Privacy Policy

The minimum needed to operate the Service:

• Account record - email address, an opaque user ID, account creation timestamp. Created when you first sign in. Retained until account deletion.
• Session record - a session token tied to your account that keeps you signed in. Expires after 30 days of inactivity.
• Sign-in tokens - a short-lived (24 hour) verification token created when you request a sign-in email. Deleted on use or expiry.
• Subscription record - your Stripe customer ID, Stripe subscription ID, current plan tier (Pro / Pro+), subscription status (active / past_due / canceled / etc.), and current billing period end. Updated by Stripe webhooks.
• Operational logs - standard server access logs (IP, request path, response code, timestamp) retained for up to 7 days for debugging and abuse prevention. Not used for analytics or profiling.
• In-memory caches - responses from the-odds-api and Kalshi's public endpoints, cached for up to 5 minutes per request to reduce upstream load. Cleared on every server redeploy.

We do not store your Kalshi API key, your Kalshi private key, your the-odds-api key, your Anthropic key, your bankroll, your bets, your auto-trade entries, or your order history on our servers.

The following data is held exclusively in your browser's localStorage, under the key better.config.v1, and is never persisted on our servers:

• Your Kalshi API key ID and private key (PEM)
• Your the-odds-api key (if you provided one)
• Your Anthropic API key (if you provided one)
• Your starting bankroll, risk caps, and Kelly fraction
• Your kill-switch state and daily-loss tracker
• Your auto-trade entries
• Your local order log (the bets you've placed through the dashboard)

These values are sent to our servers only as in-flight HTTP headers on the API requests that need them, encrypted in transit by TLS, and discarded after the response is returned. They are not written to logs, databases, or any other persistent store on our side.

To delete your local data, click "wipe local data" in Settings, or clear site data for evpluspro.com in your browser.

• Kalshi: your authenticated API requests for balance, positions, market data, and orders, signed with your private key. Their terms and privacy policy apply to that data.
• the-odds-api.com: requests for sports lines, using either your personal API key (if provided) or our shared service key.
• Anthropic (Claude API): the contents of your chat messages with the Pro Sports Analyst, sent using your Anthropic key. Anthropic's privacy policy applies. We don't log or retain chat content server-side.
• Stripe: your email address, billing info you enter at checkout, and subscription metadata. Stripe is the processor of record for all payments.
• Resend: your email address and the magic-link sign-in URL, only when you request a sign-in email.
• Vercel: hosts the application; receives standard request metadata (IP, user agent, headers) as part of routing.
• Neon: hosts our Postgres database where account / subscription records live.

We do not sell your data to anyone, ever.

The free dashboard sets no cookies. After you sign in, a single first-party HTTP-only session cookie is set to keep you logged in; it expires after 30 days of inactivity. We do not use third-party analytics, advertising trackers, or browser fingerprinting.

• Account record: retained until you delete your account. Email evpluspro@gmail.com with your account email to request deletion.
• Session and sign-in tokens: auto-deleted on expiry (30 days for sessions, 24 hours for sign-in links).
• Subscription records: retained for the lifetime of your account; Stripe also retains billing records as required by law.
• Server logs: 7 days, then deleted.

You can:

• Access or correct your account email by contacting evpluspro@gmail.com.
• Cancel your subscription at any time via Settings → Manage billing.
• Delete your account by canceling your subscription and emailing the address above; we delete the account row within 30 days. Stripe-side billing records remain per their retention policy.
• Wipe your locally-stored credentials at any time using the "wipe local data" button in Settings.

If you are in California, the EU, the UK, or another jurisdiction with specific privacy rights (right to access, rectification, erasure, portability, objection), email us and we'll honor those rights as required by applicable law.

All traffic to evpluspro.com is encrypted in transit via TLS. Server-side credentials (database, Stripe, Resend, Anthropic) are stored as encrypted environment variables on Vercel and are not exposed to client code. We do not have a SOC 2 certification or formal security audit, and you should not treat EVPlus as having one. Don't use this Service for activity where a breach would cause material harm.

The Service is not intended for users under 18. We do not knowingly collect data from children under 13. If you believe we have, email evpluspro@gmail.com and we'll delete it.

Material changes will be highlighted in the dashboard and emailed to active subscribers at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent change.

For privacy questions, data-deletion requests, or anything else: evpluspro@gmail.com.