Privacy Policy
Effective Date: April 10, 2026 · Last Updated: April 10, 2026
SoloOdds (“we,” “us,” or “our”) operates the SoloOdds website at soloodds.io and related Discord and Telegram bots (collectively, the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have regarding your data.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
1. Data Controller
SoloOdds is operated by the SoloOdds project team. For privacy-related inquiries, contact us at privacy@soloodds.io.
Note on physical address: CAN-SPAM requires a valid postal address in commercial emails. We are in the process of establishing a mailing address (PO Box or virtual mailbox) and will add it here and to email footers before the Service sends its first commercial email (the weekly digest). If you need a postal address for a legal request in the meantime, contact privacy@soloodds.io and we will provide one.
2. What Data We Collect
2.1 Account Information
When you create an account, we collect the data necessary to authenticate you and deliver the Service:
- Email address — collected directly (magic link sign-in) or from your OAuth provider.
- Discord user ID and username — if you sign in or connect via Discord.
- Telegram user ID — if you sign in or connect via Telegram.
- X (Twitter) account identifier — if you sign in via X/Twitter OAuth.
- Display name and avatar URL — as provided by your OAuth provider.
2.2 Fleet and Mining Configuration
To personalize your coin rankings and alerts, we store:
- Device profiles — hardware model (selected from our database), optional custom device name, optional hashrate and wattage overrides.
- Electricity rate — a single rate in $/kWh that you provide. This is used solely to calculate expected value and cost estimates. We do not attempt to infer your location from this data.
- Display preferences — whether you show electricity costs in rankings, your preferred currency, and timezone.
2.3 Alert Preferences and History
- Alert configuration — which alert types are enabled, thresholds, quiet hours, digest day and time, and which delivery channels (Discord, Telegram, email) are active.
- Alert history — a record of alerts we sent you, including type, coin, title, body, and delivery status. Alert history is retained for 30 days, then automatically deleted.
2.4 Subscription and Payment Data
Stripe customer ID and subscription metadata — plan tier, billing cycle, subscription status, and period dates. We store only Stripe's reference identifiers. We never store your credit card number, bank account details, or full payment credentials. All payment processing is handled by Stripe (for card payments) or OpenNode (for Bitcoin payments). Refer to Stripe's Privacy Policy and OpenNode's Privacy Policy for details on how they handle your payment information.
2.5 Bot Connection Data
If you connect a Discord or Telegram bot for alert delivery, we store platform user ID, username, and (for Discord) a cached DM channel ID so we can send you alerts without additional API lookups.
2.6 Analytics Data
We use Plausible Analytics for website usage analytics. Plausible is a privacy-focused, cookieless analytics service. It does not use cookies, does not collect personal data, and does not track individual users across sessions. All data is aggregated. See Plausible's Data Policy for details.
We do not use Google Analytics, Meta Pixel, or any tracking-based analytics service.
2.7 Server Logs
Vercel, our hosting provider, collects standard server access logs (IP address, request URL, user agent, timestamp) as part of its infrastructure. These logs are retained for up to 3 days under Vercel's Pro plan and are not accessible to us for user identification purposes. See Vercel's Privacy Policy.
2.8 Data We Do NOT Collect
- We do not collect wallet addresses, private keys, or any cryptocurrency holdings information.
- We do not access your mining hardware directly. We have no connection to your miners, AxeOS instances, or pool accounts.
- We do not collect your physical location, GPS coordinates, or IP-based geolocation data for our own purposes.
- We do not purchase data about you from third-party data brokers.
3. How We Use Your Data
We use the data described above for the following purposes:
- Providing the Service — authenticating your account, storing your fleet configuration, computing personalized coin rankings, and delivering alerts via your chosen channels.
- Billing and payments — processing subscription charges through Stripe or OpenNode, managing plan changes, and preventing fraud.
- Service communications — sending transactional emails (magic links, alert delivery, account changes) and, if you opt in, weekly digest emails.
- Improving the Service — aggregated, non-personal analytics via Plausible to understand which pages are visited and where traffic comes from.
- Legal compliance — responding to lawful requests from authorities, enforcing our Terms of Service, and protecting against fraud or abuse.
We do not use your data for behavioral advertising, profiling, or automated decision-making that produces legal or similarly significant effects.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data are:
- Performance of a contract — processing your account data, fleet configuration, and alert preferences is necessary to provide the Service you signed up for (Article 6(1)(b) GDPR).
- Legitimate interest — server logging and fraud prevention serve our legitimate interest in maintaining a secure and reliable Service (Article 6(1)(f) GDPR).
- Consent — marketing communications (such as upgrade prompts in the weekly digest) are sent only with your explicit opt-in consent, which you can withdraw at any time (Article 6(1)(a) GDPR).
