Back to home
[ Legal ]

Privacy Policy

Last updated: May 6, 2026

In short
  • We collect only what's needed to run the service and improve our AI.
  • We never sell your data and we never share your betting activity with bookmakers.
  • You can export or delete your data anytime from your account settings.
  • GoWinBet is for adults only — minimum age 18 (or higher where local law requires it).

1. Who we are

GoWinBet is a sports analytics platform that uses AI to evaluate the safety and value of sports bets before a user places them with a bookmaker. We are an advisory tool, not a bookmaker: we do not accept wagers, hold funds, or operate any form of gambling.

GoWinBet is incorporated in the State of Delaware (United States) and serves users across North America. For the purposes of U.S. state privacy laws (including the CCPA/CPRA in California, VCDPA in Virginia, CPA in Colorado) and Canadian privacy laws (PIPEDA at the federal level, and Law 25 in Québec), GoWinBet acts as the business or controller of the personal data described in this policy. Questions or rights requests should be sent to contact@gowinbet.ai.

2. Data we collect

2.1 Account data

When you create an account, we collect your email address, a hashed password, and an optional display name. If you sign up via Google or another OAuth provider, we receive your email and (if you grant it) your profile picture URL — never your password from that provider.

2.2 Billing data

Subscription payments are processed by a PCI-DSS certified third-party payment processor. We never see or store your full card number; we only retain the last four digits, the card brand, the expiry date, and an internal customer reference. For invoicing in jurisdictions that require it, we may also store your billing name, address, and tax ID.

2.3 Betting preferences and prediction history

This is the data that makes the product work. It includes:

  • The sports, leagues, and teams you follow or query
  • The matches you analyze through the platform and the AI verdicts (GoScore™, GoPick™) we generated for them
  • Self-reported staking preferences (typical bet size range, bankroll category) — only if you choose to provide them
  • Your interactions with our risk alerts (dismissed, acted on, ignored)

We use this data to personalize the service for you and, in aggregated and anonymized form, to improve our prediction models. We do not link this data back to you when sharing it with any third party, and we never sell it to bookmakers, tipsters, or data brokers.

2.4 Usage data

Standard product analytics: pages viewed, features used, time spent in the app, errors encountered. We use this to find bugs, prioritize features, and detect abuse. We do not build advertising profiles from it.

2.5 Technical data

IP address, user agent (browser and OS), approximate location derived from IP (country and region — not street level), and device identifiers needed for security (e.g. detecting that someone in a new country is trying to log into your account).

3. How we use your data

We process your personal data for the following purposes:

  • Operating the service — authenticating you, generating predictions, displaying your dashboard, sending the alerts you've subscribed to. Legal basis: performance of contract.
  • Improving our AI models — using aggregated, anonymized prediction data to make GoScore™ and GoPick™ more accurate over time. Legal basis: legitimate interest.
  • Customer support — answering your questions, troubleshooting, processing refunds. Legal basis: performance of contract.
  • Product communication — onboarding messages, important service updates, security alerts. Legal basis: legitimate interest, with one-click opt-out for non-critical messages.
  • Marketing emails — only if you opted in. You can unsubscribe at any time. Legal basis: consent.
  • Fraud prevention and security — detecting account takeover attempts, abuse, automated scraping, and chargeback fraud. Legal basis: legitimate interest and legal obligation.
  • Legal and regulatory compliance — tax, accounting, and responding to lawful requests from competent authorities. Legal basis: legal obligation.

4. AI processing

Our prediction engine processes match-level data (odds, team form, injuries, head-to-head history, market liquidity signals, etc.) — most of which is not personal data. The personal component is your interaction with our outputs: which matches you analyzed, which alerts you acted on, which features you used.

We use this interaction data to refine our models in two ways: (a) aggregate analytics across the user base, where individual identities are stripped before the data ever reaches our training pipeline, and (b) per-account personalization, where the model adjusts to your stated sports and risk preferences but never shares that personalization with anyone outside your account.

We do not use your data to train third-party large language models. We do not share your prediction history with bookmakers, sportsbooks, marketing affiliates of bookmakers, or any party that could use it to influence the odds you see elsewhere.

5. Sub-processors

To deliver the service we rely on the following processors. Each is bound by a Data Processing Agreement (DPA) consistent with applicable North American privacy laws:

  • Amazon Web Services (AWS) — application hosting and database storage (North American regions: us-east-1 and ca-central-1)
  • Cloudflare — CDN, DDoS protection, and bot mitigation
  • Payment processor (PCI-DSS certified) — payment processing and invoicing
  • Postmark — transactional email (account verification, billing receipts)
  • Plausible Analytics — privacy-friendly, cookieless product analytics
  • Crisp — live chat for customer support
  • Sentry — error monitoring (we scrub personal identifiers from stack traces before they're sent)

An up-to-date list, including the data processed and the location of each processor, is available on request from contact@gowinbet.ai.

