Privacy Policy — Milo Bets

Last updated: 1 June 2026

This Privacy Policy explains how Jacob Orsborn-Smith ("Milo Bets", "we", "us", "our") collects, uses, shares and protects your personal data when you use the Milo Bets mobile application (the "App"). It also explains your rights and how to exercise them. We are the data controller for the personal data described here.

Contact: jacoborsbornsmith@gmail.com
Postal address: 111 Heene Road, Worthing, West Sussex, BN11 4PH, United Kingdom

If you do not agree with this policy, please do not use the App.

⚠️ Minimum age. Milo Bets is strictly for users aged 17 and over. It is not directed at children and we do not knowingly collect data from anyone under 17 (or under 13 in any jurisdiction). See section 9.

1. A quick summary

We collect the minimum we need to run a social party-game: your email, display name, date of birth (to confirm you are 17+), the bets/forfeits you create or join, your win/loss record, your purchase entitlements, and a device token so we can send notifications.
We use it to provide the game, keep accounts secure, deliver purchases, send notifications and comply with the law.
We do not sell your personal data and do not use it for third-party advertising.
Payments are handled by Apple — we never see or store your card details.
Our backend runs on Supabase; some data may be processed outside the UK/EEA under appropriate safeguards (section 6).
You can delete your account and all associated data at any time from Profile → Delete account, or by emailing us.

2. The personal data we collect

2.1 Information you give us

Data	Why we have it
Email address	To create and secure your account, log you in (one-time codes), and contact you about the service.
Password	To secure your account. Passwords are hashed by our authentication provider; we never store them in readable form and cannot see them.
Display name	Shown to other members of your bet rooms.
Date of birth	To verify you meet the 17+ age requirement. We store it; we do not publish it.
Gameplay content	The bets you create, forfeit text and forfeit-pack choices, group ("bet room") names, join codes, lock-ins, who you bet with, and the outcome (who lost).
Support communications	If you contact us, we keep your messages and our replies.

2.2 Information created through your use of the App

Data	Why we have it
Win/loss record & history	To power leaderboards ("Ranks"), your stats and bet history.
Group membership	To show you the right rooms and members.
Purchase entitlements	A record of which forfeit packs you own (your user ID, the pack ID and date), so you can restore purchases across devices.
Notifications	Records of in-app/push notifications generated for you (e.g. "everyone locked in", "you were the loser").

2.3 Information collected automatically

Data	Why we have it
Device push token	A token from Apple Push Notification service so we can deliver notifications. Stored only if you allow notifications.
Device/platform info	e.g. that you are on iOS, app version.
Technical & log data	IP address, connection/log data and basic request metadata generated by our hosting/backend for security, abuse-prevention and reliability.

2.4 Payment data

Purchases of forfeit packs are processed by Apple via the App Store using your Apple ID. We do not receive or store your card or payment details. We only receive confirmation of the purchase so we can unlock content for your account.

We do not collect special-category data (e.g. health, race, religion), do not run third-party advertising or tracking SDKs, and do not perform automated decision-making with legal or similarly significant effects.

3. How and why we use your data (and our legal bases)

Purpose	Legal basis (UK/EU GDPR)
Create your account, run the game, show bets/rooms	Performance of a contract
Verify you are 17+	Legal obligation / legitimate interests
Secure accounts, prevent fraud/abuse, reliability	Legitimate interests
Deliver and restore in-app purchases	Performance of a contract
Send push notifications (joins, bet started, you lost)	Consent (revocable in device settings)
Respond to support requests	Legitimate interests / contract
Comply with legal, tax and accounting obligations	Legal obligation
Defend or bring legal claims	Legitimate interests

Where we rely on legitimate interests, we have balanced those against your rights and consider our use proportionate. You can object — see section 8.

4. Who we share your data with

We share data only as needed to run the App. We do not sell your personal data.

Other users. Your display name, your participation in shared bet rooms, your lock-in status and your win/loss outcomes are visible to the other members of rooms you join. Your email and date of birth are not shown to other users.