5. How We Share Your Data
We do not sell, rent, or trade your personal data to third parties. We share data only with the following categories of service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Vercel (US) | Hosting, serverless functions, cron jobs | Server logs (IP, request data) |
| Neon (US) | PostgreSQL database | All stored user data (encrypted at rest) |
| Stripe (US) | Card payment processing | Email, Stripe customer ID |
| OpenNode (US) | Bitcoin payment processing | Subscription metadata |
| Resend (US) | Transactional and digest emails | Email address, email content |
| Discord (US) | OAuth authentication, alert delivery | Discord user ID, DM content |
| Telegram (UAE/Global) | OAuth authentication, alert delivery | Telegram user ID, message content |
| X/Twitter (US) | OAuth authentication | X account identifier |
| Plausible (EU) | Privacy-focused website analytics | No personal data (cookieless, aggregated) |
| CoinGecko (Malaysia) | Cryptocurrency price data | No user data shared |
International Data Transfers
Several of our service providers are based in the United States. If you are located in the EEA, UK, or Switzerland, your data may be transferred to the US. We rely on the following safeguards:
- The EU-US Data Privacy Framework, where applicable.
- Standard Contractual Clauses (SCCs) approved by the European Commission, where the Data Privacy Framework does not apply.
- Provider-specific certifications and security measures as documented in their respective privacy policies.
6. Cookies and Tracking
We do not use tracking cookies. Plausible Analytics is entirely cookieless.
Our authentication system uses a session cookie strictly necessary to keep you logged in. This cookie:
- Contains only a session token (no personal data or tracking identifiers).
- Is set with
HttpOnly,Secure, andSameSite=Laxattributes. - Expires when your session ends or after a defined inactivity period.
Because we use only strictly necessary cookies, no cookie consent banner is required under GDPR. However, we disclose this cookie here for full transparency.
7. Data Retention
We retain your data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data (profile, fleet, preferences) | Until you delete your account |
| Alert history | 30 days, then automatically deleted |
| Coin snapshot data (not personal) | 90 days, then automatically deleted |
| Expired sessions and verification tokens | Pruned daily |
| Server logs (Vercel) | Up to 3 days (Vercel Pro tier) |
| Stripe subscription records | Until you delete your account, then removed via CASCADE |
When you delete your account, all associated data is permanently removed from our database immediately (see Section 8).
8. Your Rights
8.1 Rights Under GDPR (EEA, UK, Switzerland)
You have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data. You can update most data directly in your dashboard settings.
- Erasure (“right to be forgotten”) — request deletion of your account and all associated data.
- Data portability — receive your data in a structured, machine-readable JSON format.
- Restrict processing — request that we limit how we use your data while a complaint is resolved.
- Object — object to processing based on legitimate interest.
- Withdraw consent — withdraw your consent for marketing communications at any time, without affecting the lawfulness of prior processing.
- Lodge a complaint — file a complaint with your local data protection authority.
8.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information.
- Opt out of sale — we do not sell your personal information to third parties. We never have and never will.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
8.3 How to Exercise Your Rights
- Data export: Use the “Export My Data” feature in your account settings, or send a GET request to
/api/user/exportwhile authenticated. This returns a JSON file containing all your personal data. Limited to one export per day. - Account deletion: Use the “Delete Account” option in your account settings, or contact us at privacy@soloodds.io. Deletion is permanent and cascades to all associated data (devices, preferences, bot connections, alert history, and subscription records). Active Stripe subscriptions are canceled automatically before deletion. You will be asked to re-authenticate before deletion is executed.
- Other requests: Email privacy@soloodds.io. We will respond within 30 days (or sooner where required by law).
9. Data Security
We implement the following measures to protect your data:
- All data in transit is encrypted via TLS (HTTPS).
- Database storage is encrypted at rest (Neon's default encryption).
- Authentication tokens are signed with HMAC-SHA-256 and verified using constant-time comparison.
- OAuth state parameters are enforced to prevent cross-site request forgery.
- Magic link tokens are single-use and expire after 24 hours.
- API endpoints are rate-limited to prevent abuse.
- We do not store passwords — authentication is handled entirely through OAuth providers and magic links.
No system is perfectly secure. If you discover a security vulnerability, please report it to security@soloodds.io.
10. Children's Privacy
SoloOdds is not directed at anyone under 16 years of age. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@soloodds.io.
11. Third-Party Links
The Service may contain affiliate links to hardware retailers (such as Solo Satoshi, D-Central, and Altair Tech) and mining pools. These third-party sites have their own privacy policies, and we are not responsible for their practices. We encourage you to review their policies before providing them with any personal data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last Updated” date at the top of this page.
- Notify registered users via email or an in-app banner at least 14 days before the changes take effect.
- Post the updated policy at
/privacy.
Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes.
13. Contact Us
If you have questions about this Privacy Policy or want to exercise any of your rights, contact us at:
- Email: privacy@soloodds.io
A physical mailing address will be published here before the Service begins sending commercial emails. See Section 1 for details.
If you are in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.