Privacy Policy

Last updated: February 17, 2026

1. Introduction

WhatAreTheOdds ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (the "Service"). Please read this policy carefully. By using the Service, you consent to the data practices described herein.

2. Information We Collect

2.1 Information You Provide

  • Email address (used for account creation and communication)
  • Password (stored securely using industry-standard hashing)
  • Date of birth (used for age verification purposes)
  • Payment information (processed securely by Stripe; we never store card details)

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, analyses requested, prediction history
  • Device information: browser type, operating system, screen resolution
  • Log data: IP address, access times, referring URLs
  • Performance data: page load times, errors encountered

2.3 Information from Third Parties

  • Authentication data from Supabase (session tokens, auth events)
  • Payment status and subscription details from Stripe

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your account registration and manage your subscription
  • Generate AI-powered sports analyses and predictions
  • Track usage to enforce subscription limits (free tier and paid tiers)
  • Process payments and manage billing through Stripe
  • Send transactional emails (account verification, password resets)
  • Monitor and analyze trends, usage, and activity to improve user experience
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

4. Third-Party Services

We use the following third-party services to operate the platform. Each has its own privacy policy governing how it processes your data:

Supabase

Provides authentication, database, and backend services. Stores your account information, predictions, and usage data. Data is hosted on secure cloud infrastructure.

Supabase Privacy Policy

Stripe

Handles all payment processing. We never see or store your full credit card details. Stripe is PCI-DSS Level 1 compliant, the highest level of security certification.

Stripe Privacy Policy

Google Gemini (AI)

Powers our AI analysis engine. When you request an analysis, game data and publicly available statistics are sent to Google's Gemini API. No personal user information is included in AI requests.

Google AI Terms of Service

Vercel

Hosts the website and provides web analytics. Collects anonymous usage metrics (page views, web vitals) to help us improve performance. No personally identifiable information is collected by Vercel Analytics.

Vercel Privacy Policy

5. Cookies and Local Storage

We use the following browser storage mechanisms:

  • Authentication cookies: Secure, HTTP-only cookies set by Supabase to maintain your login session.
  • Theme preference: Local storage is used to remember your light/dark mode preference.
  • CSRF tokens: Used for security to prevent cross-site request forgery attacks.

We do not use tracking cookies or third-party advertising cookies.

6. Data Retention

  • Account data: Retained for as long as your account is active. Upon account deletion, personal data is removed within 30 days.
  • Prediction history: Retained indefinitely for accuracy tracking and service improvement, unless you request deletion.
  • Usage logs: Retained for up to 12 months, then archived or deleted.
  • Payment records: Retained as required by tax and accounting laws (typically 7 years).

7. Data Security

We implement appropriate security measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Encryption at rest for database storage
  • Row-Level Security (RLS) policies on all database tables
  • Regular security audits and dependency updates
  • Rate limiting on all API endpoints to prevent abuse
  • CSRF protection on state-changing operations

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to data portability: Request a machine-readable copy of your data.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to our processing of your personal data.
  • Right to withdraw consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@whatstheoddsai.com. We will respond within 30 days.

9. GDPR Compliance

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional provisions apply:

9.1 Lawful Basis for Processing

  • Contract performance: Processing necessary to provide the Service you have requested (account management, predictions, payments).
  • Legitimate interests: Fraud prevention, security, service improvement, and analytics.
  • Consent: Where you have given explicit consent (e.g., age verification, marketing communications).
  • Legal obligation: Where we are required to process data by law (e.g., tax records).

9.2 International Data Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States and Australia, where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions, to protect your data during international transfers.

9.3 Data Protection Officer

For GDPR-related enquiries, please contact our Data Protection Officer at: dpo@whatstheoddsai.com

You also have the right to lodge a complaint with your local data protection supervisory authority.

10. Children's Privacy

The Service is not intended for anyone under 18 years of age (or 21 in certain jurisdictions). We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • General enquiries: support@whatstheoddsai.com
  • Privacy enquiries: privacy@whatstheoddsai.com
  • Data Protection Officer: dpo@whatstheoddsai.com
Terms of ServiceGambling Disclaimer

WhatAreTheOdds provides analysis for entertainment and informational purposes only. This is not betting advice. Gambling can be addictive. Please gamble responsibly.