PredictX

Privacy Policy

Effective Date: 28 March 2026  |  Version: 1.0

1. Introduction

PredictX Technologies Private Limited ("PredictX," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our Platform, in compliance with applicable data protection laws including the Digital Personal Data Protection Act, 2023 (India), GDPR (EU/EEA), and CCPA (California).

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

2. Data We Collect

Information You Provide:

  • Phone number (for OTP authentication)
  • Username, display name, avatar
  • Google account data (if using Google OAuth)
  • Date of birth (for age verification)
  • Support requests and correspondence

Information Generated by Your Use:

  • Prediction history and market participation
  • Token balance, transactions, and payout records
  • Group memberships, leaderboard rankings, and activity logs
  • In-app feature usage and session data

Information Collected Automatically:

  • Device type, model, operating system, screen resolution
  • IP address and approximate geolocation (country/state)
  • Device identifiers (advertising ID, device fingerprint)
  • App version, language settings, time zone
  • Crash logs and performance diagnostics

3. How We Use Your Data

  • Service Delivery: Authenticate your identity, process predictions, calculate payouts, maintain leaderboards
  • Communication: Send match updates, prediction results, market alerts, and (with consent) promotional notifications
  • Safety & Security: Detect and prevent fraud, multi-accounting, collusion, and platform abuse
  • Analytics: Understand usage patterns, improve platform features, and perform A/B testing
  • Legal Compliance: Respond to lawful requests, enforce our Terms of Service, and meet regulatory obligations
  • Responsible Play: Monitor session duration, enforce daily limits, and support self-exclusion measures

4. Legal Bases for Processing

  • Consent: Marketing communications, optional analytics, push notifications
  • Contract: Processing predictions, maintaining your account, delivering the service
  • Legitimate Interest: Fraud prevention, platform security, product improvement
  • Legal Obligation: Regulatory compliance, law enforcement cooperation, tax obligations

5. Data Sharing

We do not sell your personal data. We share data only with:

  • Cloud Infrastructure: AWS (Mumbai region) for hosting, compute, and storage
  • Analytics Providers: Anonymized/aggregated data for usage analytics
  • Communication Services: Push notification and SMS delivery providers
  • Legal Authorities: When required by law, court order, or regulatory mandate
  • Professional Advisors: Legal counsel, auditors, and compliance consultants under NDA

All third-party service providers are contractually bound to use your data only for the purposes specified and to maintain appropriate security safeguards.

6. Data Retention

  • Active account data: Retained as long as your account is active
  • After account deletion: Personal data is deleted or anonymized within 90 days, except where legal retention is required
  • Prediction & transaction records: Retained for 24 months after account closure for audit purposes, then anonymized
  • Security logs: Retained for 12 months for incident investigation

7. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • JWT-based authentication with short-lived access tokens (15 min) and rotating refresh tokens
  • Role-based access controls with audit logging
  • Regular security assessments and penetration testing
  • Automated threat detection and monitoring

For more details, see our Security & Data Protection page.

8. Cookies and Tracking

Our website uses essential cookies for authentication and session management. Analytics cookies are used only with your consent. You can manage cookie preferences through your browser settings.

9. Your Rights

All Users:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and personal data
  • Withdraw consent at any time
  • Export your data in a portable format

Additional Rights under DPDPA (India):

  • Right to nominate a representative for data rights
  • Right to grievance redressal within 30 days

Additional Rights under GDPR (EU/EEA):

  • Right to data portability
  • Right to restrict processing
  • Right to object to automated decision-making
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact privacy@thepredictx.com. We will respond within 30 days.

10. Children's Privacy

PredictX is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover that a minor has created an account, we will immediately terminate it and delete the associated data.

11. International Data Transfers

Your data is primarily stored in AWS Mumbai (ap-south-1). In the event of cross-border transfers, we use Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notifications and/or email at least fifteen (15) days before taking effect.

13. Contact

For privacy-related queries, contact our Data Protection Officer at privacy@thepredictx.com.

Grievance Officer (India): grievance@thepredictx.com