Privacy Policy

Account information. When you register for the Service we collect your email address, which is provided via our authentication provider, Clerk. We do not collect your name, phone number, or address unless you voluntarily provide them.

Sportsbook credentials. To enable automated bet synchronisation, you provide a username and password for your sportsbook account. These credentials are encrypted with AES-256-GCM using AWS Key Management Service (KMS) immediately upon receipt and are stored only in encrypted form. We never store credentials in plaintext.

Betting history and wager data. The Service retrieves your betting history, open wagers, odds, stakes, potential payouts, and live game progress from your linked sportsbook on your behalf. This data is stored in our database and forms the core content displayed in your dashboard.

Payment information. We collect limited billing information (plan type, billing cycle, subscription status) to manage your subscription. Complete payment card details are processed and stored by Stripe; we do not store card numbers or CVVs.

Usage data and logs. We automatically collect server logs, including request timestamps, API endpoints accessed, HTTP status codes, and IP addresses, for operational, security, and debugging purposes. Individual log entries are retained for up to 30 days.

We use the information we collect solely to provide, operate, and improve the Service. Specific uses include:

Authentication. Your email address is used to identify your account, send transactional emails (e.g., subscription confirmation, cancellation notice, trial expiry warning), and allow account recovery.

Sportsbook scraping. Your encrypted sportsbook credentials are decrypted in volatile memory only when a scraping session is initiated (triggered by login, manual refresh, or scheduled synchronisation). Decrypted credentials are used exclusively to authenticate with your sportsbook and retrieve your bet data and are not persisted in decrypted form.

Live bet tracking. Open bet data and live game statistics sourced from SportsData.io are used to calculate and display real-time bet progress in your dashboard.

Analytics and statistics. Aggregated bet data is used to compute performance statistics (win rate, ROI, profit/loss) displayed within your account. These computations are performed on-server; raw betting data is not transmitted to any third-party analytics provider.

Service communications. We send transactional emails via Resend. We do not send marketing emails unless you have explicitly opted in.

We do not use your personal data for profiling, automated decision-making with legal effects, or advertising.

Database. All user data is stored in a PostgreSQL database provided by Neon.tech, hosted in the EU (Frankfurt) region. Data is encrypted at rest using AES-256.

Credential encryption. Sportsbook credentials are encrypted using AES-256-GCM via AWS Key Management Service (KMS) in the EU (Frankfurt, eu-central-1) region. Encryption keys are managed exclusively by AWS KMS; BetSync AI does not have access to raw key material.

Application infrastructure. Our API and web application are hosted on Railway in EU regions. Job queues and caching use Upstash Redis in EU regions.

Data in transit. All data transmitted between your browser, our API, and third-party services is encrypted using TLS 1.2 or higher. Sportsbook scraping sessions communicate with sportsbook websites over HTTPS.

Access controls. Access to production systems and databases is restricted to authorised personnel using cryptographic authentication. We employ principle-of-least-privilege access controls throughout our infrastructure.

Error monitoring. Application errors are reported to Sentry, configured with the EU data residency region, ensuring error data does not leave the EU.

Active subscribers. We retain your account data, encrypted credentials, and betting history for as long as your subscription is active and as necessary to provide the Service.

After cancellation. Upon cancellation of your subscription your betting data is retained for thirty (30) days to allow you to export your data or resubscribe. After this period, your betting history is permanently and irreversibly deleted. Your encrypted sportsbook credentials are deleted immediately upon account deletion or sportsbook disconnection.

Account deletion. If you request deletion of your account, all associated data — including your User record, linked sportsbook credentials, bet history, and all related records — is permanently deleted within 30 days of the request.

Logs. Server and application logs are retained for up to 30 days for operational and security purposes, after which they are automatically purged.

We use the following third-party services to operate the Service. Each service is bound by its own privacy policy and, where applicable, a Data Processing Agreement with BetSync AI.

