Privacy Policy

Last Updated: May 2026  |  Effective Date: May 1, 2026

1. Introduction and Scope

Sibyls Edge ("we," "us," or "our") is committed to protecting the privacy of all users ("you" or "your") of our website and application (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, disclose, and safeguard your personal information when you use the Service.

This policy applies to all information collected through our website, web application, and any related services. It does not apply to information collected by third-party websites linked from our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service and contact us to request deletion of any data we may hold about you.

2. Information We Collect

We collect information in two ways: information you provide directly to us, and information collected automatically when you use the Service.

2.1 Information You Provide Directly

• Account Information: When you register, we collect your chosen username, email address, and password (stored as a hashed value - we never store plain-text passwords).
• Country of Residence: We collect your country to provide region-appropriate content and comply with legal requirements around sports predictions services.
• Profile Preferences: Your sport preferences, favorite teams, and notification settings.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store full credit card numbers or banking details on our servers.
• Communications: Any messages, feedback, or support requests you send us.

2.2 Picks and Betting Activity Data

If you use features that allow tracking of picks or simulated wagers within the Service (such as a picks tracker or performance dashboard), we collect:

• Picks you have saved or followed within the app.
• Your win/loss records within the Service (simulated tracking only).
• Units or stake sizes entered by you for personal tracking purposes.
• Sports and leagues you have selected for monitoring.

We do not collect, monitor, or have any visibility into actual wagers you place with third-party sportsbooks. This data exists solely within our Service for your personal record-keeping.

2.3 Usage Analytics and Technical Data

When you use the Service, we automatically collect certain technical and behavioral data to understand how the Service is used and to improve it:

• Log Data: IP address (anonymized after 30 days), browser type and version, operating system, referring/exit pages, and timestamps of page visits.
• Device Information: Device type, screen resolution, and browser language settings.
• Usage Patterns: Pages viewed, features accessed, time spent on pages, and navigation paths through the Service.
• Performance Data: Page load times, errors encountered, and feature interaction events.

2.4 Ambassador and Referral Program Data

If you participate in the Sibyls Edge Ambassador Program, we collect and process the following additional information:

• Referral Code: A unique alphanumeric code generated for each user who joins the Ambassador Program. This code is stored in association with your email address and is used to track referrals you send.
• Invite Records: When you send an invite or share your referral link, we record the invitee's email address (if provided), invite status (pending, accepted, declined), timestamps of invite creation and acceptance, and the referral reward (trial days) credited to your account.
• Referral Relationships: We maintain a record of which users were referred by which Ambassador, solely for the purpose of crediting rewards and detecting abuse of the program.
• localStorage Keys: When you accept an invite or click a referral link, your browser's localStorage temporarily stores the invite code or referral code until your account is verified. This data is cleared immediately after your account is linked to the referral.

Referral data is retained for the duration of your account plus 12 months. Invitee email addresses associated with declined invites are purged after 90 days. We do not share referral relationships with any third party and use this data solely to administer the Ambassador Program.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Creating and managing your account, delivering personalized predictions, and enabling Service features.
• Service Improvement: Analyzing usage patterns to improve prediction accuracy, user experience, and feature development.
• Communications: Sending service-related notifications, account alerts, and - where you have opted in - product updates or newsletters. You can opt out of marketing communications at any time.
• Security and Fraud Prevention: Monitoring for suspicious activity, protecting against unauthorized access, and enforcing our Terms of Service.
• Legal Compliance: Meeting our obligations under applicable laws, responding to legal requests, and resolving disputes.
• Age Verification: Ensuring compliance with our 18+ requirement.
• Ambassador Program Administration: Tracking referrals, crediting trial-day rewards, detecting fraudulent self-referrals or abuse, and maintaining accurate Ambassador tier records.
• Customer Support: Responding to your inquiries and resolving technical issues.

We will not use your data for purposes incompatible with those listed above without obtaining your additional consent.

4. Data Storage and Security

We take the security of your data seriously and implement industry-standard measures to protect it.

4.1 Storage Infrastructure

User data is stored using DuckDB on our own servers, with backups maintained in encrypted form. We do not rely on large third-party cloud analytics platforms for primary storage of your personal data. Your picks data, preferences, and account information reside on our controlled infrastructure.

4.2 Security Measures

• All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Passwords are hashed using a strong one-way hashing algorithm - we cannot recover your plain-text password.
• Access to production databases is restricted to authorized personnel only, with access logs maintained.
• We conduct periodic security reviews of our systems and practices.
• Data backups are encrypted at rest.

