Privacy Policy

1. Who is responsible for your data

The data controller is Tactical Teckel Studios. You can contact us for privacy requests via our contact form.

2. What data we collect and where it is stored

On our servers (your account and service data):

• Account: email, username, password (stored only in hashed form; we never have access to your actual password), sign-up date, last login time.
• Settings: currency, odds format, language, date format, default sports and bookmakers, notification preferences (e.g. subscription expiry reminders, payment notifications), and similar options you set in the app. These are stored in your account on our servers.
• Bets, bookmakers, markets, sports, analytics data, subscription and payment info, API keys (if you use the API), and contact/support messages you send us.
• Technical: we may log IP address and similar data for security and abuse prevention; we state retention for logs below.

On your device (browser storage, only for the service you requested):

• Login token — so you stay logged in. Removed when you log out.
• Bet list page size — how many bets to show per page. Stored locally so we remember your choice.
• Dismissal of one-off notices — e.g. that you closed the subscription renewal reminder or an announcement, so we do not show them again. Stored locally.

We do not use advertising or non-essential tracking. If we add any in the future, we will ask for your consent first.

3. Why we process your data and on what basis

• Contract: providing the service (account, bets, settings, subscription, support).
• Legitimate interest: security, preventing abuse, operating the service (e.g. logs).
• Legal obligation: where we must keep or disclose data by law (e.g. tax, disputes).
• We use consent only where we clearly ask for it (e.g. optional marketing or non-essential cookies in the future).

4. How long we keep your data

Active accounts: We keep your data for as long as your account exists and as needed to provide the service.

Inactive accounts (24-month rule): If you do not log in for 24 months, we treat your account as inactive. We will send you reminder emails before deletion (see schedule below). After the final deadline (24 months from your last login plus the reminder period), we delete or irreversibly anonymise your personal data, unless we must keep it for legal reasons (e.g. tax, disputes). You can avoid deletion by logging in before the final date.

Reminder schedule: We send reminders at 90, 60, 30, 14, and 7 days before the deletion date, then daily for the last 5 days. After the deletion date, your account and personal data are permanently removed (or anonymised) and cannot be recovered.

After you delete your account: We remove or anonymise your data within a reasonable time, except where we must keep it for legal obligations.

Logs: We keep security and operational logs only as long as needed (e.g. 3–6 months), unless a longer period is required by law.

5. Who we share data with

We do not sell your data. The following providers process it on our behalf (as “processors”): they only get the data they need to do their job and act on our instructions. We do not give your data to anyone for their own use.

• Hosting provider — where our servers run (e.g. EU).
• Resend — to send you transactional emails (verification, password reset, reminders).
• Stripe — for subscription and payment processing.
• Google — if you sign in with Google (OAuth); we receive the email/name you allow.
• Zoho — to deliver contact/support messages you send us to our support inbox.

We have or use contracts (and where required, standard contractual clauses or other safeguards) so that these providers protect your data.

6. International transfers

Our hosting runs in the EEA. Some providers we use are outside the EEA/UK: Resend (email, US), Stripe (payments, US/EU), Google (sign-in only, US), and Zoho (contact form delivery, EU). For those we use appropriate safeguards as required by law, including standard contractual clauses (SCCs) approved by the European Commission and the data processing agreements offered by each provider. No separate request is needed—this is the information we provide.

7. Your rights

If you are in the EEA/UK, you have the right to: access your data, rectification (correct it), erasure (“right to be forgotten”), restriction of processing, data portability, object to processing, and, where we rely on consent, withdraw consent at any time. You also have the right to lodge a complaint with your data protection supervisory authority.

How to exercise: In the app, go to Profile to export your data or delete your account, and Settings to update your preferences. For other requests (e.g. restriction), contact us via our contact form.

List of EU/EEA supervisory authorities: edpb.europa.eu (choose your country).

8. Changes to this policy

We may update this policy. We will notify you of material changes (e.g. by email or a notice in the app) and indicate the date of the last update at the top of this page.