Provider	What they do	Where
Supabase, Inc.	Database, authentication, hosting, realtime and serverless functions (core backend).	Hosted in the EU (West EU — Ireland, eu-west-1); US company, data may be processed in the US (section 6).
Apple Inc.	App distribution, In-App Purchases, Apple Push Notification service.	US / global
Supabase, Inc. (transactional email)	Sending verification / one-time-code emails.	US / EU

We may also disclose data: (a) to comply with a legal obligation or lawful request; (b) to protect the rights, safety or property of users, the public or us; (c) to enforce our Terms; or (d) in connection with a merger, acquisition or sale of assets (we will notify you). All processors are contractually bound to protect your data and process it only on our instructions.

5. How long we keep your data

Account & gameplay data: while your account is active.
On account deletion: we delete your profile, gameplay content, device tokens and notifications. Residual copies may persist in encrypted backups for up to 30 days, then are overwritten.
Purchase / transaction records: up to 6 years where required by UK tax and accounting law, even after account deletion.
Support communications: typically up to 24 months.
Security/log data: a short rolling window set by our hosting provider.

6. International data transfers

Our backend provider (Supabase) and Apple may process personal data outside the UK and EEA, including in the United States. Where we transfer data outside the UK/EEA we rely on appropriate safeguards, which may include the UK International Data Transfer Agreement / Addendum and the EU Standard Contractual Clauses, and/or transfers to providers relying on recognised adequacy mechanisms (e.g. the EU–US / UK–US Data Privacy Framework). For a copy of the relevant safeguard, email jacoborsbornsmith@gmail.com.

7. How we protect your data

Encryption in transit (HTTPS/TLS) for all App-to-backend communication;
Hashed passwords — never stored in plain text;
Row-Level Security so each user can access only their own data and the rooms they belong to;
restricted, role-based access to production systems;
payment handling delegated to Apple, so card data never touches our systems.

No system is perfectly secure, but we work to protect your data and will notify you and the relevant regulator of a breach where legally required.

8. Your rights

Subject to applicable law, you have the right to: be informed; access; rectify; erase ("right to be forgotten" — use Profile → Delete account); restrict or object to processing based on legitimate interests; data portability; withdraw consent at any time (e.g. turn off notifications); and not be subject to solely automated decisions with legal/significant effects (we do not do this).

To exercise a right, email jacoborsbornsmith@gmail.com. We respond within one month (extendable by two further months for complex requests). We may verify your identity first.

Complaints. In the UK you can complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113. In the EEA, you may complain to your local supervisory authority. We'd appreciate the chance to resolve it first.

9. Children

Milo Bets is intended only for users aged 17 or over and is not directed at children. We apply an age gate at sign-up and do not knowingly collect data from anyone under 17, and in no event from a child under 13. If you believe a child has provided us data, contact jacoborsbornsmith@gmail.com and we will delete it promptly.

10. United States — California privacy rights

If you are a California resident, the CCPA/CPRA gives you rights to know, access, delete, and correct your personal information, and to not be discriminated against for exercising these rights. We do not "sell" or "share" personal information for cross-context behavioural advertising as defined under California law. To exercise your rights, email jacoborsbornsmith@gmail.com.

11. Cookies and similar technologies

The App is a native mobile application and does not use advertising cookies. We use local on-device storage only to keep you signed in and run the App. We do not use third-party analytics or advertising trackers.

12. Changes to this policy

We may update this policy. If we make material changes we will update the "Last updated" date and, where appropriate, notify you in-app or by email. Continued use after changes take effect constitutes acceptance.

13. Contact us

Jacob Orsborn-Smith
111 Heene Road, Worthing, West Sussex, BN11 4PH, United Kingdom
Email: jacoborsbornsmith@gmail.com

This document is a template prepared for Milo Bets and is provided for general informational purposes. It is not legal advice. Before publishing, have it reviewed by a qualified solicitor and complete all {{PLACEHOLDERS}}.