Home

Privacy Policy

Last updated: 20 May 2026

OddsIQ ("we", "us") is operated from the United Kingdom. This Privacy Policy explains what personal data we collect, how we use it, and your rights.

We are in the process of registering with the UK Information Commissioner's Office (ICO). This page will be updated with our registration number once issued.

<!-- ICO_REGISTRATION: insert "registered ... under number ZA######" here once issued (expected June 2026 W1) -->

1. Information we collect

  • Account data: email address, display name, and hashed password when you create an account via email. If you sign in with Google, we receive your Google-provided email and display name.
  • Usage data: pages visited, features used, prediction history, knockout picks, session timestamps. Collected via server logs and client analytics.
  • Technical data: IP address, browser type, device type, operating system. Used for security, debugging, and service reliability.
  • Cookies: see our Cookie Policy.

We do NOT collect:

  • Payment information (we use third-party payment processors who are PCI-DSS compliant; see their policies for how card data is handled)
  • Location data beyond approximate country derived from IP
  • Data from social media accounts beyond what you provide at sign-in

2. How we use your data

  • To provide the service (saving your predictions, showing you leaderboard position)
  • To send you email notifications you've opted into (matchday briefings, odds movement alerts)
  • To analyse service usage and improve the product (aggregated and anonymised)
  • To comply with legal obligations (responsible gambling, age verification)

We do not sell your data to third parties.

3. Analytics and tracking

We use PostHog (hosted in the EU) to understand how visitors use OddsIQ so we can improve the product. PostHog is loaded only after you accept analytics cookies. If you decline, no analytics data is collected and no PostHog cookies are set on your device.

When you accept analytics cookies, PostHog records:

  • Pages you visit and how long you spend on them
  • Buttons and links you click
  • Your approximate location based on anonymised IP address (the last part of your IP is removed before storage)
  • Browser type, screen size, and device category
  • Anonymous session recordings — we never record what you type into forms (logins, signups, contact fields are masked)
  • Web performance metrics (page load time, interaction speed)

If you create an account and log in, we link your future analytics events to your account so we can understand how registered users engage with the product. You can request deletion of all this data at any time by emailing contact@oddsiq.ai.

We also write a separate audit log of high-value actions (signups, predictions locked, premium upgrades) to our own database. This log is used for fraud detection, debugging, and product analytics. It is stored in the EU and is governed by the same retention policy as the rest of your account data.

Legal basis:

  • Analytics cookies (PostHog): your consent. You can withdraw at any time via the cookies page.
  • Audit log (high-value actions): legitimate interest in operating and securing the service.

Retention (analytics):

  • PostHog data: 12 months from your last visit.
  • Audit log: retained for the lifetime of your account, then deleted within 90 days of account closure.

4. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data ("right to erasure")
  • Export your data in a machine-readable format
  • Withdraw consent for processing at any time
  • Object to processing for certain purposes
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email contact@oddsiq.ai. We'll respond within 30 days as required by UK GDPR.

5. Data retention

  • Account data: retained while your account is active, deleted 90 days after account closure unless legal obligations require longer retention
  • Prediction history: retained indefinitely in anonymised form for model calibration
  • Log data: retained 90 days

6. Security

We use industry-standard encryption (TLS in transit, encrypted databases at rest). Passwords are hashed with bcrypt. No security measure is perfect — if we identify a breach affecting your data, we will notify you within 72 hours as required by UK GDPR.

7. Third-party services

We use:

  • Supabase (database + auth) — hosted in Europe
  • Oracle Cloud (infrastructure) — hosted in UK South
  • Vercel (frontend hosting) — global edge network
  • Resend (transactional email) — for notifications you've opted into
  • Anthropic (AI model) — for AI-generated text content. Your data is NOT sent to Anthropic unless it's public/aggregated.
  • PostHog (product analytics) — hosted in the EU. Loaded only with your consent. See "Analytics and tracking" above.

Each has their own privacy policy; we've chosen providers with UK/EU-appropriate data handling.

8. Children's data

OddsIQ is an 18+ service. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a minor, please email us immediately so we can delete it.

9. Changes to this policy

We'll update this page when our practices change. Material changes will be communicated via email to active users.

10. Contact

Privacy questions: contact@oddsiq.ai

Data Protection Officer: currently a single-person team — privacy matters are handled directly by the founder.