Privacy Policy

Short version

I collect the minimum needed for the platform to work: email and login for sign-in, username so others can see you in markets and comments, your activity (bets, comments, markets you created), and basic device fingerprint plus IP for catching multi-accounts and bots. To improve the product I use privacy-respecting analytics (PostHog) — anonymous, no screen recording, no cross-site tracking, and I honor Do Not Track. No advertising trackers, no Facebook pixel, no Google Ads, and I don't sell your email to anyone.

What I collect

At sign-up: email, login (private, used only to sign in), username (public), password (hashed with bcrypt — even I never see your real password), recovery code (also hashed).

During use: your bets, comments, markets you created, demo balance. Basic IP and user-agent for security.

What I don't collect

No third-party analytics that profile you across the web (Facebook pixel, Google Ads tracking, Hotjar and similar). No behavioral advertising — your activity here doesn't follow you to other sites. For product analytics I use PostHog, but with screen/session recording switched off, and only to understand how this site is used. No access to your contacts, your calendar, your geolocation beyond the country implied by your IP.

What is public

Username, your predictions on public markets, your comments, your accuracy and Predictor Rank. That's the social part of a prediction market — it doesn't work if it's hidden.

Bets in private markets are visible only to that market's participants.

What is private

Email, login, password, recovery code, IP address, user-agent. Never displayed publicly, never sold. The login field is not even sent back to your own browser after sign-in — it lives only in the database for authentication.

Cookies and storage

A small piece of localStorage — your auth token (so reload doesn't sign you out), your theme preference, and an anonymous analytics id. I use privacy-respecting product analytics (PostHog) to see how the product itself is used — which pages people open, where new visitors get stuck — so I can make it better. It's anonymous, stored in first-party localStorage (no third-party cookies), I don't record your screen, never sell your data or build ad profiles, and I honor your browser's Do Not Track. You can opt out anytime by turning Do Not Track on.

Email policy

Email from me is account-related only: signup verification, password reset, rare important notices (a major change to terms, a security update). No marketing without your explicit opt-in. No "weekly digest" unless you subscribed to it.

Your rights

You can delete your account at any time from your profile. Deletion removes your private data. Your public predictions and comments may stay (anonymized as "deleted user") so the markets you participated in still resolve correctly.

Downloading a copy of your data is on the roadmap. If you need it urgently before then, write to me and I'll export it manually.

Where data lives

Backend on Railway (PostgreSQL). Frontend on Vercel. Email on Resend. All over HTTPS, encrypted at rest. These providers don't have the right to use your data for their own purposes.

When real money turns on

In phase B, deposit and withdrawal data will be added — and the payment processor will have its own privacy policy that you'll need to accept separately. None of that is active today, which is why this policy doesn't mention blockchain or stablecoins. That section will be added when iKnewIt gets there.

Contact

Privacy questions — privacy@iknewit.bet