6. International transfers

Most of our infrastructure is hosted in the United States (AWS region us-east-1), with a secondary Canadian region (ca-central-1) used primarily for Canadian customers. For users based in the United States, your data is generally processed in our U.S. region in line with applicable U.S. state privacy laws — including the CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), and TDPSA (Texas) — as well as relevant federal sectoral laws (e.g., the FTC Act, COPPA where minors are concerned).

For users based in Canada, your data is generally processed in our Canadian region (ca-central-1) where reasonably possible, in line with PIPEDA at the federal level and provincial laws such as Québec's Law 25, BC PIPA, and Alberta PIPA.

When personal data is transferred between our North American regions — or to a sub-processor operating in another jurisdiction — we rely on contractual safeguards (Data Processing Agreements with confidentiality, security, and breach-notification obligations) that meet PIPEDA's "comparable level of protection" standard and the contractual requirements imposed by applicable U.S. state privacy laws on third-party service providers.

7. Data retention

  • Active accounts: we retain your data for as long as your account exists.
  • Closed accounts: personal data is deleted within 30 days of the cancellation of your account, except for data we are legally required to keep (see below).
  • Billing and invoicing records: retained for 7 years in line with applicable North American tax-record requirements.
  • Server logs: retained for 30 days, then deleted or aggregated beyond identification.
  • Anonymized model-training data: retained indefinitely once it has been irreversibly stripped of identifiers.

8. Your rights

Depending on your region or province of residence, you have the following rights with respect to your personal data:

  • Right to know / access — you can request a copy of the data we hold about you and the categories of third parties we share it with.
  • Right to correct — you can correct any inaccurate data, directly from your account or by emailing us.
  • Right to delete — you can ask us to delete your account and the data associated with it.
  • Right to portability — you can request a machine-readable export of your account, prediction history, and preferences.
  • Right to opt out of "sale" or "sharing" (CCPA/CPRA) — we do not sell or share your personal data for cross-context behavioral advertising; this right is therefore moot in practice, but we honor it anyway.
  • Right to opt out of automated decision-making — to the extent any feature involves automated decisions with legal or similarly significant effects.
  • Right to non-discrimination — exercising any of these rights does not affect the price or quality of the service you receive.
  • Right to withdraw consent — for any processing based on consent (such as marketing emails), you can withdraw that consent at any time without affecting the lawfulness of past processing.
  • Right to file a complaint — U.S. residents can file with their state Attorney General. Canadian residents can complain to the Office of the Privacy Commissioner of Canada (or, in Québec, the Commission d'accès à l'information). We'd appreciate the chance to address the issue first, but it's your right either way.

To exercise any of these rights, email contact@gowinbet.ai from the address on your GoWinBet account. We respond within 30 days, and within 72 hours for confirmed security incidents.

9. Security

We take the security of your data seriously. Our measures include:

  • TLS 1.3 encryption for all traffic between your browser and our servers
  • Encryption at rest for the databases that hold your account and prediction data
  • Passwords stored only as salted hashes (Argon2id) — never in plaintext
  • Two-factor authentication available for every account
  • Strict role-based access for our team — most engineers cannot access production user data, and access that does occur is logged
  • Continuous monitoring for unusual login patterns and suspected account compromise
  • Regular dependency scanning and a public security contact for responsible disclosure

If you believe you have found a security vulnerability, please email support@gowinbet.ai with the details. We do not pursue legal action against good-faith researchers.

10. Children — 18+ only

GoWinBet is not intended for and may not be used by anyone under 18 years of age, or under whatever higher minimum age applies in your region or province of residence (generally 19 to 21 where applicable). We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person below the applicable minimum age, we will delete the account and the associated data promptly.

If you are a parent or guardian and believe your child has created an account, contact us at contact@gowinbet.ai and we will act as soon as reasonably possible.

11. Cookies and tracking

We use a small number of strictly necessary cookies for authentication, session security, and remembering your preferences. We use a privacy-friendly, cookieless analytics tool (Plausible) for usage statistics — no advertising cookies, no cross-site tracking, and no pixels from advertising networks.

You can manage cookies in your browser settings at any time. Disabling strictly necessary cookies will prevent the service from working correctly.

12. Changes to this policy

We update this Privacy Policy when our practices, the law, or our service changes. The "Last updated" date at the top reflects the most recent version. For material changes — for example, adding a new category of processing or a new sub-processor that handles personal data — we'll notify active account holders by email at least 30 days before the change takes effect.

13. Contact

Questions, rights requests, or concerns about how we handle your data? Reach our team at contact@gowinbet.ai.

For technical or product issues, support@gowinbet.ai usually responds within one business day.

Have questions about this document? Reach our team at contact@gowinbet.ai.