CricketEdges
Terms of ServiceHomeSign in

Privacy Policy

Effective Date: 1 May 2026  ·  Last Updated: 1 May 2026  ·  Version: 1.0

1. Introduction

Cricket-Edges ("we", "us", "our", or "the Service") is a cricket analytics platform designed for adult users in the United Kingdom, New Zealand, and Australia. We are committed to protecting your personal data and respecting your privacy rights under applicable laws, including the United Kingdom General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018, the New Zealand Privacy Act 2020, and the Australian Privacy Act 1988 (Cth).

This Privacy Policy explains what personal information we collect, how we use it, the legal grounds on which we rely, who we share it with, and the rights you have in relation to your data. By creating an account or using the Service, you confirm that you have read and understood this Policy.

Data Controller: J. Busch

If you have any questions about this Policy or our handling of your personal data, please contact our Data Protection Officer using the details in Section 12.

2. Important Notice on Age Restriction

Cricket-Edges Pro is strictly available to users aged 18 years or older.

Our Service involves analytics relating to sports wagering markets and is therefore not appropriate for, and is not directed at, minors. We do not knowingly collect, process, or store personal data from any individual under the age of 18.

Age Verification. During account registration, users are required to confirm they are at least 18 years of age. We may, at our discretion, employ additional age verification measures, including identity-verification checks, where we have reasonable grounds to suspect a user has misrepresented their age.

Accidental Collection from Minors. If we become aware, or are notified, that a person under 18 has provided personal data to us, we will:

  • Suspend the relevant account immediately;
  • Permanently delete all personal data associated with that account from our active systems within thirty (30) days, subject to any legal obligation to retain certain records;
  • Take reasonable steps to ensure backups containing such data are purged in the next backup cycle; and
  • Notify the parent or legal guardian where contact details are reasonably available, and cooperate with any subsequent request.

If you are a parent, guardian, or other concerned party and believe a minor has registered for the Service, please contact our Data Protection Officer immediately (Section 12).

3. Personal Data We Collect

We limit our collection of personal data to what is necessary to deliver, secure, and improve the Service.

3.1 Account Registration Data

When you create an account, we collect:

  • Full name — used to personalise your account and communications.
  • Email address — used as your login identifier and for service-related communications.
  • Password — stored only in hashed form using industry-standard cryptographic functions; we never have access to your plaintext password.

3.2 Security and Telemetry Data

To protect our Service, our infrastructure, and our users, we automatically collect:

  • IP address — including approximate geolocation derived from it (city/region level);
  • Device and browser information — such as user agent string, operating system, screen resolution, and language preference;
  • Authentication telemetry — including login timestamps, session identifiers, and records of failed login attempts;
  • Service usage telemetry — including pages or features accessed, request timestamps, error reports, and performance metrics.

This data is used solely for security, fraud prevention, debugging, and service-integrity purposes.

3.3 Marketing Preferences

If you opt in, we record your consent to receive marketing communications and the date and method by which it was given.

3.4 Data We Do Not Collect

We do not collect special category / sensitive personal data (such as health, racial or ethnic origin, political opinions, religious beliefs, or biometric data). We do not collect payment card details directly; payment information is handled by a PCI-DSS compliant third-party processor.

4. Legal Basis for Processing (UK / EU Users)

4.1 Performance of a Contract (Article 6(1)(b))

We process your name, email address, and password in order to create your account, authenticate you, and deliver the analytics features you have signed up for.

4.2 Legitimate Interests (Article 6(1)(f))

We process IP addresses, telemetry, and usage data on the basis of our legitimate interests in maintaining the security and integrity of the Service, preventing fraud, diagnosing faults, and improving performance.

4.3 Consent (Article 6(1)(a))

We rely on your freely given, specific, informed, and unambiguous consent for sending marketing or promotional emails. You may withdraw consent at any time by clicking the "unsubscribe" link in any marketing email or by contacting us.

4.4 Legal Obligation (Article 6(1)(c))

We may process certain data where required to comply with applicable laws, including responding to lawful requests from regulatory or law-enforcement authorities.

5. Tech Stack and Sub-processor Disclosure

5.1 Vercel Inc. — Hosting and Application Delivery

Our application is hosted on Vercel, which provides web hosting, edge networking, and serverless compute. A Data Processing Agreement (DPA) is in place. Further information: vercel.com/legal/privacy-policy

5.2 Supabase Inc. — Database, Authentication, and Storage

We use Supabase to store account data and authenticate user sessions. A Data Processing Agreement (DPA) is in place. Further information: supabase.com/privacy

5.3 International Data Transfers

Where personal data is transferred outside the United Kingdom, the European Economic Area, New Zealand, or Australia, we rely on appropriate safeguards including the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs), and encryption in transit (TLS 1.2+) and at rest.

6. Cookies and Similar Technologies

We use essential session cookies managed by Supabase Auth to keep you logged in and protect against CSRF attacks. These are strictly necessary and cannot be disabled without preventing login. We do not currently use advertising, profiling, or third-party analytics cookies.

7. Data Retention

Data CategoryRetention Period
Account data (name, email, hashed password)Lifetime of account, plus 30 days after deletion
Authentication and security logsUp to 12 months
Telemetry and usage dataUp to 12 months in identifiable form
Marketing consent recordsUntil withdrawn, plus 24 months
Records required by lawAs required by applicable law

8. Data Security

We implement appropriate technical and organisational measures including encryption in transit (TLS), encryption at rest, hashed passwords, role-based access controls, and documented breach-response procedures. In the event of a notifiable breach, we will notify the relevant supervisory authority within 72 hours.

9. Your Rights — United Kingdom

Under the UK GDPR you have rights of access, rectification, erasure, restriction, portability, and objection. To exercise any right, contact our Data Protection Officer (Section 12). You may also lodge a complaint with the ICO: ico.org.uk  ·  0303 123 1113.

10. Your Rights — New Zealand

Your personal information is handled under the Privacy Act 2020 and its thirteen Information Privacy Principles. You have rights of access (IPP 6) and correction (IPP 7). Notifiable breaches causing serious harm will be reported to the Office of the Privacy Commissioner: privacy.org.nz  ·  0800 803 909.

11. Your Rights — Australia

We handle your personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. You have rights of access (APP 12) and correction (APP 13). We comply with the Notifiable Data Breaches scheme. Complaints may be referred to the OAIC: oaic.gov.au  ·  1300 363 992.

12. Contact — Data Protection Officer

Cricket-Edges
Email: admin@cricket-edges.com

We will acknowledge requests within five (5) business days and respond within the timeframes required by applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email at least 14 days before changes take effect. Continued use after the effective date constitutes acceptance.

14. Definitions

  • Personal Data / Personal Information — any information relating to an identified or identifiable natural person.
  • Processing — any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
  • Data Controller — the entity that determines the purposes and means of processing (i.e., us).
  • Data Processor / Sub-processor — a third party that processes data on our behalf (e.g., Vercel, Supabase).

This Privacy Policy is provided in English. In the event of any discrepancy between this version and any translation, the English version shall prevail.