Privacy Policy

Last updated: March 2026

1. Overview

EdgeSeeker ("we", "us", "our") is a sports analytics platform operated by OffensiveEdge. This policy explains how we collect, use, store, and protect your data — with particular focus on our AI-powered features, Kalshi trading integration, and security measures.

By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

2. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contractual necessity — processing required to provide the services you signed up for (account management, predictions, trading integration, chat)
• Consent — where you have explicitly opted in (e.g., connecting a Kalshi account, enabling trade execution, sending messages to EdgeSeekerGPT™)
• Legitimate interests — security measures (device tracking, anomaly detection, rate limiting, bot detection), fraud prevention, service improvement, and enforcing our Terms of Service
• Legal compliance — where required by applicable law, regulation, or legal process

3. Data We Collect

3.1 Account Data

• Phone number (used as your primary login identifier)
• Email address (optional; used for password recovery if provided)
• Authentication credentials (managed by Supabase Auth)
• Display name (user-created on signup, editable)
• Account role and membership tier
• Account status (active, deactivated) and deactivation reason if applicable
• Account preferences and settings (theme, notification preferences, muted users, sport filters, landing page preference, profanity filter)

3.2 Payment and Subscription Data

When you purchase a subscription or day pass, we collect and store:

• Stripe customer ID (a unique identifier linking your EdgeSeeker account to your Stripe customer record)
• Stripe subscription ID and session IDs
• Subscription status (active, past due, canceled) and billing period dates
• Product type purchased (subscription or day pass) and amount
• Day pass dates (Eastern Time)

We do not store your payment card number, bank account details, or billing address. All payment information is transmitted directly to and stored by Stripe, Inc., our PCI-DSS compliant payment processor. Stripe's handling of your payment data is governed by the Stripe Privacy Policy (opens in new tab).

3.3 Kalshi Trading Credentials

If you choose to connect a Kalshi account, we collect:

• Kalshi API Key ID
• RSA private key (encrypted before storage — see Section 7)
• Kalshi username (optional)
• Account label (user-defined nickname)

3.4 Trading Activity Data

If you use the Kalshi integration, we store:

• Order history, positions, fills, and settlements
• Profit and loss records
• Trade execution configuration (sizing fraction, bet size limits, sport/category preferences, exit signal settings, auto-sell toggles)
• Auto-sell execution logs (signal type, ticker, timestamp, outcome)
• Trade notes you create

3.5 EdgeSeekerGPT™ Data

• Messages you send to EdgeSeekerGPT
• AI-generated responses
• Conversation metadata (timestamps, message count)

3.6 Community Chat Data

• Messages you send in community chat (text content, timestamps)
• Reactions you add to other users' messages
• Reply relationships between messages
• Message effects (animations)
• Daily message counts per user

3.7 Prediction Interaction Data

• Votes you cast on predictions (upvote/downvote)
• Auto-vote preferences and rules you configure (sports, categories, bet types, risk tiers, confidence/edge ranges)
• Kalshi auto-vote preference (follow/fade)

3.8 Device and Access Data

To protect accounts from unauthorized access and credential sharing, we collect device and access information when you use the Platform:

• A device identifier derived from browser characteristics
• IP address
• Approximate geographic location derived from your IP address (city, country)
• Browser user agent string
• Device label (user-defined nickname)
• Last seen timestamp
• Device swap history (count, timestamps, cooldown periods)

This data is used solely for security purposes — detecting unauthorized account sharing, preventing fraudulent access, identifying suspicious login patterns, and enforcing device limits. We limit the number of devices that can access a single account.

3.9 Usage and Activity Data

We track how you interact with the Platform for service improvement, feature development, and security:

• Page visits and navigation patterns
• Feature usage (which tools and sections you use, including predictions, insights, Kalshi, AI chat, leaderboard, metrics, and store)
• Milestone events (first login, first trade, first AI chat, first chat message, etc.)
• Daily activity summaries (message counts, vote counts, reaction counts, login counts, pages visited, orders placed, trades approved)
• Activity streaks (consecutive days of use, longest streak, total active days)
• Interaction events (prediction detail views, AI suggestion clicks, market modal opens, prediction comparisons)

3.10 Content Moderation Records

If a message you send is blocked by our content moderation system, we record:

• The reason the message was blocked (moderation category)
• The severity classification
• A truncated excerpt of the blocked content
• The channel where the message was sent (community chat or AI chat)

This data is used to enforce our Terms of Service and protect the community. It is accessible only to administrators.

