Invite friends & stack free entries weekly!

Sign Up

Privacy Policy

Last updated: February 2026 · Version 1.0

1. What We Collect

We collect the following information:

  • Account data: Name, email address, phone number (optional), password hash (if using credentials login).
  • OAuth data: Provider ID and profile information when you sign in with Google or other OAuth providers we may support.
  • Age verification: Confirmation that you are 18 or over.
  • Payment data: Stripe processes your payment securely. We store order references but not full card details.
  • Prize payout details: Bank details (sort code, account number) submitted by winners for prize payment.
  • Postal free entries: Name, address, and email provided on postal entries.

2. How We Use Your Data

  • To operate the draw: manage entries, process payments, determine winners, pay prizes.
  • To communicate with you: draw results, instant-win notifications, magic link sign-in emails, support responses.
  • To enforce fair play: deduplication of free entries by email.
  • To comply with legal obligations: age verification, financial record-keeping.

3. Data Storage & Security

Your data is stored securely in our database hosted on Neon (PostgreSQL). The application is hosted on Vercel. All connections use TLS/SSL encryption. Passwords are hashed with bcrypt. Bank details for prize payouts are handled with care — collected only when needed and access is restricted.

4. Cookies & Sessions

We use httpOnly, secure session cookies for authentication. SameSite policy is set to “lax” to prevent CSRF attacks. We do not use tracking or advertising cookies.

5. Third Parties

  • Stripe: Processes payments. Subject to Stripe's privacy policy.
  • Google: OAuth sign-in. Subject to Google's privacy policy.
  • Resend: Sends transactional emails (magic links, notifications).
  • Neon: Database hosting. Data stored in the EU.
  • Vercel: Application hosting.

6. Your Rights

Under GDPR and UK data protection law, you have the right to access, correct, delete, or export your personal data. You can update your information in the account settings, or contact us to request deletion. We will respond within 30 days.

7. Data Retention

Account data is retained while your account is active. Order and entry records are retained for legal and audit purposes. Bank details submitted for prize payouts are deleted once the payment is confirmed, unless retention is required by law.

8. Contact

For privacy-related questions, use the contact form in your account area.

9. Your Data Requests

You can request a full export of your personal data or request account deletion by contacting us through the support form. Data export requests are fulfilled within 30 days. Account deletion will permanently remove your personal data, except where retention is required by law (e.g. financial records).