1. Introduction

Scratch IQ ("we," "us," or "our") operates the website at scratchiq.io. Scratch IQ is a lottery analytics service. Usage data collected by the Service may reflect your interaction with lottery-related content, including which games you view and how frequently you access the Service. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data. By using the Service, you agree to the practices described in this policy. This policy is incorporated into our Terms of Service.

2. Information We Collect

Account Information. When you create an account, we collect your name and email address. If you sign in with Google, we receive your name, email address, profile picture, and a unique account identifier. We do not access any other Google account data.

Payment Information. When you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number, bank account details, or other payment credentials on our servers. Stripe collects and processes this information directly. We receive and store your Stripe customer ID, subscription status, and billing period to manage your account.

Usage Information. We automatically collect information about how you interact with the Service, including pages visited, features used, and time spent on the site.

Device Information. We collect device type, browser type, operating system, IP address, and general location (city/region level, derived from IP address).

3. How We Use Your Information

• To create and manage your account
• To process subscriptions and billing through Stripe
• To provide, maintain, and improve the Service
• To send transactional emails (account confirmation, password resets, billing receipts)
• To notify you of material changes to our Terms of Service or pricing
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell your personal information to third parties. We may use third-party tools such as conversion tracking pixels to measure the effectiveness of our own advertising campaigns. These tools may share limited data (such as page visits or subscription events) with advertising platforms for the sole purpose of measuring ad performance. We do not use your data to build advertising profiles or for third-party behavioral advertising.

4. Third-Party Processors

We share personal information with the following third-party service providers who process data on our behalf:

5. Cookies

We and our third-party service providers use cookies and similar technologies necessary for the Service to function, including authentication, payment processing, and fraud detection. Stripe may set cookies for payment security, Supabase sets cookies for session management, and Google may set cookies during the OAuth sign-in flow. We do not use advertising cookies or tracking cookies for behavioral advertising purposes.

6. Data Retention

We retain your account information for as long as your account is active. During active use, internet activity and geolocation data are retained for up to twelve (12) months from the date of collection.

If you delete your account, we will delete all your personal information — including internet activity and geolocation data — within thirty (30) days, regardless of when it was collected. Data required for legal or regulatory purposes (such as billing records) may be retained as required by applicable law. Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytics purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Deletion — request that we delete your personal information
• Correction — request that we correct inaccurate information
• Portability — request your data in a portable format
• Opt-Out — opt out of the sale or sharing of your personal information (see our Do Not Sell or Share page)

To exercise any of these rights, contact us at support@scratchiq.io or use the privacy request form below. We will respond within thirty (30) days.

To verify your identity when submitting a request, we will ask you to confirm the email address associated with your account. If you are submitting a request through an authorized agent, we may require a signed, written authorization or power of attorney.

We will not discriminate against you for exercising your privacy rights. We will not deny you service, charge you different prices, or provide a different level of quality based on your exercise of privacy rights.

8. California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights including the right to know what personal information is collected and how it is used, the right to delete personal information, and the right to opt out of the sale or sharing of personal information.

Under CCPA categories, we collect:

• Identifiers (name, email address, IP address, unique account identifiers) — used to create and manage your account. Retained for the duration of your account plus 30 days.
• Commercial Information (subscription status, billing history) — used to process billing and manage your subscription. Retained for the duration of your account plus 30 days, or as required by law for billing records.
• Internet or Electronic Network Activity Information (pages visited, features used, device and browser type) — used to provide, maintain, and improve the Service. Retained for up to 12 months from collection during active use; deleted within 30 days of account deletion.
• Geolocation Data (city/region level, derived from IP address) — used to provide the Service and comply with legal obligations. Retained for up to 12 months from collection during active use; deleted within 30 days of account deletion.
• Inferences (analytics calculations such as Expected Value rankings associated with your account usage) — used to provide the Service. Retained for the duration of your account plus 30 days.

Scratch IQ does not sell or share personal information as defined by the CCPA/CPRA. We do not use personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals as a valid opt-out request. To exercise your California privacy rights, contact us at support@scratchiq.io.

We do not use or disclose sensitive personal information for purposes beyond those authorized by the CCPA/CPRA.

9. Other State Privacy Laws

For residents of Virginia, Colorado, Connecticut, Texas, Oregon, and other states with comprehensive privacy laws: you may have additional rights beyond those listed in Section 7, including the right to appeal a denied privacy request.

To appeal a denied request, contact us at support@scratchiq.io with "Privacy Appeal" in the subject line. We will respond to appeals within sixty (60) days.

10. Children's Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us at support@scratchiq.io.

11. Data Security

We use commercially reasonable security measures to protect your personal information, including encryption in transit (TLS/SSL) and secure authentication practices. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and applicable regulatory authorities as required by applicable federal and state law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least thirty (30) days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Prior versions of this policy are available upon request.

14. Contact

If you have questions about this Privacy Policy or your personal data, please contact us at support@scratchiq.io or use the form below.