Wczytywanie...

BetRaptor AI

BetRaptor AI Privacy Policy

Last updated: 11.12.2025 | Version: 2.0

1. Personal data controller

The personal data controller is a private individual operating the BetRaptor AI service, available at: rodo@betraptorai.com

  • Service name: BetRaptor AI β€” a service operated by a private individual
  • The service is operated by a private individual not conducting business activity.
  • General email: kontakt@betraptorai.com
  • GDPR email: rodo@betraptorai.com

(hereinafter: "the Controller")

The Controller has not appointed a Data Protection Officer (DPO). For matters related to personal data protection, you may contact the Controller directly at: rodo@betraptorai.com

2. Categories of processed data

2.1. Data provided during registration:

  • First name / username
  • Email address
  • Password (stored exclusively in encrypted form - Argon2/BCrypt hash)

2.2. Data collected automatically:

  • IP address
  • Browser and device information (User-Agent)
  • Login date and time
  • Service activity logs
  • Language preferences

2.3. Consent-related data:

  • Timestamp of consent
  • IP address at the time of consent
  • Version of the terms of service/privacy policy
  • Type of consent given

2.4. Payment data:

Payment card data is processed exclusively by the payment operator Stripe, Inc. and is not stored on the Controller's servers. The Controller only receives a payment token and basic transaction information (amount, date, status).

2.5. Data collected by the mobile application:

When using the BetRaptor AI mobile application, the following additional data may be processed:

  • Device data β€” device model, operating system version, application version
  • Push notification tokens β€” a unique device identifier required to send push notifications (e.g., Firebase Cloud Messaging token)
  • Application analytics β€” anonymous data about application usage (screens, usage frequency, errors and crashes)
  • Local data (Shared Preferences) β€” language preferences, session authentication token, application settings stored locally on the user's device

Local data (Shared Preferences) is stored exclusively on the user's device and is not transmitted to the Controller's servers, unless it is necessary for the operation of the service (e.g., authentication token).

3. Purposes and legal bases for processing

Purpose of processing Legal basis (GDPR)
Maintaining a user account Art. 6(1)(b) - performance of a contract
Processing payments and subscriptions Art. 6(1)(b) - performance of a contract
AI profiling (generating predictions) Art. 6(1)(a) - user consent
Sending transactional notifications Art. 6(1)(b) - performance of a contract
Analytics and statistics (cookies) Art. 6(1)(a) - user consent
Service security Art. 6(1)(f) - legitimate interest
Accounting and tax documentation Art. 6(1)(c) - legal obligation
Handling complaints Art. 6(1)(b) - performance of a contract
Establishment, exercise, or defence of legal claims Art. 6(1)(f) - legitimate interest

4. Profiling and automated processing (AI)

PROFILING NOTICE (Art. 22 GDPR):

4.1. The Service uses automated data processing mechanisms (profiling) for the purpose of generating AI predictions.

4.2. Profiling does NOT produce legal effects for the User and does not significantly affect their situation in a similar manner.

4.3. The AI system primarily processes external statistical data (lottery results, sports statistics, currency exchange rates) rather than users' personal data.

4.4. Profiling requires the user's voluntary consent given during registration.

4.5. The User may withdraw consent for profiling at any time in the account settings (Profile β†’ Privacy Settings) without affecting the lawfulness of prior processing.

5. Data transfer outside the European Economic Area

5.1. Some personal data may be transferred outside the EEA, in particular to the USA, in connection with the use of third-party services:

Stripe, Inc. (payment processing)

  • Headquarters: San Francisco, USA
  • Transfer basis: EU-US Data Privacy Framework (European Commission adequacy decision of 10.07.2023)
  • Stripe holds DPF certification
  • More information: stripe.com/privacy

5.2. For transfers to countries without an adequacy decision, we apply:

  • Standard Contractual Clauses (SCC) approved by the European Commission
  • Transfer Impact Assessment
  • Additional technical and organisational safeguards

5.3. The User may obtain a copy of the SCCs or information about safeguards by contacting: rodo@betraptorai.com

6. Data retention period

Data category Retention period
User account data Until account deletion + 30 days (backup)
Transaction/payment data 5 years (tax law requirement)
GDPR consent logs 6 years (limitation period for claims)
Security logs 12 months
Analytical cookies 13 months
Complaint data 3 years from resolution

Upon expiration of the retention period, data is deleted or anonymised in a manner that prevents identification of the individual.

