Privacy Policy

Last updated: April 20, 2026 · Effective date: April 20, 2026

1. Introduction

This Privacy Policy explains how idealink, inc., trading as OddIntel ("we", "us", "our"), collects, uses, discloses, and safeguards personal data when you use our website (https://oddintel.io), our dashboard application, our Telegram bot (@oddsedgey_bot), our public Telegram channel (@OddIntelSignals), and related services (the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA) where applicable. If you do not agree with this Policy, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

idealink, inc.
131 Continental Drive, Suite 301
Newark, DE 19713
United States
Delaware File Number: 6790050
U.S. Federal EIN: 35-2756533
Email: privacy@oddintel.io

EU/UK users: OddIntel is a U.S.-based company. For inquiries relating to processing of personal data of EU, EEA, or UK residents under GDPR or UK DPA, please contact us directly at the email above. We will respond within 30 days and cooperate with your local supervisory authority where required.

3. What Data We Collect

We collect the following categories of personal data:

3.1 Data you provide directly

  • Email address — for account registration, magic-link authentication, email alerts, and support communications.
  • Telegram identifier (chat ID) — collected only if you voluntarily link your Telegram account for instant alerts.
  • Bet tracking data — matches, odds, stakes, results, and notes you log voluntarily in the Bet Tracker. This data is only collected if you use that feature.
  • Notification preferences — toggles for email / Telegram channels.
  • Support correspondence — messages you send us.

3.2 Payment data

Payments are processed by Stripe, Inc. We receive limited billing metadata (customer ID, subscription ID, checkout ID, subscription status, payment success/failure) from Stripe. We do not collect or store your full credit/debit card numbers, CVV codes, or bank account details.

3.3 Data collected automatically

  • Technical log data — IP address, browser type, user agent, timestamps, referring URLs, pages visited, error logs. Retained for up to 30 days for security, debugging, and anti-abuse purposes.
  • Session cookies — essential cookies for authentication and session management (see Section 9).
  • Aggregate usage statistics — anonymized, non-identifying metrics about feature usage.

3.4 Data we do NOT collect

  • We do not collect special category data (health, race, religion, political views, biometric, genetic);
  • We do not collect children's data (18+ only);
  • We do not collect location beyond what's inferable from your IP for compliance purposes;
  • We do not operate analytics or ad tracking pixels from Meta, Google Ads, TikTok, or similar.

4. Purposes and Legal Bases for Processing (GDPR)

We process your data only where we have a lawful basis:

PurposeDataLegal Basis
Provide the Service (account, authentication, alerts)Email, Telegram ID, preferencesContract performance (Art. 6(1)(b))
Process subscriptions and paymentsEmail, Stripe billing metadataContract performance (Art. 6(1)(b))
Send service alerts and updatesEmail, Telegram ID, preferencesContract performance (Art. 6(1)(b))
Send marketing about similar servicesEmailLegitimate interest (Art. 6(1)(f)) — opt-out any time
Security, fraud prevention, abuse detectionIP, logs, account dataLegitimate interest (Art. 6(1)(f))
Legal compliance, tax, accountingBilling dataLegal obligation (Art. 6(1)(c))
Bet tracking analyticsBets you logConsent (Art. 6(1)(a)) — feature is opt-in

5. Data Sharing and Third-Party Processors

We share personal data only with the following categories of recipients, each bound by data processing agreements or equivalent safeguards:

  • Stripe, Inc. (payment processor)— processes subscription payments. Stripe's privacy policy: stripe.com/privacy. Transfers to the U.S. are protected by Standard Contractual Clauses.
  • Resend (email delivery) — sends authentication magic links and alert emails. Resend privacy policy: resend.com/legal/privacy-policy.
  • Telegram Messenger LLP — delivers Telegram alerts to your chat if you link your account. Telegram privacy policy: telegram.org/privacy.
  • Hetzner Online GmbH (hosting) — our servers and databases are hosted in Hetzner data centers in Finland (European Union). Hetzner is an EU-based provider subject to GDPR. Access is restricted to authorized personnel under confidentiality agreements. Hetzner privacy policy: hetzner.com/legal/privacy-policy.
  • The Odds API — we subscribe to this service for raw odds data. We do not share personal data with The Odds API.
  • Legal, tax, and professional advisors — where necessary to comply with obligations.
  • Authorities — if compelled by valid legal process, a court order, or an investigation involving fraud or illegal activity.

