StableOdds Logo

Privacy policy

Privacy policy

Last updated: 2026-05-07

Pending legal review · template content · do not rely on this until counsel has signed off

This policy describes how StableOdds Racing collects, uses, and protects information when you use the Site and Service. We treat privacy as a product feature, not a checkbox.

1. Data we collect

From visitors (Site)

  • Plausible Analytics aggregates page-view events without cookies, without personal identifiers, and without cross-site tracking. Read the Plausible data policy at plausible.io/data-policy.
  • Standard server logs containing IP address, user-agent, and request path for the purpose of operating and securing the Site.

From users (Service, app.stableodds.ai)

  • Email address and authentication credentials.
  • Subscription tier and billing metadata (Stripe handles card data directly; we never see card numbers).
  • User-generated data within the app: tracked picks, watchlists, alert rules, posted comments and shared content.
  • Service-internal telemetry on feature usage (anonymised wherever possible) to inform product decisions.

2. What we do with the data

  • Operate and improve the Service.
  • Send transactional emails (account confirmation, billing receipts, password reset).
  • Send the weekly newsletter only if you have opted in. Unsubscribe link in every issue.
  • Detect abuse, fraud, and security incidents.

3. What we do not do

  • We do not sell or rent personal data to third parties.
  • We do not run third-party advertising trackers, behavioural retargeting pixels, or social-network like buttons that load tracking scripts.
  • We do not share user data with bookmakers, exchanges, or sports- books.

4. Service providers

We use a small set of vetted providers, each bound by a data-processing agreement:

  • Vercel — hosting and edge functions for the Site and Service.
  • Supabase — database, authentication, and managed Postgres for application data.
  • Stripe — payment processing.
  • Plausible — privacy-friendly analytics (no cookies).
  • Resend — transactional email delivery.
  • Beehiiv — newsletter delivery (opt-in only).

5. Your rights

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your account and associated personal data, subject to legal retention obligations.
  • Portability — export your tracked picks and watchlist data as CSV.
  • Objection / restriction — object to specific processing or restrict it.
  • Withdraw consent — for processing based on consent (e.g. newsletter), withdraw at any time.

Submit any of the above by emailing [email protected]. We respond within 30 days.

6. Retention

Account data is retained for as long as your account is active. After deletion, we retain billing records for the period required by tax and audit law (typically 6-7 years), and anonymised tracked-pick records for use in aggregate model evaluation.

7. International transfers

Personal data may be processed in the United States, the United Kingdom, and the European Economic Area depending on the service provider. Where data leaves the UK or EEA, we use Standard Contractual Clauses or equivalent transfer mechanisms.

8. Security

Authentication is handled by Supabase Auth. Service-role credentials are scoped, rotated on a schedule, and stored in Vercel encrypted environment variables. We follow the principle of least privilege across all infrastructure components.

9. Changes

We update this policy when our practices change. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via email to active users.

10. Contact

Privacy questions: [email protected].