Privacy Policy

Last updated: May 21, 2026

1. Who We Are

Prediction Jar is operated by Oleksandra Lysenko, an individual based in Cluj-Napoca, Romania. Email: [email protected] As an individual operator based in Romania (EU), we are subject to the General Data Protection Regulation (GDPR). You have strong rights over your data regardless of where you are located.

2. What Data We Collect

We collect only what is necessary to operate the platform. Account data: your email address, username, display name, and password (stored as a secure hash — we never see your actual password). Profile data: your bio, avatar image, and any social links you choose to add. This is entirely voluntary. Content data: predictions, comments, replies, and progress updates you post on the platform. Usage data: pages you visit, features you use, and interactions such as supports and comments. We collect this to understand how the platform is used and improve it. Technical data: IP address, browser type, and device information — collected automatically for security and rate limiting purposes. Communications: if you contact us by email, we retain that correspondence.

3. How We Collect Your Data

You directly provide us with most of the data we collect. We collect data when you: - Register for an account - Create predictions, comments, or other content - Update your profile or settings - Contact us by email - Visit and navigate the platform (via cookies and analytics)

4. How We Use Your Data

We use your data for the following purposes: - To operate the platform and provide the service you signed up for - To send you notifications about activity on your predictions (you can control this in Settings) - To send transactional emails such as account verification and password reset - To send platform update emails if you have opted in - To detect and prevent abuse, spam, and security threats - To understand how the platform is used and to improve the experience We do not sell your data. We do not use your data for advertising. We do not build advertising profiles.

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data on the following legal bases: Contract performance: processing necessary to provide the service you signed up for — including account creation, storing your predictions, and sending notifications you requested. Legitimate interests: analytics to improve the platform and security monitoring to protect users. We have assessed these interests and determined they do not override your rights. Consent: analytics cookies and non-essential communications such as email newsletters. You can withdraw consent at any time — for cookies via the cookie banner, for emails via Settings. Legal obligation: if we are required by law to process or disclose data.

6. Third-Party Services

We use a small number of trusted third-party services to operate Prediction Jar. Each processes data on our behalf: Railway (hosting and database) — our application and PostgreSQL database are hosted on Railway. Servers are located in EU West region. Resend — used to send transactional emails such as account verification and password reset. Emails are sent from [email protected]. Cloudinary — used to store and serve user-uploaded avatar images. PostHog — used for product analytics and session replay to understand how users interact with the platform. PostHog only collects data from users who have given cookie consent. Upstash Redis — used for rate limiting to prevent abuse. No personal data is permanently stored. We do not use Google Analytics, Facebook Pixel, or any advertising-related tracking tools. If we add new third-party processors, we will update this policy.

7. Cookies

We use two types of cookies: Essential cookies: necessary to operate the platform, such as keeping you signed in. These cannot be declined as the platform cannot function without them. Analytics cookies: used by PostHog to understand how people use Prediction Jar — including page views, clicks, and session recordings. These are only placed after you give your consent via the cookie banner. When you first visit Prediction Jar, you will be asked to accept or decline analytics cookies. You can change your cookie preference at any time by visiting our Privacy Policy page.

8. Data Retention

We keep your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Your public predictions and comments may be anonymised and retained as part of the platform archive unless you specifically request full deletion. Server logs are retained for up to 90 days for security purposes.

9. Your Rights Under GDPR

If you are in the EU/EEA, or wherever applicable under local law, you have the following rights: Right to rectification: you can correct inaccurate data at any time directly in Settings — update your username, display name, bio, and social links yourself. Right to erasure: you can delete your account at any time from Settings. When you delete your account, all your personal data is permanently deleted immediately — including your predictions, comments, upvotes, and profile information. This action is irreversible. Right to withdraw consent: you can withdraw cookie consent at any time by visiting the Privacy Policy page and clicking "change your cookie preferences". You can withdraw email marketing consent at any time in Settings. Right of access, right to data portability, right to restriction, and right to object: these rights are handled manually. To exercise any of them, email us at [email protected] with your request. We will respond within 30 days and will not charge you. We aim to build self-service tools for data access and export in the future.

10. Data Security

We take reasonable technical and organisational measures to protect your data: - All data transmitted between your browser and our servers is encrypted via HTTPS/TLS - Passwords are hashed using a secure algorithm — we cannot see your password - Access to the database is restricted and requires authentication - We use reputable hosting providers with strong security practices No system is 100% secure. In the event of a data breach that risks your rights, we will notify the relevant supervisory authority within 72 hours and notify affected users promptly.

11. International Data Transfers

Your data may be processed in countries outside the EU/EEA by our hosting or email providers. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children

Prediction Jar is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has registered, please contact us and we will delete the account promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will always reflect when the policy was last changed. We encourage you to review this policy periodically. Continued use of the platform after changes constitutes acceptance of the updated policy.

14. Supervisory Authority

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your data protection supervisory authority. In Romania, this is: Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) Website: dataprotection.ro If you are in another EU member state, you may also contact your local supervisory authority.

15. Contact

For any questions about this Privacy Policy or to exercise your rights: Oleksandra Lysenko Email: [email protected] We aim to respond to all privacy requests within 30 days.

To , click here. This will reset your choice and show the cookie banner again on your next visit.