Privacy Policy
Effective 2026-07-09
01What we collect
Account data. When you create an account we store your email address and a cryptographic hash of your password (argon2). We never store your password in plaintext and cannot recover it — only reset it.
Billing data. Payments are processed by Stripe. Your card details go directly to Stripe and never touch our servers; we store only your Stripe customer and subscription identifiers, your subscription tier, and the current billing period end date.
Technical data. Standard server logs and IP addresses, used for rate limiting and abuse prevention. Application errors are reported to Sentry with personally identifiable information scrubbed.
02What we don't collect
- No location tracking.
- No advertising trackers or cross-site ad cookies.
- No sale of personal data to anyone, ever.
- No third-party behavioral analytics.
03How we use your data
- To operate the service: authenticate sessions, render your subscription tier, and remember your settings.
- To process subscriptions and send billing-related notices.
- To send transactional email — account verification and password resets. We do not send marketing email without separate consent.
- To secure the service: rate limiting, login-attempt lockouts, and fraud prevention.
04Who we share it with
Only the service providers required to run the product: Stripe (payments), Resend (transactional email), Sentry (error monitoring), and our hosting and database providers. Each receives only what its function requires. We may also disclose information if required by law, or as part of a merger or acquisition of the business.
05Cookies
We set a single session cookie to keep you signed in. It is signed, HttpOnly (not readable by scripts), and expires after 30 days. We do not set advertising or cross-site tracking cookies. If you block the session cookie, you can still browse the public parts of the site but cannot stay signed in.
06Retention and deletion
We keep your account data for as long as your account exists. You can permanently delete your account and associated personal data at any time from your account page (Account → Danger zone); deletion is immediate and also removes your saved backtests. If you cannot sign in, email hello@parlays.gg from the address on the account. Billing records are retained as required for tax and accounting purposes.
07Your rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Contact us at hello@parlays.gg and we will respond within a reasonable timeframe.
08Age requirement
The service is not directed at anyone under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If we learn that we have, we will delete it.
09Changes to this policy
We may update this policy from time to time. Changes take effect when posted on this page, with the effective date above updated accordingly. Material changes will be flagged in the product.
10Contact
Questions about this policy: hello@parlays.gg.