The Pundit← Back

Plain English

Privacy Policy

We collect the minimum we need to run a fair prediction game. No tracking pixels, no ad networks, no resale of your data. The Pundit is strictly 18+.

What we store

  • Email — to identify your account and let you sign in.
  • Username — public, shown on the leaderboard and profile.
  • Password — stored hashed by our auth provider. We never see it.
  • Nationality — shown publicly as a country flag on your profile and the leaderboard.
  • Date of birth — used only to verify you are 18+. Your raw date of birth is never displayed publicly; only an "18+ confirmed" status is shown.
  • Profile completion status — a timestamp marking when your profile was completed and locked.
  • Your picks & in-game coins — to run the game.
  • Email opt-in flag — only "yes/no", set by you.

What we don't store

  • No real name, phone number, or address.
  • No payment information.
  • No precise location data.

Email

We split email into two clear categories:

  • Essential account communications (always sent). Sign-in, account confirmation, email verification, password reset, email change, and security or service notices. These are operational — you can't opt out of them while you have an account.
  • Optional updates & reminders (consent-based). Competition reminders, prediction updates, leaderboard moments and useful product updates. Off by default. You opt in at signup or any time from your account page, and you can turn them off again from the same place.

We do not run commercial email marketing — no third-party promotions, no affiliate offers, no partner campaigns sent to your inbox. Email links may include UTM parameters so we can attribute clicks to our own campaigns; we strip them from the URL after the page loads.

Analytics & product measurement

We use privacy-conscious analytics plus our own product event tracking to measure things like signups, first picks, leaderboard unlocks and email-campaign clicks. We use this to improve onboarding, gameplay and retention.

  • No sensitive personal information (password, date of birth, exact age) is sent to analytics.
  • We do not sell your personal data.
  • As the product evolves we may introduce additional privacy-conscious measurement, attribution, audience-measurement or onsite monetisation tooling (for example onsite advertising or sponsorship). Where the law requires it, we will provide clear notice and consent controls before enabling any such tooling for you.

Advertising preferences

You can choose not to see gambling-related advertisements from your account page. If disabled, we will suppress gambling-related ads, bookmaker creatives, and odds CTAs, and may show house ads, sports content, or non-gambling sponsor messages instead. This setting is reversible and is separate from self-exclusion, which is a stronger, regulatory control.

Competition integrity

To keep the game fair we apply some lightweight integrity checks:

  • Profile identity (username, nationality, age confirmation) locks after first completion. Changes after that require contacting support.
  • We monitor for duplicate or automated accounts and may restrict or remove accounts used to manipulate the leaderboard.
  • We may use account metadata (signup time, picks, account state) to detect abuse.

Private Leaderboards

We store private leaderboard membership, join requests, approval status, ownership information, and moderation actions so private leaderboards can function correctly.

When you create or join a private leaderboard we store the membership (which leaderboard you belong to and your request status — pending, approved, rejected, removed, or left) and any moderation reasons an admin records. Invite codes are encrypted at rest (AES-256-GCM) and only revealed to the admin. We keep short security logs of moderation actions for support purposes.

What approved members can see inside a private leaderboard:

  • Your display name / username.
  • Your standing within that competition.
  • The fact that your membership has been approved.

What stays private:

  • Pending requests to join are only visible to the requester and the leaderboard's admin.
  • Invite links and invite codes are intended for private sharing — treat them as private.

Attribution

We may store campaign attribution information, referral information, and invite-link attribution data to understand how people discover and use The Pundit.

Preferences & Account Restrictions

We store communication preferences, advertising preferences, and responsible-gaming related account restrictions where applicable.

Who we share with

Only the infrastructure providers we need to run the app (hosting, database, auth, email delivery, match data, privacy-first analytics). They process data on our behalf and don't use it for their own purposes.

Deleting your account

You can delete your account at any time from your account page. When you do:

  • Your email and login are removed. The email becomes free to reuse.
  • Your username is replaced with an anonymised placeholder.
  • Your past picks remain in the game so historical pots stay fair, but they are no longer linked to you.

Your rights

You can access, correct, export, or delete your data. Most of this is one click on the account page. For anything else, email [email protected].

Who runs The Pundit?

The Pundit is operated by ThePundit.io, a registered sole proprietorship in the Netherlands.

  • Trading as: The Pundit
  • Address: Le Mairekade 77, 1013 CB Amsterdam, The Netherlands
  • KvK: 78451914
  • Contact: [email protected]

Last updated: June 2026.