PRIVACY POLICY · LAST UPDATED 2026-05-13

What we collect. What we don't.

Plain-language version: we collect what we need to run the service, we don't sell anything, you can export or delete your data at any time, and you can opt out of having your activity used to train future models.

Scope & identity.

This Privacy Policy describes how BallBet.AI (“BallBet,” “we,” “us”) collects, uses, and shares personal information when you use ballbet.ai, our mobile site, and any related services (collectively, the “Service”). BallBet is operated by BallBet AI, Inc. Contact us at the address listed at the bottom of this page.

Information we collect.

Information you provide.

Account data: email address, a self-selected password (hashed, never stored in plain text), display name, and your confirmation that you are 21 or older. Subscription data: billing address and payment method (handled by Stripe — we receive only last-4 + brand). Communications: anything you email to us. Optional profile data: bankroll size, Kelly fraction preference, timezone, sportsbook preference — used to tailor stake sizing and notifications.

Information collected automatically.

Service usage: simulations run, pages viewed, queries saved, features used. Device + log data: IP address (used for region inference and security only — not stored beyond 30 days), browser type and version, OS, referrer URL, timestamps. Cookies: session cookie for auth (essential), preference cookie for UI state (essential). We do NOT use cross-site tracking, third-party ad cookies, or fingerprinting.

Information we do not collect.

We do not collect or store payment card numbers (Stripe handles those directly), Social Security numbers, government IDs, precise geolocation, your contacts, your messages on other platforms, health information, or biometric data.

How we use information.

To operate the Service: authenticate you, render personalized slates, save your queries, settle your tracked bets. To bill you: process subscription payments through Stripe. To improve the model: aggregate, de-identified usage patterns inform feature prioritization. You can opt out of model training contribution in Settings. To communicate: transactional emails (receipts, password resets) and — if you opt in — the daily edge digest. To protect the Service: detect abuse, fraud, scraping, and credential stuffing. To comply with law: respond to lawful requests from authorities.

How we share information.

We do not sell personal information.

Not now. Not ever. Not even as part of a future business model pivot. We do not share personal information with data brokers, ad networks, or affiliates for marketing purposes.

Service providers.

We share narrowly with vendors that help us operate: Supabase (managed Postgres + auth), Stripe (payments + identity verification), Render (compute + database hosting), Vercel (web hosting + edge caching), Resend (transactional email delivery), The Odds API (sportsbook line data — never your data sent to them), Plausible (privacy-friendly analytics — no cookies, no cross-site tracking), Sentry (error monitoring — scrubbed of PII). Each is contractually limited to processing data for the specific service.

Legal & safety.

We may disclose information when we believe in good faith it's necessary to comply with valid legal process, protect rights or safety, or investigate violations of our Terms.

Business transfers.

If BallBet is acquired or merged, personal information may transfer to the successor entity, subject to this Policy or any successor with materially equivalent protections.

Aggregated & anonymized data.

We may publish aggregated, de-identified statistics about model performance, slate composition, or user engagement (e.g. “47% of users beat the closing line last month”). These cannot identify any individual.

Third-party services.

Each third party we share with operates under its own privacy policy. We review these annually. The current list and links: Stripe, Supabase, Resend, Render, Vercel, Plausible, Sentry, The Odds API. See those vendors' sites for their policies.

Cookies & tracking.

We use only first-party essential cookies: one for authenticated session, one for UI preference state. No third-party tracking cookies. No advertising pixels. No cross-site identifiers. Plausible analytics is cookie-free.

Data retention.

Account data: retained until you delete your account. After deletion, we hold a 30-day grace window during which you can restore the account, after which all personal data is permanently erased from our active systems (backups roll off within 90 days). Transactional records (subscription invoices) are retained for 7 years for tax and audit compliance, in line with U.S. law. Server logs: 30 days.

Data security.

TLS 1.3 for all traffic. Passwords hashed with bcrypt. Database encryption at rest (Postgres on Render). Two-factor authentication available for accounts. Least-privilege access controls on production systems. Quarterly security review. No system is perfectly secure — if we discover a breach affecting your data, we will notify you within 72 hours.

Your rights & choices.

Every user, regardless of jurisdiction, can: export their data, delete their account, opt out of marketing email, opt out of having activity used to train future models, and request a correction to any inaccurate information. All controls live in Settings.

California residents (CCPA/CPRA).

You have the right to know what personal information we've collected about you, request deletion, correct inaccurate information, opt out of any “sale” or “sharing” of personal information (we don't engage in either), and limit the use of sensitive personal information. We do not discriminate against users who exercise these rights. To exercise, email privacy@ballbet.ai or use Settings.

European Economic Area, U.K., and Switzerland residents (GDPR).

You have the rights of access, rectification, erasure, restriction of processing, data portability, and objection. You also have the right to lodge a complaint with your supervisory authority. Our legal bases: contract performance (operating the Service), legitimate interests (security, improvement), and consent (marketing email, model training contribution). Data is processed in the United States; standard contractual clauses govern transfers.

Children's privacy.

BallBet is 21+. We do not knowingly collect personal information from anyone under 21. If you believe a minor has provided us information, contact privacy@ballbet.ai for immediate deletion.

International users.

BallBet is operated from the United States. By using the Service, you consent to processing of your information in the U.S., which may have different data protection laws than your country.

Updates to this policy.

We may update this Policy. Material changes will be notified by email at least 14 days before taking effect, and the “Last updated” date above will change. Continued use after the effective date constitutes acceptance.

Contact.

Privacy questions: privacy@ballbet.ai