7. Data recipients (data processors)

7.1. Personal data may be disclosed to the following categories of recipients:

  • Stripe, Inc. - payment operator (transaction processing)
  • Hosting service providers - data storage on servers
  • Email service providers - sending transactional notifications
  • Public authorities - solely on the basis of legal provisions (e.g., courts, prosecutors, tax authorities)

GUARANTEE:

We do not sell personal data to third parties. We do not share data for marketing purposes without the user's explicit consent.

8. User rights (Art. 15-22 GDPR)

The User has the following rights:

Right of access (Art. 15)

You may obtain information on whether we process your data, and if so, access your data and receive a copy thereof.

How to exercise: Dashboard β†’ Profile β†’ Export data

Right to rectification (Art. 16)

You may request the correction of inaccurate data or the completion of incomplete data.

How to exercise: Dashboard β†’ Profile β†’ Edit profile

Right to erasure - "right to be forgotten" (Art. 17)

You may request the deletion of your personal data.

How to exercise: Dashboard β†’ Profile β†’ Delete account or email rodo@betraptorai.com

Right to restriction of processing (Art. 18)

You may request the restriction of processing in certain cases (e.g., you contest the accuracy of the data).

How to exercise: Email rodo@betraptorai.com

Right to data portability (Art. 20)

You may receive your data in a structured, machine-readable format (JSON).

How to exercise: Dashboard β†’ Profile β†’ Export data (JSON format)

Right to object (Art. 21)

You may object to processing based on the Controller's legitimate interest.

How to exercise: Email rodo@betraptorai.com

Right to withdraw consent (Art. 7(3))

You may withdraw your consent at any time β€” without affecting the lawfulness of prior processing.

How to exercise: Dashboard β†’ Profile β†’ Privacy Settings

Right to lodge a complaint (Art. 77)

You may lodge a complaint with a supervisory authority.

Authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl

When we may refuse to fulfil a request:

  • The data is required to fulfil a legal obligation (e.g., tax regulations - 5 years)
  • The data is required for the establishment, exercise, or defence of legal claims
  • The request is manifestly unfounded or excessive

Requests are fulfilled within 30 days of receipt. In the case of complex requests, the deadline may be extended by a further 60 days (of which you will be informed).

9. Cookies

9.1. The Service uses the following categories of cookies:

Category Purpose Consent
Essential Session maintenance, security, CSRF token Not required
Functional Remembering preferences (language, theme) Not required
Analytical Visit statistics, behaviour analysis Required

9.2. The User may manage cookies through:

  • The cookie banner displayed on the first visit
  • Web browser settings

9.3. Disabling essential cookies may prevent the use of certain features of the Service.

10. Data security

10.1. We implement appropriate technical and organisational measures to protect personal data:

  • Connection encryption - SSL/TLS (HTTPS across the entire site)
  • Password hashing - Argon2id or BCrypt algorithm
  • Regular backups - encrypted
  • Access control - principle of least privilege
  • Security monitoring - incident detection
  • Software updates - regular vulnerability patching

10.2. In the event of a personal data breach, the Controller will notify the supervisory authority (UODO) within 72 hours and the data subjects if the breach is likely to result in a high risk to their rights.

11. Changes to the Privacy Policy

11.1. The Controller reserves the right to amend the Privacy Policy for important reasons, in particular:

  • changes to data protection legislation,
  • changes to the Service's functionality,
  • changes to data processing entities.

11.2. Users will be informed of significant changes by email and through a notice on the Service with 14 days' advance notice.

11.3. The current version of the Privacy Policy is always available at: betraptorai.com/polityka-prywatnosci

12. Contact

For matters related to personal data protection:

GDPR email: rodo@betraptorai.com

General email: kontakt@betraptorai.com

The service is operated by a private individual not conducting business activity.

Go back
Terms of service | Privacy policy | Cookies

© 2026 BetRaptor AI. All rights reserved.