TipsterPlus +

Privacy Policy

Last Updated: October 22, 2025

1. Introduction

Welcome to TipsterPlus (“TipsterPlus”, “we”, “us”, or “our”). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit tipsterplus.com and use our services (the “Service”). If you do not agree with this Policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide

  • Account data: When you sign in with Google OAuth, we receive permitted profile data (typically your name and email).
  • Subscription & billing data: For paid plans, we process payments via Stripe; we store your plan, subscription status, Stripe customer ID, and related metadata.
  • Communications: When you contact us, we process your email, message content, and any attachments you choose to provide.
  • Marketing preferences: Your choices about receiving marketing communications and your consent status for marketing/advertising tracking.

2.2 Information Collected Automatically

  • Log and usage data: IP address, user agent, pages visited, timestamps, and similar technical information necessary to operate and secure the Service.
  • Geo headers: We may use country/region information provided by our CDN to localize content (e.g., match start times).
  • Security and abuse prevention: Cloudflare Turnstile collects limited device/interaction data to distinguish humans from bots.

3. How We Use Your Information

  • Provide, operate, and maintain the Service (authentication, content delivery, subscriptions).
  • Process payments and manage subscriptions.
  • Secure the Service, prevent fraud/abuse (including Turnstile and rate-limiting).
  • Understand usage and improve features using Umami (cookieless) aggregated analytics.
  • Send transactional messages (e.g., login links, subscription emails).
  • Send marketing communications where you have provided consent and measure campaign performance when you enable Marketing consent.
  • Comply with legal obligations and enforce our terms.

4. How We Share Your Information

We do not sell your personal information. We share data with service providers that help us operate the Service, under contracts that protect your data:

  • Supabase: Database, authentication (including session management).
  • Stripe: Payment processing; we do not store full card details.
  • Google: OAuth sign-in; (may also deliver fonts where applicable).
  • Cloudflare: CDN, security (including Turnstile) and Zaraz for server-side tag delivery (e.g., Meta CAPI) only after consent.
  • Brevo: Transactional and marketing email delivery (where applicable).

We may also disclose information if required by law or to protect rights, and in connection with corporate transactions (e.g., merger or acquisition).

5. Cookies and Tracking Technologies

This section describes what we set on your device, when, and why.

5.1 Strictly Necessary (Essential)

  • Purpose: login/authentication, session continuity, security, and site stability.
  • Examples: Supabase session cookies; Cloudflare security/load-balancing cookies.
  • Legal basis (EEA/UK): ePrivacy “strictly necessary” / performance of the service.
  • Control: These are required to provide the Service and cannot be switched off via the consent tool.

5.2 Analytics (Cookieless)

  • We use Umami in a cookieless mode for aggregated usage metrics. We do not set analytics cookies or store device-persistent identifiers for analytics.

5.3 Marketing / Advertising (Only if you consent)

  • Purpose: Measure and improve performance of our ads on Facebook/Instagram (e.g., page views after an ad click, checkout started, purchase).
  • Technology: Events are sent server-side via Cloudflare Zaraz to Meta’s Conversions API.
  • Identifiers/parameters we may send (if available): event time, event ID, page URL, referrer, browser user agent, IP (for matching), and Meta identifiers such as _fbp and _fbc (derived from fbclid in the landing URL).
  • When set: Only after you enable “Marketing” in our consent banner.
  • Legal basis (EEA/UK): your consent (GDPR Art. 6(1)(a); ePrivacy Art. 5(3)).
  • Control: You can grant or withdraw consent anytime via the Cookie settings link on our site. Withdrawing stops further Marketing events and related identifiers.

5.4 Retention

  • Essential cookies persist only as needed for sessions/security (session-based or as stated by the cookie).
  • Marketing identifiers (e.g., _fbp/_fbc) are set only after consent and kept for up to 180 days unless you withdraw earlier or clear them in your browser.

5.5 Do Not Track / Global Privacy Control

Your browser may send signals such as “Do Not Track” or Global Privacy Control. Where legally required, we honor applicable consent signals. Otherwise, please use the Cookie settings link to control Marketing.

6. Data Security

We employ administrative, technical, and physical measures to protect personal data (including encryption in transit, least-privilege access, and monitoring). No method of transmission or storage is completely secure.

7. Data Retention

We retain personal data as long as necessary to provide the Service and meet legal/operational requirements (e.g., tax/audit). Usage metrics are retained in aggregated form. When no longer needed, we delete or anonymize data.

8. Your Privacy Rights

Depending on your location, you may have rights to:

  • access, rectify, or erase your personal data;
  • restrict or object to processing;
  • data portability;
  • withdraw consent (e.g., for Marketing) at any time via Cookie settings or by contacting us;
  • lodge a complaint with your data protection authority.

To exercise these rights, please contact us using the details below. We may need to verify your identity before acting on requests.

9. International Data Transfers

Our providers (e.g., Supabase, Stripe, Google, Cloudflare, Brevo, Meta) may process data in countries outside your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

10. Children’s Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can delete it.

11. Affiliate Application Process

We process data you submit in the affiliate application solely to evaluate and manage the partnership. Controller: TipsterPlus. Lawful basis: your consent (checkbox) and our legitimate interest in administering the program. Storage: Supabase (EU); communications via Brevo. Retention: successful applicants—throughout the partnership; unsuccessful—deleted within 6 months. Rights: see Section 8.

12. Changes to This Privacy Policy

We may update this Policy from time to time. We will post any changes here and update the “Last Updated” date. Material changes may also be communicated by email or in-app notice.

13. Contact Us

Questions or requests about this Policy or your data? Contact us below. You can also manage Marketing consent any time via the Cookie settings link in the site footer. See our full policy at https://tipsterplus.com/privacy-policy/.