Clerk (auth0.com / clerk.com) — Provides user authentication, session management, and JWT issuance. Clerk processes your email address and session data. Data is subject to Clerk's Privacy Policy.

Stripe, Inc. — Processes subscription payments and manages payment method data. Stripe processes payment card information and billing records. Data is subject to Stripe's Privacy Policy.

SportsData.io — Provides live sports data (game scores, player statistics) used to track open bet progress. No personal user data is shared with SportsData.io; only game identifiers and public sport event data are exchanged.

Resend — Transactional email delivery service used to send subscription confirmations, trial expiry warnings, and account notifications. Your email address is transmitted to Resend for the purpose of email delivery.

Sentry (EU region) — Application error monitoring and performance tracking. Error reports may contain stack traces and contextual request data. Sentry is configured to use the EU data residency endpoint; no error data is stored outside the EU.

AWS Key Management Service (EU Frankfurt) — Manages encryption keys used to encrypt and decrypt your sportsbook credentials. AWS KMS processes cryptographic operations but does not have access to the plaintext credential data. All KMS operations occur in the eu-central-1 (Frankfurt) region.

We do not use Google Analytics, Facebook Pixel, or any behavioural advertising technology.

As a data subject under the GDPR, you have the following rights with respect to your personal data processed by BetSync AI:

Right of access. You have the right to request a copy of the personal data we hold about you. You can obtain a complete export of your data at any time using the Data Export feature in your account settings (Settings → Account → Export My Data).

Right to data portability. Your data export is provided in machine-readable JSON format, allowing you to transfer your betting history to another service or store it locally.

Right to erasure (“right to be forgotten”). You have the right to request deletion of all personal data we hold about you. You can exercise this right by deleting your account via the account settings page (Settings → Account → Delete Account). Deletion is permanent and irreversible.

Right to rectification. You have the right to request correction of inaccurate personal data. To update your email address, use the account settings within the Service.

Right to restriction of processing. You may request that we restrict processing of your personal data in certain circumstances, such as while a dispute regarding accuracy is resolved.

Right to object. You have the right to object to processing of your personal data where we rely on legitimate interests as a legal basis.

To exercise any of the above rights, contact us at privacy@betsync.ai. We will respond to verified requests within 30 days as required by the GDPR.

BetSync AI uses a minimal number of cookies necessary to operate the Service.

Authentication cookies. Clerk sets a session cookie (__session) upon sign-in to maintain your authenticated session. This cookie is essential for the Service to function and cannot be disabled while using the Service. The cookie is a secure, HttpOnly cookie transmitted only over HTTPS.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookies are set by BetSync AI on pages you visit before signing in, with the exception of Clerk's authentication flow.

All personal data collected by BetSync AI is stored and processed exclusively within the European Union. Our entire infrastructure — including database hosting (Neon.tech EU), application hosting (Railway EU), encryption key management (AWS KMS Frankfurt), caching (Upstash EU), and error monitoring (Sentry EU) — is located in EU data centres.

We do not transfer personal data to countries outside the European Economic Area (EEA) except where strictly necessary to provide the Service (for example, SportsData.io may process game identifier data in the United States). In such cases, transfers are conducted under appropriate safeguards in accordance with GDPR Article 46, including Standard Contractual Clauses where applicable.

No sportsbook credentials, user identifiers, or betting history are ever transferred outside the EEA.

BetSync AI is the data controller for personal data processed through the Service. If you have questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact our Data Protection Officer at:

BetSync AI
Email: privacy@betsync.ai

You also have the right to lodge a complaint with your national data protection supervisory authority if you believe we have not adequately addressed your concerns.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. The “Effective date” at the top of this policy indicates when it was last revised.

Your continued use of the Service after the effective date of any revision constitutes acceptance of the updated policy. If you do not agree to a revised policy, you must stop using the Service and may request deletion of your data as described in Section 6.