Privacy Policy

Last updated: May 22, 2026

Lasyly ("we," "us," or "our") operates the Lasyly platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Display name and username
  • Profile avatar (if uploaded)
  • Account type preference (bettor, tipster, or both)
  • Favorite sports selections

1.2 Authentication Data

We use Supabase for authentication. If you sign in via Google OAuth, we receive your name, email, and profile picture from Google. We do not store your Google password.

1.3 Usage Data

We automatically collect:

  • Pages visited and features used
  • Device type, browser, and operating system
  • IP address (for security and rate limiting)
  • Timestamps of interactions

1.4 User-Generated Content

Content you create on the platform, including:

  • Chat messages in rooms
  • Betslips and pick logs
  • Votes and reactions
  • Room descriptions and settings

1.5 Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details. We receive from Stripe: transaction amounts, timestamps, and a payment reference ID. Stripe's privacy policy governs their handling of your payment data.

2. How We Use Your Information

  • Provide the Service — display analytics, deliver live scores, enable rooms and chat
  • Personalize your experience — show relevant sports, props, and content based on your preferences
  • Process transactions — handle wallet top-ups, tipster purchases, and earnings
  • Improve the platform — analyze usage patterns to fix bugs and build better features
  • Security — detect abuse, enforce rate limits, and protect against unauthorized access
  • Communications — send account-related emails (password resets, security alerts). We do not send marketing emails without your consent.

3. How We Share Your Information

We do not sell your personal data. We share information only in these cases:

  • Service providers — Supabase (database/auth), Stripe (payments), Vercel (hosting). These providers process data on our behalf under contractual obligations.
  • Public content — Your username, display name, avatar, and public betslips are visible to other users.
  • Legal requirements — If required by law, court order, or to protect our rights and safety.
  • Business transfers — In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity.

4. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion request.
  • Chat messages — automatically deleted after 24 hours.
  • Bet logs and analytics — retained while your account is active.
  • Payment records — retained for 7 years for tax and legal compliance.
  • Security logs — IP addresses and rate limit data retained for 90 days.

5. Data Security

We implement industry-standard security measures including:

  • AES-256-GCM encryption for sensitive data at rest
  • TLS 1.3 for all data in transit
  • Row Level Security (RLS) on all database tables
  • Rate limiting and IP blocking for abuse prevention
  • Security headers (CSP, HSTS, X-Frame-Options)
  • Regular security audits

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of your personal data
  • Correction — update inaccurate information
  • Deletion — request deletion of your account and associated data
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain processing of your data

To exercise these rights, contact us at privacy@lasyly.com.

7. Cookies

We use essential cookies for:

  • Authentication session management
  • Guest browsing mode

We do not use third-party advertising or tracking cookies.

8. Age Restriction

Lasyly is intended for users aged 18 and older. We do not knowingly collect data from anyone under 18. If we learn that a user is under 18, we will delete their account and data promptly.

9. International Data Transfers

Your data may be processed in countries other than your own. Our service providers (Supabase, Stripe, Vercel) operate globally. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

  • Email: privacy@lasyly.com
View Terms of Service →