Privacy Policy

1. Scope & controller

This policy applies to information we process about visitors to the Service and registered users (“you”). The data controller is EvenOdds, reachable at privacy@evenodds.io.

This policy does not cover information you provide to third parties — for example, the sportsbooks you choose to place wagers with. Their privacy practices are governed by their own policies.

2. Information we collect

2.1 Information you provide

• Account data. Email address, password hash (we never see the plaintext), display name, and authentication provider (email, Google, Apple) when you sign up.
• Profile preferences. Sports, sportsbooks, and notification settings you select.
• Billing data. When you subscribe, our payment processor (Stripe) collects your card or bank details directly. We do not receive or store full payment card numbers. We do receive and store a Stripe customer ID, the last four digits of your payment method, subscription status, and billing history.
• Support communications. Messages you send us (email, chat, or in-app feedback) and any information you choose to include.

2.2 Information we collect automatically

• Usage data. Pages and features you access, actions you take (e.g., picks you track, parlays you build), referrers, session timestamps, and device/browser metadata.
• Log & diagnostic data. IP address, user-agent string, approximate location derived from IP, error traces, and performance telemetry. We use this for security, abuse prevention, and service reliability.
• Cookies & similar technologies. See Section 6.

2.3 Information we do not collect

• Your actual wagers. EvenOdds does not accept bets and has no access to your sportsbook account. Any wagers you track inside the Service are entered by you, for your own record-keeping.
• Government IDs or financial account numbers (beyond what Stripe needs for billing, which we never see in full).

3. How we use information

We use the information we collect to:

• provide, operate, maintain, and improve the Service;
• create and manage your account and authenticate your sign-ins;
• process subscriptions, billing, and refunds;
• communicate with you about the Service, including transactional and security emails;
• send you product updates and marketing (you can opt out at any time);
• personalize your experience, including which picks, sports, and books we surface first;
• detect, investigate, and prevent fraud, abuse, and violations of our Terms;
• comply with legal obligations and enforce our rights.

We do not sell your personal information. We do not engage in cross-context behavioral advertising.

4. How we share information

We share information only as necessary:

• With service providers (see Section 5) who process information on our behalf under contract;
• With legal and regulatory authorities when we receive a valid subpoena, court order, or similar lawful request, or when we believe disclosure is necessary to protect rights, safety, or property;
• In a business transfer such as a merger, acquisition, or sale of assets, in which case you will be notified before your information becomes subject to a different privacy policy;
• With your consent, for any other purpose we disclose at the time.

5. Third-party processors

The Service is built on the following key processors:

Each processor is contractually obligated to protect your information and process it only for the purposes we specify.

6. Cookies & tracking

We use the following categories of cookies and similar technologies:

• Strictly necessary— sign-in session, security tokens, load-balancing. The Service cannot function without these.
• Preferences— remember UI settings like sidebar collapse state and dark-mode theme.
• Analytics— aggregated, pseudonymous product usage. We use privacy-respecting analytics that do not profile you across the web.

We honor the Global Privacy Control (GPC) browser signal where applicable. You can disable non-essential cookies in your browser settings; doing so may limit some features.

7. Data retention

We retain information for as long as needed to provide the Service and comply with law:

• Account & profile: for the life of the account.
• Billing records: retained by Stripe and by us for at least seven (7) years for tax and accounting reasons.
• Usage & log data: ninety (90) days in hot storage, up to eighteen (18) months in aggregated form.
• Support communications: three (3) years, unless you request earlier deletion.

When you delete your account, we delete or anonymize your personal information within thirty (30) days, except where we must retain it to comply with law, resolve disputes, or enforce agreements.

8. Your privacy rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or outdated information;
• Delete your account and associated personal information;
• Export a portable copy of your data;
• Object to or restrict certain processing;
• Withdraw consent where processing is based on consent;
• Opt out of marketing email (every marketing message includes an unsubscribe link).

To exercise these rights, email privacy@evenodds.iofrom the address on your account. We’ll respond within thirty (30) days. We may need to verify your identity before fulfilling the request.

9. U.S. state privacy rights

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Oregon, Texas, Utah, Virginia, or another state with comprehensive privacy laws, you have additional rights, including the right to request disclosure of the categories of personal information we’ve collected and shared, and the right to appeal a denial of your request.

California residents may designate an authorized agent to make requests on their behalf. We will not discriminate against you for exercising your rights.

10. EEA / UK rights

If you are in the European Economic Area, the United Kingdom, or Switzerland, our lawful bases for processing are:

• Contract — to provide the Service you subscribed to;
• Legitimate interests — security, fraud prevention, analytics;
• Consent — marketing and non-essential cookies (you can withdraw at any time);
• Legal obligation — tax, accounting, regulatory.

You have the right to lodge a complaint with your supervisory authority. EvenOdds is operated from the United States and does not currently target users in the EEA; if you are an EEA resident and need to reach us about your data, email privacy@evenodds.io.

11. Children & minors

The Service is not directed to anyone under 21 years of age, and we do not knowingly collect personal information from anyone under 21. If you believe a minor has provided us with information, contact us at privacy@evenodds.io and we will promptly delete it.

12. Security

We use industry-standard safeguards to protect your information, including:

• encryption in transit (TLS) and at rest for sensitive stores;
• row-level security (RLS) on our database so your data is not readable by other users;
• hashed passwords (bcrypt/argon2);
• least-privilege access for employees, with audit logging;
• routine security reviews and dependency patching.

No system is completely secure. If we become aware of a breach affecting your personal information, we’ll notify you as required by law.

13. International transfers

EvenOdds is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, and processed in, the U.S. and other countries where our processors operate. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

14. Changes to this policy

We may update this policy. Material changes will be announced by email or in-app notice at least thirty (30) days before they take effect. The “Effective date” at the top of this page will always reflect the current version.

15. Contact

Privacy questions or requests:
Email: privacy@evenodds.io
For postal correspondence, email us first at privacy@evenodds.ioand we’ll provide a current mailing address.