Privacy Policy

MatchLabs ("we", "us", "our") is the data controller for personal data processed in connection with the MatchLabs platform and website (matchlabs.io). For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@matchlabs.io.

We collect the following categories of personal data:

• Account data — email address and password (hashed) provided at registration.
• Payment data — billing details processed by Stripe. We do not store card numbers; Stripe acts as an independent data controller for payment processing.
• Usage data — tools used, pages visited, calculator inputs, offers viewed, and timestamps. This data is used to personalise your experience and improve the Service.
• Betting activity data — bookmaker account statuses and bet logs you voluntarily enter into the platform to enable account health analysis.
• AI interaction data — messages sent to the AI assistant, used to generate responses and improve service quality. Conversations are not used to train external AI models.
• Technical data — IP address, browser type, and session information collected automatically for security and performance monitoring.

We process your personal data on the following lawful bases under UK GDPR Article 6:

• Contract performance (Art. 6(1)(b)) — to provide the Service you have subscribed to, including delivering tools, processing payments, and sending service-related emails.
• Legitimate interests (Art. 6(1)(f)) — to improve the Service, prevent fraud, ensure platform security, and conduct analytics that do not override your rights.
• Consent (Art. 6(1)(a)) — for non-essential cookies and optional marketing communications. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — to comply with applicable law, including financial regulations and tax obligations.

• Providing, maintaining, and improving the Service and its AI features.
• Processing subscription payments and managing your account.
• Sending transactional emails (welcome, billing, service notices). We do not send marketing emails without your consent.
• Generating personalised recommendations, daily briefings, and account health analysis.
• Detecting and preventing fraud, abuse, and security incidents.
• Complying with legal and regulatory obligations.

We share personal data with the following third-party service providers who process data on our behalf:

• Supabase (database and authentication) — EU-based data processing.
• Stripe (payment processing) — processes payment data under its own privacy policy and as an independent data controller.
• Anthropic (AI processing) — processes AI chat inputs to generate responses. Data is not used to train Anthropic's models under our API agreement.
• Vercel (hosting) — processes server request logs.
• Resend (transactional email) — processes email address for delivery of service emails.

We do not sell your personal data to third parties or share it with advertisers. We may disclose data where required by law or to protect the rights and safety of our users and the public.

We retain personal data for as long as necessary to provide the Service and comply with legal obligations:

• Account data — retained for the duration of your account and deleted within 30 days of account closure, subject to legal hold obligations.
• Payment records — retained for 7 years to comply with UK financial record-keeping obligations.
• Usage and AI interaction data — retained for 24 months from collection, then anonymised.
• Technical logs — retained for 90 days.

We use cookies and similar technologies on matchlabs.io. A cookie consent banner on your first visit allows you to accept or reject non-essential cookies. You can change your preferences at any time via the cookie settings link in the footer.

• Essential cookies — required for authentication and security. These cannot be disabled.
• Analytics cookies — help us understand how the platform is used (optional, consent required).

Under UK GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data where there is no overriding legal basis to retain it.
• Restriction — ask us to restrict processing in certain circumstances.
• Portability — receive your data in a structured, commonly used format.
• Object — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact privacy@matchlabs.io. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Some of our service providers operate outside the UK. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or reliance on adequacy decisions, as required by UK GDPR Chapter V.

We may update this Privacy Policy from time to time. Material changes will be communicated by email with at least 14 days notice before the effective date. Continued use of the Service after that date constitutes acceptance of the updated policy.