, but you can opt out at any time through your browser settings or by contacting us.
  • VPN and Proxy Users: If you use a VPN or proxy service, our system may detect an incorrect location. We recommend disabling VPNs to ensure you receive appropriate privacy protections for your region.

Location detection is performed server-side using your IP address solely to determine your country-level region. After the lookup we store three cookies—requires-consent, user-country, and geo-consent-checked—that keep your consent status and country code (not your full IP or precise location) for up to 12 months so we do not prompt you repeatedly. You can clear these cookies at any time via your browser settings.

7. Third-Party Services

Our service integrates with the following third-party providers:

  • Supabase: Database and authentication services (stores user accounts, betslips, subscriptions, and usage data)
  • Stripe: Payment processing and subscription management (stores payment methods and billing information)
  • PostHog: Product analytics and behavioral tracking (collects usage events, page views, and anonymized user behavior)
  • Google: OAuth authentication (optional login method)
  • Vercel: Hosting and deployment infrastructure

These services have their own privacy policies, and we encourage you to review them:

8. Your Rights and Choices

You have the right to:

  • Access and update your personal information
  • Delete your account and associated data
  • Opt out of marketing communications
  • Request data portability
  • Object to certain data processing activities

To exercise these rights, please contact us through our support channels.

9. Children's Privacy

Our service is not intended for individuals under 21 years of age. We do not knowingly collect personal information from individuals under 21. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to remove that information from our systems.

10. International Users

If you are accessing our service from outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada and the United States where our servers and service providers are located. By using the Service, you consent to this transfer and processing of your information.

11. Do Not Track

Some web browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activity tracked. Our service does not currently respond to Do Not Track signals. However, you can control cookies and tracking through your browser settings.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within a reasonable timeframe and in accordance with applicable laws. We will also take appropriate steps to investigate and remediate the breach.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal data we've collected about you in the past 12 months
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, please contact us through our support channels.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You can request a copy of your personal data
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data
  • Right to Restrict Processing: You can request we limit how we use your data
  • Right to Data Portability: You can request your data in a portable format
  • Right to Object: You can object to certain processing activities

Our legal basis for processing your data is primarily your consent and contract performance. To exercise your GDPR rights, please contact us through our support channels.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may provide additional notice such as email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

16. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us through our support channels.