3.11 Security and Rate Limiting Logs

• Rate limit violations (with IP address and user agent)
• Actions taken in response to violations
• Reason for each action

These logs are used to detect abuse, enforce rate limits, and maintain Platform security. They are accessible only to administrators.

3.12 Analytics and Error Tracking

• Vercel Analytics: anonymous page view tracking and navigation patterns. No cookies. No cross-site tracking. No IP storage.
• Vercel Speed Insights: anonymous performance metrics (Core Web Vitals: page load times, layout shift, interaction delays). No cookies.
• Sentry: error reports, stack traces, and performance traces for debugging. On errors, Sentry captures a session replay of your interactions leading up to the error, which may include page content, clicks, scrolls, and navigation. Authorization headers and cookies are stripped before transmission. Personally identifiable information is removed. Performance traces are sampled in production. Session replays are captured only when an error occurs.

3.13 Cookies and Local Storage

• Supabase Auth session cookies (authentication, short-lived expiry)
• Session validation cookie (prevents redundant database calls)
• Theme preference stored in localStorage (light/dark/system)
• Accessibility preferences stored in localStorage (reduced motion)
• Dismissed announcement banners stored in localStorage
• Encrypted session tokens for secure API communication (short-lived, auto-refresh)

See our Cookie Policy for full details.

4. How We Use Your Data

• Provide and operate the Platform, including predictions, analysis, chat, and AI features
• Submit orders to Kalshi via your credentials when trade execution is enabled
• Process EdgeSeekerGPT™ messages via Claude
• Process payments and manage subscriptions via Stripe
• Screen chat messages for prohibited content via content moderation services
• Track and display your trading performance and history
• Display your display name, vote accuracy, and trading performance on the leaderboard
• Detect and prevent unauthorized account access, credential sharing, and fraudulent activity
• Enforce rate limits and prevent abuse of Platform resources
• Perform impossible travel detection to identify suspicious account access patterns
• Monitor platform performance and debug errors
• Enforce our Terms of Service and community guidelines
• Communicate important updates about the Platform

5. Data Visible to Other Users

The following data about you may be visible to other authenticated users of the Platform:

• Community chat: your display name, message text, reactions, and account tier badge
• Leaderboard: your display name, win rate, ROI, trade count, units, and account tier badge
• Prediction votes: your display name and vote direction on predictions

Your phone number, email address, IP address, device information, trading credentials, trading configuration, and activity data are never visible to other users. Only administrators can access this information.

6. EdgeSeekerGPT™ — How Your Data Is Handled

EdgeSeekerGPT is powered by Claude. When you send a message to EdgeSeekerGPT:

• Your messages are sent to Anthropic's API for processing, along with up to 20 recent messages from your conversation for context. Anthropic retains API data for up to 30 days for safety monitoring, then permanently deletes it.
• Anthropic does not use API data to train its models. This is Anthropic's standing policy for all API customers.
• We do not sell, share, or distribute your chat conversations to any third party beyond what is necessary to provide the service.
• Prediction context (current game data and model outputs) is included with messages to provide relevant analysis. No personal, financial, or credential data is sent to the AI.
• Chat history is not persisted server-side. Your EdgeSeekerGPT conversation is stored in your browser session only. Refreshing the page clears your chat history.

7. Kalshi Credential Security

Your Kalshi RSA private key is encrypted using industry-standard authenticated encryption before storage. Specifically:

• The server-side encryption key is stored securely and never appears in source code
• Your private key is decrypted only at the moment of an API request to Kalshi, then immediately discarded from memory
• Your API Key ID is stored separately and used only for Kalshi API authentication
• Replacing your credentials deletes the previous encrypted record
• You can delete your stored credentials at any time through the Platform

While we implement industry-standard encryption, no security system is impenetrable. You provide your credentials at your own risk. You are responsible for the security of your Kalshi account, including enabling two-factor authentication on Kalshi and rotating your API credentials periodically.

8. Community Chat — Content Screening

Community chat messages and EdgeSeekerGPT™ messages may be screened for prohibited content using automated moderation tools, including:

• Pattern matching for profanity and prohibited content
• Third-party content safety classification for hate speech, harassment, sexual content, violence, and self-harm

Only the message text is sent to third-party moderation services. No personal data, credentials, or account information is included. Multiple moderation layers provide redundancy.

