Privacy Policy
Last updated: April 6, 2026
1. Data Controller
The data controller for Prediction Jar is: Oleksandra Lysenko Cluj-Napoca, Romania Email: [email protected] As an individual operator based in Romania (EU), we are subject to GDPR. You have strong rights over your data regardless of where you are located.
2. What Data We Collect
We collect only what is necessary to operate the platform: Account data: your email address, username, display name, and password (stored as a hash — we never see your actual password). Profile data: your bio, avatar, and any social links you choose to add. This is voluntary. Content data: predictions, comments, and replies you post on the platform. Usage data: pages you visit, features you use, and interactions (supports, comments) — collected to improve the platform. Technical data: IP address, browser type, and device information — collected automatically for security and analytics. Communications: if you contact us by email, we retain that correspondence.
3. How We Use Your Data
We use your data for the following purposes: To operate the platform and provide the service you signed up for To send you notifications about activity on your predictions (you can control this in Settings) To send you transactional emails (account verification, password reset) To send platform update emails if you have opted in To detect and prevent abuse, spam, and security threats To understand how the platform is used and improve it We do not sell your data. We do not use your data for advertising. We do not build advertising profiles.
4. Legal Basis for Processing (GDPR)
Under GDPR, we must have a legal basis for each type of processing: Contract performance: processing necessary to provide you with the service you signed up for (account creation, storing your predictions, sending notifications you requested) Legitimate interests: analytics to improve the platform, security monitoring to protect users — we have assessed these interests and they do not override your rights Consent: email newsletters and non-essential communications — you can withdraw consent at any time in Settings Legal obligation: if we are required by law to process or disclose data
5. Third-Party Services
We use a small number of trusted third-party services to operate Prediction Jar. Each processes data on our behalf under a data processing agreement: Vercel (hosting) — servers located in the EU or EEA where possible PostgreSQL/Supabase or similar database provider — for storing your data Resend or similar email provider — for sending transactional emails Plausible Analytics or similar privacy-friendly analytics — no cookies, no personal data shared We do not use Google Analytics, Facebook Pixel, or any advertising-related tracking tools. If we add new third-party processors, we will update this policy.
6. Data Retention
We keep your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Your public predictions and comments may be anonymised and retained as part of the platform archive, rather than deleted, unless you specifically request full deletion. We retain server logs for up to 90 days for security purposes.
7. Your Rights Under GDPR
If you are in the EU/EEA, or wherever applicable under local law, you have the following rights: Right of access: you can request a copy of all personal data we hold about you Right to rectification: you can correct inaccurate data at any time in Settings Right to erasure ("right to be forgotten"): you can request deletion of your account and personal data Right to data portability: you can request your prediction history in a structured format (CSV/JSON) Right to restriction: you can ask us to limit how we process your data in certain circumstances Right to object: you can object to processing based on legitimate interests Right to withdraw consent: for any processing based on consent, you can withdraw at any time To exercise any of these rights, email us at: [email protected]. We will respond within 30 days. We will not charge you for exercising your rights.
8. Data Security
We take reasonable technical and organisational measures to protect your data, including: All data transmitted between your browser and our servers is encrypted via HTTPS/TLS Passwords are hashed using a secure algorithm — we cannot see your password Access to the database is restricted and requires authentication We use reputable hosting providers with strong security practices No system is 100% secure. In the event of a data breach that risks your rights, we will notify the relevant supervisory authority within 72 hours and notify affected users promptly.
9. International Data Transfers
Your data may be processed in countries outside the EU/EEA (for example, by our hosting or email providers). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
10. Cookies
We use only essential cookies necessary to operate the platform (for example, to keep you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics cookies that require consent. If we add non-essential cookies in the future, we will update this policy and obtain your consent first.
11. Children
Prediction Jar is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has registered, please contact us and we will delete the account promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email or in-app notification, and update the "last updated" date at the top. We encourage you to review this policy periodically.
13. Supervisory Authority
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the relevant data protection supervisory authority. In Romania, this is: Autoritatea Naționala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP) Website: dataprotection.ro If you are in another EU member state, you may also contact your local supervisory authority.
14. Contact
For any questions about this Privacy Policy or to exercise your rights, contact us at: Oleksandra Lysenko Email: [email protected] We aim to respond to all privacy requests within 30 days.