Privacy Policy
In short. We process a small amount of ordinary business data about our customers and visitors. Separately, our Intelligence engine analyses publicly available player conversations to surface aggregated, brand-level patterns. We do not build profiles of individual players and we do not collect player names, emails, account IDs, transactions, or financial records.
1. Who we are and what this covers
DataFlair.ai (“DataFlair”, “we”, “us”) provides a business-only intelligence and operations platform for licensed iGaming affiliates. This Privacy Policy explains how we handle data across our marketing website, the subscription application, our APIs, and the Intelligence ingestion pipeline. It does not cover third-party sites or the practices of operators or platforms we link to or analyse.
For data about our customers, prospects, and website visitors we act as a controller. For Customer Content that a customer puts into their workspace we act as a processor on that customer’s instructions, as described in our Security & Data Processing page and these documents.
2. The two very different kinds of data we handle
It is important to understand that DataFlair handles two separate categories of data, and treats them very differently:
- Ordinary business data about the people who run affiliate businesses and visit our site: customer account data, billing metadata, support messages, and website usage. This is normal B2B personal data and is covered in section 3.
- Publicly available player-conversation content that powers the Intelligence engine. This is analysed for aggregated, brand-level and market-level patterns, not to identify or profile any individual. This is covered in section 4, and it is the most important section to read.
3. Personal data we collect from customers and visitors
| Category | Examples | Why |
|---|---|---|
| Account data | Name, work email, company, role, password (hashed), two-factor settings, API tokens, profile photo | Create and secure your workspace, authenticate users, provide support |
| Billing metadata | Plan, billing contact, transaction references and status from our payment processor | Take payment, manage subscriptions, prevent fraud. Card details are handled by the processor; we do not store full card numbers |
| Customer Content | Brands, offers, deals, campaigns, toplists, trackers, goals, automation rules, notes you enter | Operate the modules you use; processed on your instructions |
| Support and communications | Messages you send us, demo requests, enquiry forms | Respond to you, run demos and trials, improve the service |
| Usage and device data | Log data, audit-trail records (who did what and when), IP address, browser type, feature and AI usage | Security, abuse prevention, metering, reliability, product improvement |
| Cookies and similar | Sign-in, security, preference, and (with consent) analytics identifiers | See the Cookie Policy |
4. How the Intelligence engine works, and our privacy stance
The Intelligence module analyses conversations that players post publicly on forums, review sites, communities, and social platforms. We do this to understand how players experience operator brands so that affiliate businesses can make better, more player-respecting decisions.
What we do not do: we do not build profiles of individual players; we do not try to identify the real person behind a username or handle; and we do not collect, enrich, score, or store player names, email addresses, account IDs, individual transactions, balances, or financial records. We are interested in patterns about brands, not in people.
We minimise any incidental personal data within public quotes, prefer aggregation over individual statements, and use evidence for brand-level context only. We do not use this content to make decisions about, advertise to, or contact any individual, and the platform must not be used by customers to do so either (see the Acceptable Use & AI Policy).
Where this processing involves personal data within the meaning of data-protection law, our lawful basis is our and our customers’ legitimate interests in producing market and reputation intelligence from public commercial discourse, balanced against the limited, public, and aggregated nature of the processing. If you believe a public quote we surface identifies you, see section 11 and we will review it, and remove or further aggregate it where appropriate.
5. Operator and brand data
We also process commercial information about gambling operators and brands, such as licences, markets, deal terms, public terms-and-conditions changes, and performance data returned by operator dashboards or APIs that a customer connects under their own authorisation. This data is generally commercial rather than personal. Customers are responsible for being authorised to connect those sources.
6. Why we process data and our legal bases
- To provide the service (performance of our contract with you).
- To secure, monitor, meter, and improve the platform, and to produce aggregated intelligence (our legitimate interests, and those of our customers).
- To take payment and meet accounting, tax, and legal duties (legal obligation and contract).
- To send service messages (contract) and, for marketing, only with your consent or where otherwise permitted, with an easy opt-out.
- Non-essential cookies are used only with consent (see the Cookie Policy).
7. AI processing
We use artificial intelligence to classify conversations, summarise evidence, draft content, build dashboard-scraping prompts, answer questions in Ask AI, and produce recommendations. Where a customer enables Ask AI or connects an external AI client through MCP, workspace data the customer chooses to expose may be processed by AI providers under that customer’s own configuration and authorisation. We do not sell personal data, and we do not permit customer workspace content to be used to train third-party foundation models for unrelated purposes. AI output is probabilistic and may be inaccurate; it is decision support, not advice.
8. Sharing and subprocessors
We do not sell personal data. We share data only with service providers who process it on our behalf under contract, including Stripe (payment processing), DigitalOcean (hosting and infrastructure, in the United States), Sendmail (transactional email), and multiple AI model providers used inside product features. Consent-based website analytics is planned and not active yet. We may also disclose data where required by law, to protect rights and safety, or in connection with a corporate transaction. The current list of subprocessors is on our Security & Data Processing page, which we update when they change.
9. International transfers
DataFlair.ai operates from the United States and data is primarily processed there. If you are located outside the United States, using the service involves transferring your data to, and processing it in, the United States and other countries where our providers operate. Where required for transfers from the European Economic Area or the United Kingdom, we rely on appropriate safeguards such as standard contractual clauses. Contact [email protected] for details of the safeguards relevant to your data.
10. Retention
We keep account and billing data for as long as you have a workspace and for a limited period afterwards to meet legal, accounting, and dispute needs. Audit and security logs are kept for a limited retention window. Customer Content is available for export for a window after termination and is then deleted or anonymised. Aggregated and derived intelligence that does not identify a customer or an individual may be retained as part of the platform’s knowledge base.
11. Your rights
Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. Customers can also export workspace data using the in-app data export. To exercise a right, email [email protected]. We will respond within the time the law requires and may need to verify your identity. You may also complain to your local data-protection supervisory authority, though we ask that you contact us first so we can help.
12. Players and individuals: how to reach us
DataFlair is not a service for players and does not knowingly track individual players. If you are a player or other individual and you believe that a public quote or piece of content we surface identifies you or relates to you, contact [email protected] with enough detail to locate it. We will review it promptly and remove, redact, or further aggregate it where appropriate.
13. Children
The service is for businesses and is not directed to children or to consumers. We do not knowingly collect personal data from anyone under 18 as a user of the service.
14. Cookies and security
Our use of cookies and similar technologies is described in the Cookie Policy. The technical and organisational measures we use to protect data are described on the Security & Data Processing page.
15. Changes and contact
We may update this Privacy Policy and will change the date above. If a change is material we will give reasonable notice. For any privacy question or request, contact [email protected].
Questions about this policy? Email [email protected].