We do not sell personal data. We do not share personal data with advertising networks or data brokers.

6. International Data Transfers

We are a U.S.-based company (Delaware, USA), and some of our processors are located in the United States. Personal data of EU, EEA, and UK residents may therefore be transferred to and processed in the United States. Our servers and databases, however, are hosted in the European Union (Finland).

For transfers outside the EEA / UK, we rely on appropriate safeguards, including:

  • European Commission Standard Contractual Clauses (Module 2, as set out in Decision 2021/914) incorporated into our processor agreements with Stripe, Resend, and any other U.S. processors;
  • UK International Data Transfer Addendum where UK personal data is involved;
  • Adequacy decisions, where applicable (e.g., EU-U.S. Data Privacy Framework for certified U.S. processors);
  • Supplementary technical and organizational measures, including encryption in transit (TLS), access controls, and minimization of transferred data.

You may request a copy of the relevant transfer safeguards by emailing privacy@oddintel.io.

7. Data Retention

We retain personal data only as long as necessary:

  • Account data: for the duration of your account + 12 months after deletion (for support and fraud prevention), unless legal requirements demand longer retention;
  • Subscription and billing records: 7 years for tax and accounting compliance;
  • Bet tracking data: until you delete bets or delete your account;
  • Server logs and technical data: up to 30 days;
  • Support correspondence: 3 years after the last interaction.

8. Your Rights (GDPR / UK DPA / CCPA)

Subject to applicable law, you have the following rights over your personal data:

  • Access — request a copy of your data;
  • Rectification — correct inaccurate data;
  • Erasure ("right to be forgotten") — delete your data, subject to legal retention obligations;
  • Restriction — limit how we process your data;
  • Portability — receive your data in a structured, machine-readable format;
  • Objection — object to processing based on legitimate interest or for marketing;
  • Withdraw consent — where processing is based on consent;
  • Complaint — lodge a complaint with your local supervisory authority (in Türkiye: KVKK; in the EU: your national DPA; in the UK: the ICO).

To exercise any of these rights, email privacy@oddintel.io. We will respond within 30 days (extendable to 60 days for complex requests).

California residentsadditionally have the right to opt out of "sales" of personal information under CCPA. We do not sell personal information.

9. Cookies

We use a minimal set of cookies and similar technologies:

  • Essential session cookies — required for authentication (JWT stored in localStorage), cannot be disabled without breaking the Service;
  • Preference storage — remembers your email for future logins and your alert preferences (stored in localStorage).

We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral profiling. If we add analytics in the future, we will use privacy-respecting tools and update this Policy.

10. Security

We implement technical and organizational measures to protect your data, including:

  • TLS/HTTPS encryption in transit;
  • Database access restricted to authorized personnel;
  • Passwordless authentication (magic links) to eliminate password reuse risk;
  • Subscription verification on every sensitive API call;
  • Regular security reviews and dependency updates;
  • Incident response procedures.

No system is perfectly secure. You are responsible for keeping your email account secure, as possession of your email grants access to your OddIntel account.

11. Children

The Service is strictly for users aged 18 or older(or 21+ where required by local law). We do not knowingly collect data from children. If you believe a minor has provided us with data, contact privacy@oddintel.io and we will delete it immediately.

12. Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.

13. Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or the Service. Material changes will be communicated via email or a prominent notice on the Service at least 14 days before taking effect. The date at the top of this Policy reflects the latest revision.

14. Contact

For any privacy-related questions or to exercise your rights:

idealink, inc.
Attn: Data Protection
131 Continental Drive, Suite 301
Newark, DE 19713
United States

Email: privacy@oddintel.io
General support: support@oddintel.io