Privacy Policy
1. Who runs this site
The Site is operated by a private individual as a personal project, not by an incorporated entity. Where this policy refers to the “operator,” it means that individual. You can contact the operator at support@baseballbettingbot.com.
2. Information we collect
We try to collect as little personal data as possible. Specifically:
| Category | Data | Source |
|---|---|---|
| Account | Email address, salted/hashed password, account creation date, email-confirmation timestamp, last sign-in. | You, when you sign up. |
| Subscription | Subscription status (inactive / trialing / active / past_due / lifetime), trial or renewal end date, Stripe customer ID, any redeemed promo code. | Stripe and our backend. |
| Payment | Card details, billing address, and tax/region information are submitted directly to Stripe. We never see, store, or transmit your full card number, CVC, or expiration date. Our system only stores the Stripe customer ID returned to us. | Stripe. |
| Authentication tokens | Short-lived access tokens and refresh tokens issued by Supabase Auth, stored in your browser’s localStorage so you stay signed in. | Your browser, after you sign in. |
| Server logs | Standard request logs (IP address, user agent, timestamp, endpoint, status code) generated by Supabase, GitHub Pages, and Stripe. | Automatically, when you load the Site. |
| Communications | Any email you send to us and our reply. | You. |
We do not use advertising trackers, analytics pixels, third-party fingerprinting, or social-media SDKs.
3. How we use your information
- To create and authenticate your account.
- To process your subscription, free trial, and renewals through Stripe.
- To gate access to subscriber-only content (today’s picks, Pick of the Day).
- To send transactional email (account confirmation, password reset, billing notices).
- To detect, investigate, and prevent fraud, abuse, promo-code misuse, scraping, and security incidents.
- To comply with legal obligations and respond to lawful requests.
We do not sell or rent your personal information, and we do not use your information to train machine-learning models. The XGBoost prediction model on this Site is trained only on public MLB game data and historical odds — never on user data.
4. Marketing email
We do not currently send marketing or promotional email. If that ever changes, you will be given a clear opt-in and an unsubscribe link in every message.
5. Service providers we share data with
Personal data is processed by the following third parties under their own privacy policies:
- Supabase — authentication, profile database, edge functions, and private file storage. supabase.com/privacy
- Stripe — payment processing, card storage, fraud screening. stripe.com/privacy
- GitHub Pages — static hosting of the public dashboard pages. GitHub Privacy Statement
- Email transactional provider — the email provider used by Supabase Auth to send confirmation and password-reset messages.
We do not share personal data with any other third parties except where required to comply with law, enforce our Terms & Conditions, or protect the rights, property, or safety of the operator or others.
6. Cookies, localStorage, and similar tech
The Site does not set advertising or analytics cookies. The only
browser storage we rely on is the Supabase auth session token kept in
localStorage, which is what keeps you signed in between
visits. Stripe’s checkout pages may set their own cookies for
fraud prevention; that occurs on Stripe’s domain under their
privacy policy.
7. Data retention
- Account, subscription, and profile data are retained for as long as your account exists.
- Stripe retains payment records for as long as required by financial-services law (typically 7 years in the US).
- Server logs are retained for the default retention period of each provider (typically 14–90 days for Supabase / GitHub Pages logs).
- If you delete your account, account and profile records are removed within 30 days, except where retention is required by law (e.g., tax records).
8. Security
Passwords are hashed with bcrypt by Supabase Auth before storage. Sessions are signed JWTs with finite lifetimes and refresh-token rotation. Database access is gated by Row Level Security so that a user can only read their own profile row. Server-side tasks run with a service-role key that is never exposed to the browser. Card data never touches our infrastructure — it is collected and stored directly by Stripe (PCI DSS Level 1 certified).
No system is perfectly secure. If we discover a breach affecting your personal information we will notify you by email and take reasonable remedial steps as required by applicable law.
9. Your choices and rights
Regardless of where you live, you can:
- Reset your password from the sign-in screen.
- Cancel your subscription at any time from the “Manage” menu.
- Request a copy of the personal data we hold about you.
- Request that your account and personal data be deleted by emailing support@baseballbettingbot.com.
10. California residents (CCPA / CPRA)
If you are a California resident, you have the right to (i) know what personal information we collect, use, disclose, and retain; (ii) request deletion of personal information we hold about you; (iii) request correction of inaccurate personal information; and (iv) opt out of the “sale” or “sharing” of your personal information. We do not sell or share personal information as defined by the CPRA. To exercise any of these rights email support@baseballbettingbot.com; we may need to verify your identity using your account email before acting on the request. We will not discriminate against you for exercising these rights.
11. EU / UK / EEA residents (GDPR / UK GDPR)
The Site is operated from and primarily intended for users in the United States. If you access it from the EU, UK, or EEA, the lawful bases on which we process your personal data are:
- Performance of a contract — to provide the account, subscription, and gated content you signed up for.
- Legitimate interests — to keep the Site secure, prevent fraud and abuse, and operate the service.
- Legal obligation — to retain billing records and respond to lawful requests.
- Consent — where you have given it (e.g., the storage of optional content).
You have the right to access, rectify, port, restrict processing of, and erase your personal data, and to object to processing based on legitimate interests. You also have the right to lodge a complaint with your national data-protection authority. To exercise these rights email support@baseballbettingbot.com.
Personal data may be transferred to and stored in the United States by Supabase, Stripe, and GitHub. Where required, transfers are governed by the Standard Contractual Clauses or equivalent safeguards published by those providers.
12. Children’s privacy
The Site is not intended for, marketed to, or designed for use by anyone under 21 years of age. We do not knowingly collect personal information from anyone under 21. If you believe a minor has created an account, contact us and we will delete the account and any associated data.
13. Do Not Track
We do not track users across third-party websites and we do not respond differently based on the Do Not Track browser signal, because we do not perform the tracking it is designed to opt out of in the first place.
14. Third-party links
The Site may link to external resources (such as the National Council on Problem Gambling). We are not responsible for the privacy practices of those external sites; review their policies before providing personal information.
15. Changes to this Privacy Policy
We may update this Privacy Policy at any time by posting a new version on this page and updating the “Last updated” date. Material changes will be communicated by email or in-app notice where reasonably practical. Continued use of the Site after changes take effect constitutes acceptance of the revised policy.
16. Contact
Questions, requests, or complaints about this Privacy Policy can be sent to support@baseballbettingbot.com.
← Back to dashboard