9. Third-Party Services

Each third-party service is governed by its own privacy policy and terms of service. We encourage you to review the privacy practices of each service listed above. We share only the minimum data necessary for each service to perform its function.

10. Data We Do NOT Collect or Share

• We do not collect biometric data
• We do not collect precise GPS location (only approximate location from IP address)
• We do not access your contacts, photos, files, or other device content
• We do not sell your personal information to any third party
• We do not share your personal information for cross-context behavioral advertising
• We do not use cookies for advertising, retargeting, or behavioral profiling
• We do not track your activity across other websites
• We do not store your payment card numbers, bank account details, or billing address

11. Automated Decision-Making

The Platform uses automated processes that may result in actions taken on your account without individual human review. These include:

• Anomaly detection — if your account access patterns indicate suspicious activity, your account may be automatically deactivated as a security measure
• Rate limiting — if you exceed request limits, your account may be automatically restricted
• Content moderation — messages may be automatically blocked if they are flagged by our moderation systems
• Device limit enforcement — if you exceed the maximum number of devices for your account, access from additional devices may be blocked

If you believe an automated action was taken on your account in error, you may contact support@offensiveedge.com for human review.

12. Data Retention

We retain data for the minimum period necessary to provide our services, comply with legal obligations, and maintain security. Automated cleanup jobs run daily to enforce retention limits.

• EdgeSeekerGPT™ conversations: stored in your browser session only. Not persisted server-side. Refreshing the page clears your chat history.
• Community chat messages and reactions: automatically deleted after 7 days via scheduled cleanup
• Account data: retained as long as your account is active
• Payment and subscription records: retained as long as your account is active and for a reasonable period thereafter as required for accounting, tax, and legal purposes
• Trading records (Kalshi contracts): retained for 365 days, then automatically deleted
• ML predictions and prediction votes: retained for 365 days (votes cascade-delete with their prediction)
• Kalshi credentials: encrypted and retained until you delete them or your account is deleted
• Device and access data: retained as long as your account is active
• Activity events: recurring events retained for 365 days, then automatically deleted. Milestone events (first login, first trade, etc.) are retained indefinitely.
• Daily activity summaries: retained for 730 days (2 years), then automatically deleted
• Content moderation records: retained for 365 days, then automatically deleted
• Rate limiting and security logs: retained for 180 days, then automatically deleted
• Operational logs: retained for 90 days, then automatically deleted
• Model calibration reports: retained for 365 days, then automatically deleted
• Claude API logs: retained for up to 30 days by Anthropic, then automatically deleted
• Sentry error logs: retained per Sentry's data retention policy
• Vercel Analytics: retained per Vercel's data retention policy
• Stripe records: retained per Stripe's data retention policy and applicable financial regulations

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law, necessary for fraud prevention, or needed to resolve disputes. Aggregate, anonymized data that cannot identify you may be retained indefinitely.

13. Data Security

• All data in transit is encrypted via TLS/HTTPS
• Authentication is handled by Supabase with industry-standard security practices
• Kalshi credentials are encrypted at rest using industry-standard authenticated encryption
• Sensitive API responses between client and server use additional end-to-end encryption beyond TLS
• EdgeSeekerGPT™ inputs are validated and sanitized before processing
• Prompt injection and abusive content is blocked at both client and server level
• Sentry is configured to strip personally identifiable information from error reports
• Access is restricted by geographic region for regulatory compliance
• Automated bot detection protects API endpoints
• Security headers restrict script execution and resource loading
• Rate limiting is enforced to prevent abuse
• Admin actions are logged in an audit trail

While we implement industry-standard security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

14. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Investigate and contain the breach as quickly as possible
• Notify affected users via email (if available) and/or in-platform notification within 72 hours of confirming the breach, unless law enforcement requests a delay
• Describe the nature of the breach, the types of data affected, and the steps we are taking to address it
• Notify applicable regulatory authorities as required by law
• Provide recommendations for steps you can take to protect yourself

If a breach involves your Kalshi credentials, we will notify you immediately and recommend that you rotate your Kalshi API credentials and review your Kalshi account for unauthorized activity.

