Privacy Policy

Effective: May 23, 2026 · Last updated: May 23, 2026

This explains what data PremiumSportsAi collects, how we use it, and your rights.

1. Data we collect

• Account: email, hashed password (or OAuth ID), handle, favorite teams, tier — to authenticate and personalize
• Payment: last 4 of card, billing ZIP, Stripe customer ID — we never see or store full card numbers
• Behavioral: pages visited, picks viewed, takes posted, contest entries, affiliate clicks — to improve product, calculate clout, measure conversions
• Device: IP, user agent, approximate geo (country/state) — for security and state-by-state sportsbook eligibility
• Communications: email open/click events, push tokens — to deliver requested communications
• AI prompts: chat messages and pick history — to generate responses (de-identified for model improvement)

We do not collect: SSN, government ID, full card data, exact GPS, browsing history outside our site, contacts, microphone, camera.

2. How we use it

Provide and improve the Service · Process payments and pay out pool winners · Personalize predictions and recaps · Send transactional and (with consent) marketing emails · Detect fraud and abuse · Comply with legal obligations (tax reporting for pool winnings).

3. Who we share it with

• Stripe — payment processing
• Resend — transactional and marketing email
• Anthropic — chat / prompt content for inference (not used for model training under our agreement)
• Cloudflare — hosting, security, DNS, CDN
• The Odds API, SportsDataIO — receive only the queries; no user data
• Sportsbook affiliates — receive your IP + referral ID when you click out; their privacy policy applies after that
• Legal authorities — when compelled by valid legal process

We do not sell your personal information. We do not share data with advertisers for targeted advertising.

4. Cookies and tracking

First-party cookies for session, preference, and A/B testing. Cloudflare privacy-respecting analytics (no cross-site tracking). No Google Analytics, no Facebook Pixel, no third-party ad cookies.

5. Push notifications

Web Push tokens tied to your account; revocable any time in browser settings or in-app. We send pre-game briefings, injury alerts, take-grade updates, contest results. Never marketing without separate consent.

6. Data retention

• Account data: deleted within 30 days of account deletion (some records retained for tax, fraud, legal)
• Payment records: 7 years (US tax law)
• Affiliate click logs: 24 months
• AI chat history: 90 days then purged
• Backups: rotated out within 30 days

7. Your rights

Regardless of where you live: access, correct, delete, export your data, opt out of marketing emails, revoke push notifications.

California (CCPA/CPRA): right to know, delete, correct, opt out of “sharing” (we don’t), non-discrimination.

EU/UK (GDPR): legal bases — (a) contract for account/payment, (b) legitimate interest for security/improvement, (c) consent for marketing/push. Right to complain to your supervisory authority.

Account deletion: Account → Delete Account triggers immediate purge of profile, takes, picks, chat, push tokens. Payment ledger retained per Section 6.

8. Children

Service not directed to anyone under 21. We do not knowingly collect data from minors.

9. Security

TLS 1.3 in transit; encrypted at rest (Cloudflare D1, R2). Passwords hashed with bcrypt/Argon2. Stripe handles all card data. Breach notification within 72 hours per applicable law.

10. International transfers

Cloudflare global edge. EU/UK transfers rely on Standard Contractual Clauses with our subprocessors.

11. Changes

Material changes announced via email and site banner 14 days before effective date.

12. Contact

Privacy questions, data requests, exercise rights: heitkampnick23@gmail.com

See also Terms of Service and Responsible Gambling.