Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how JRokBets ("we", "us", "our") collects, uses, stores, and protects your personal information when you use jrokbets.com, our apps, and related services (collectively, the "Service"). By creating an account or subscribing, you agree to the practices described here.

1. Who We Are

JRokBets is an AI-powered sports insights platform. We provide subscription-based prediction content, performance analytics, and community features. We are an information and entertainment service only β€” we do not accept, facilitate, or process sports wagers. See ourΒ Disclaimer andΒ Terms of Service.

2. Information We Collect

2.1 Information You Provide

  • Account: email address, username, display name, password (stored only as a SHA-256 hash β€” we never store your plaintext password).
  • Profile: optional avatar URL, bio, city, featured badges.
  • Payment: we do not store payment card details. When you subscribe, Stripe collects and stores your card information on its own PCI-DSS compliant servers; we only retain a Stripe customer and subscription identifier to look up your subscription status.
  • Discord linking: if you opt to connect Discord for VIP role access, we store your Discord user ID. We do not read or post messages on your behalf.
  • User picks and community activity: picks you manually submit, comments, reactions, follows, and similar community interactions.
  • Support correspondence: anything you send us via email, Discord, or other channels.

2.2 Information Collected Automatically

  • Session cookies: an HTTP-only session token used to keep you logged in. This is set as a secure cookie and cannot be read by client-side scripts.
  • Browser storage: theme preferences (e.g. retro / cyberpunk), last-viewed sport, and similar UI state are stored in localStorage on your device.
  • Log and device data: IP address, browser user-agent, request timestamps, and error telemetry, collected by our hosting provider (Vercel) for security, debugging, and abuse prevention.
  • Usage analytics: aggregate page views and feature usage. We do not use third-party behavioral advertising trackers.
  • Push subscription data: if you enable push notifications, the VAPID subscription endpoint and keys issued by your browser are stored so we can deliver alerts. You can revoke at any time in your browser settings.

2.3 What We Do Not Collect

  • We do not collect or process actual sports wagers.
  • We do not knowingly collect information from anyone under 18 (or the legal gambling age in your jurisdiction, whichever is higher).
  • We do not sell your personal information to third parties.

3. How We Use Your Information

  • Deliver the Service: authenticate you, serve personalized content, process subscriptions, grade picks, send push notifications, and run the community features.
  • Billing: charge the subscription fee via Stripe, retry failed payments per our decline policy, and send receipts.
  • Communication: send account and billing emails (e.g. welcome, password resets, payment failures, subscription changes). With your consent, product announcements or promotions.
  • Fraud and abuse prevention: detect account sharing, chargeback fraud, payment declines, and suspicious activity.
  • Analytics and improvement: understand how the Service is used and improve predictions, UI, and reliability.
  • Legal compliance: comply with tax, accounting, and law-enforcement obligations when legally required.

4. Who We Share Information With

We only share your information with service providers we need to run the Service, and only to the extent necessary.

  • Stripe β€” payment processing. Stripe is a PCI-DSS Level 1 service provider. See stripe.com/privacy.
  • Supabase β€” database, authentication storage, and file storage (hosted on AWS). See supabase.com/privacy.
  • Vercel β€” web hosting and edge compute. See vercel.com/legal/privacy-policy.
  • Discord β€” if you opt to connect your Discord account for VIP role access. We only exchange your Discord user ID; we do not receive your email, messages, or friends list. See discord.com/privacy.
  • Email provider β€” transactional and marketing email delivery (Resend / SendGrid class vendor).
  • Data providers β€” third-party sports data and odds feeds that power predictions (e.g. TheOddsAPI, ESPN, BallDontLie). These providers do not receive any of your personal information.
  • Legal authorities β€” when required by subpoena, court order, or applicable law.

5. Cookies and Similar Technologies

We use strictly-necessary cookies to keep you logged in (session_token, HTTP-only, secure). We use localStorage for UI preferences. We do not run third-party behavioral or ad-retargeting trackers. You can clear cookies and local storage at any time in your browser settings; doing so will sign you out and reset UI preferences.

6. Data Retention

  • Account data: retained while your account is active.
  • Subscription + billing history: retained by Stripe and us for at least 7 years to satisfy tax and accounting obligations.
  • Picks and community activity: retained indefinitely as part of the public track record unless you request removal (see Section 8).
  • Session logs: typically 30–90 days at the hosting provider level.
  • When you delete your account, we remove or anonymize your personal data within 30 days, except where we are required to retain it for legal or fraud-prevention purposes.

7. Security

We use industry-standard safeguards: TLS for all traffic, HTTP-only session cookies, hashed passwords (SHA-256), service-role API keys stored as secrets, 3-D Secure on all Stripe checkouts, and row-level access controls on our database. No online service can guarantee absolute security; please use a unique password and contact us immediately if you suspect your account has been compromised.

8. Your Rights

Depending on where you live, you may have the following rights:

  • Access β€” request a copy of the personal information we hold about you.
  • Correction β€” request we fix inaccurate information (most fields can be edited from your Profile page).
  • Deletion β€” request we delete your account and personal information.
  • Portability β€” request a machine-readable export of your data.
  • Opt-out of marketing β€” unsubscribe from promotional emails at any time using the link in the email or from your profile settings.
  • California residents have additional rights under the CCPA/CPRA (including the right to know what categories of information we collect and the right to opt out of "sharing").
  • EU/UK residents have additional rights under the GDPR/UK GDPR, including the right to object to processing and the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at jrokbets@gmail.com from the address on your account. We'll respond within 30 days.

9. International Transfers

JRokBets is operated from the United States. If you are outside the U.S., your information will be processed on U.S.-based infrastructure (AWS, Vercel, Stripe, Supabase). By using the Service you consent to this transfer.

10. Children

JRokBets is not directed at people under 18 (or 21 where required). We do not knowingly collect information from them. If you believe a minor has provided us information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top shows the most recent revision. If we make material changes we will notify you by email or in-app notice before the changes take effect.

12. Contact

Questions, concerns, or data-rights requests? Contact us at jrokbets@gmail.com.