15. Cookies and Tracking Technologies

• Essential cookies: Supabase Auth session cookies and session validation cookies. These are necessary for the Platform to function and cannot be disabled.
• Functional storage: Theme preference, accessibility settings, and dismissed announcement banners stored in localStorage. These improve your experience but the Platform functions without them.
• Analytics: Vercel Analytics collects anonymous page view data. Vercel Speed Insights collects anonymous performance metrics. Neither service uses cookies for cross-site tracking.
• Security: hCaptcha may set session cookies during bot challenges on authentication forms.
• No advertising cookies: We do not use cookies for advertising, retargeting, or behavioral profiling.
• No cross-site tracking: We do not track your activity across other websites.

16. Your Rights

Regardless of your location, you have the following rights regarding your personal data:

• Access — You can request information about what personal data we hold about you, including a copy of that data in a commonly used format
• Deletion — You can request deletion of your account and all associated data, including encrypted Kalshi credentials, device records, trading history, activity data, moderation records, and security logs
• Correction — You can request correction of inaccurate personal information
• Data portability — You can request a copy of your personal data in a structured, commonly used, machine-readable format
• Opt out of features — You can use EdgeSeeker without EdgeSeekerGPT™, Kalshi, or community chat features
• Object to processing — You can object to specific processing activities based on our legitimate interests
• Withdraw consent — Where processing is based on consent, you can withdraw that consent at any time (e.g., by disconnecting your Kalshi account or disabling trade execution)

To exercise any of these rights, email support@offensiveedge.com. We will verify your identity and respond to verified requests within 30 days. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

17. Account Deletion

You may request deletion of your account and all associated personal data by emailing support@offensiveedge.com from the email or phone number associated with your account. Upon verification of your identity, we will:

• Delete your user profile, display name, and account preferences
• Delete all stored device records and access data
• Delete all encrypted Kalshi credentials
• Delete all trading configuration data
• Delete all activity events, daily summaries, and streak data
• Delete all content moderation records and security logs
• Delete all prediction votes and auto-vote rules
• Remove your authentication record from Supabase Auth

Account deletion is permanent and irreversible. The following data may be retained after account deletion:

• Payment and subscription records required for accounting, tax, or legal purposes
• Anonymized or aggregated data that can no longer identify you
• Data required by law to be retained
• Community chat messages you posted (which are automatically deleted after 7 days regardless of account status)

We will complete the deletion process within 30 days of verifying your request. Third-party services (Stripe, Sentry, Vercel, Anthropic) retain data according to their own policies.

18. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to know — You can request the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share it
• Right to delete — You can request deletion of your personal information, subject to certain exceptions
• Right to correct — You can request correction of inaccurate personal information
• Right to opt out of sale/sharing — We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information — You can request that we limit our use of sensitive personal information (such as your phone number) to what is necessary to provide the services
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights

To exercise your rights, email support@offensiveedge.com or use the contact methods described in Section 16. We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days with notice).

Categories of Personal Information Collected (CCPA Disclosure)

19. Additional State Privacy Rights

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), or another state with a comprehensive privacy law, you may have additional rights including:

• Right to access, correct, and delete your personal data
• Right to data portability
• Right to opt out of targeted advertising — we do not engage in targeted advertising
• Right to opt out of profiling — we do not profile you for decisions that produce legal or similarly significant effects
• Right to opt out of the sale of personal data — we do not sell your personal data
• Right to appeal a denial of your privacy request

To exercise any of these rights, email support@offensiveedge.com. If we deny your request, you have the right to appeal by replying to our response. If your appeal is denied, you may contact your state's attorney general.

20. International Users

EdgeSeeker is operated from and intended for users in the United States. The Platform, all data processing, and all services are governed exclusively by the laws of the United States and the State of Texas. We do not target, market to, or solicit users in the European Union, European Economic Area, United Kingdom, or any other jurisdiction outside the United States.

Access to the Platform is restricted by geographic region. Users accessing from outside the United States may be blocked. If you are able to access the Platform from outside the United States, you do so at your own initiative and are solely responsible for compliance with your local laws. By using the Platform, you consent to the transfer, processing, and storage of your data in the United States under U.S. law.

21. Children's Privacy

EdgeSeeker is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us at support@offensiveedge.com.

22. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated via the Platform or by email. We will update the "Last updated" date at the top of this page. Continued use of the Platform after changes are posted constitutes acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Platform.

23. Contact

For privacy questions, data requests, or to exercise any of your rights described in this policy, contact us at support@offensiveedge.com.

If you have an unresolved privacy concern that we have not addressed satisfactorily, you may contact your state's attorney general or applicable regulatory authority.