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

5. Cookies and Local Storage

Sibyls Edge uses a minimal, privacy-first approach to cookies and local storage.

5.1 What We Use

• Session Cookies (Functional): We use session cookies to keep you logged into the Service and remember your preferences during a session. These are deleted when you close your browser.
• localStorage (Functional): We use your browser's localStorage to store your session token and UI preferences (such as dark/light mode, selected sports) locally on your device. This data does not leave your device except as part of normal API requests to our server.
• Persistent Authentication Token: If you choose "Remember Me," a secure, httpOnly cookie is set to keep you logged in across sessions.

5.2 What We Do Not Use

We do not use:

• Third-party advertising cookies or tracking pixels.
• Cross-site tracking technologies.
• Fingerprinting or other persistent identification techniques beyond standard cookies.
• Analytics cookies from third parties such as Google Analytics (we use self-hosted analytics only).

You can configure your browser to refuse cookies or alert you when cookies are being sent. Note that some features of the Service may not function properly without cookies.

6. Sharing of Information

We do not sell, rent, or trade your personal information to third parties. Period. We may share your data only in the following limited circumstances:

• Service Providers: We may share data with trusted vendors who assist us in operating the Service - such as payment processors, email delivery services, and hosting providers. These vendors are contractually prohibited from using your data for any purpose other than providing services to us.
• Legal Requirements: We may disclose your information if required by law, court order, subpoena, or other governmental authority, or if we believe disclosure is necessary to protect our rights or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
• Aggregate/Anonymized Data: We may share aggregated, anonymized data that cannot identify individual users for research, marketing, or analytical purposes.

7. Your Rights - GDPR and CCPA

Depending on your location, you may have specific rights regarding your personal data. We honor these rights for all users regardless of jurisdiction.

7.1 Rights Under GDPR (EU/EEA Users)

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to certain legal exceptions.
• Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another service.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right Not to be Subject to Automated Decision-Making: Request human review of significant decisions made by automated processes.

7.2 Rights Under CCPA (California Residents)

California residents have the right to:

• Know: What personal information we collect, use, disclose, or sell about you.
• Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Opt-Out of Sale: As stated above, we do not sell personal information. There is no opt-out needed, but you may submit a "Do Not Sell" request to confirm this.
• Non-Discrimination: You will not receive a different level of service for exercising your privacy rights.

7.3 How to Exercise Your Rights

To exercise any of your rights, please submit a request to privacy@betonsiby.com. We will respond within 30 days (or the timeframe required by applicable law). We may ask you to verify your identity before processing your request.

8. Data Retention

We retain your personal data only as long as necessary to provide the Service and fulfill the purposes described in this policy. Our general retention guidelines are:

• Active Account Data: Retained for the duration of your account's active status.
• Picks and Usage Data: Retained for the duration of your account plus 12 months after account closure.
• Payment Records: Retained for 7 years as required by tax and financial regulations.
• Log Data / IP Addresses: IP addresses are anonymized after 30 days. Log files are retained for up to 90 days for security monitoring purposes.
• Support Communications: Retained for 3 years from the date of the last interaction.
• Deleted Accounts: Upon deletion request, personal data is purged within 30 days, except where retention is required by law.

9. International Data Transfers

Sibyls Edge operates from the United States. If you are located outside the US, particularly in the European Economic Area (EEA) or United Kingdom, your data may be transferred to and processed in the United States. The US may not have the same level of data protection as your home country.

Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses (SCCs) adopted by the European Commission to ensure your data is adequately protected when transferred internationally.

10. Children's Privacy

The Service is strictly intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under the age of 18. Our Service is not directed to children, and we do not market to minors.

If we become aware that we have inadvertently collected personal information from a person under 18, we will take immediate steps to delete that information from our servers. If you believe we may have collected information from a minor, please contact us immediately at privacy@betonsiby.com.

Parents or guardians who believe their child has provided us with personal information should contact us at the address below so we can take appropriate action.

11. Third-Party Services and Links

The Service may contain links to third-party websites or integrate with third-party services (such as sportsbooks for odds data). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you use through or in connection with our Service.

Our use of any third-party services for processing your data is governed by data processing agreements that require those parties to maintain appropriate confidentiality and security standards.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this policy.
• Sending an email notification to your registered email address.
• Displaying a prominent notice within the Service.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you should discontinue use of the Service and request account deletion.

13. Contact Us for Privacy Requests

For any privacy-related inquiries, data access requests, deletion requests, or complaints, please contact our privacy team:

If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.