Privacy Policy

We use Vercel Analytics to monitor page performance and Core Web Vitals, and PostHog for product analytics including page views, feature usage, and user funnels. Vercel Analytics does not collect personally identifiable information and operates without cookies. PostHog data is used solely to improve the platform and understand how users interact with features such as predictions, player profiles, and the Argument Settler. You may opt out of PostHog tracking via cookie preferences at any time.

If you create an account (via Google OAuth or email OTP), we collect your email address, display name, favourite team preference, and favourite player selections (up to 5 players). We do not require an account to browse the platform, read predictions, view analysis articles, or access any free-tier content. Account creation is only required for personalisation features and fan prediction voting.

When you participate in fan prediction voting ("Who will win?"), we record your vote, the match it pertains to, and a timestamp. This data is tied to your user account and is used to calculate your personal prediction accuracy score, contribute to community consensus percentages, and determine leaderboard rankings. Individual votes are not shared publicly -- only aggregate statistics are displayed.

We store your onboarding preferences (favourite team, notification style) in your browser's localStorage if you are not logged in, or in our database if you have an account. These preferences include favourite team selection, favourite player selections, display preferences, and cookie consent choices. localStorage data never leaves your device.

We use essential cookies for session management and authentication (Supabase auth tokens). Analytics cookies from PostHog are only set with your explicit consent via the cookie banner. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking mechanisms. We also use localStorage for onboarding state (cricmind_onboarded_v1), favourite team preference (cricmind_fav_team), and cookie consent preferences.

When you access CricMind.ai, our servers and hosting provider (Vercel) automatically collect standard technical data including your IP address (anonymised for analytics purposes), browser type and version, operating system, device type (desktop/mobile/tablet), referring URL, pages visited, and timestamps. This data is used for security, abuse prevention, and aggregate traffic analysis.

If you submit a message through our contact form at cricmind.ai/contact, we collect your name, email address, subject, and message content. This data is sent to our team via Resend email service and is used solely to respond to your enquiry. Contact form submissions are subject to honeypot spam detection and rate limiting (maximum 3 submissions per email address per hour).

If you purchase CricMind Pro, payment processing is handled entirely by Stripe, Inc. CricMind.ai never receives, processes, or stores your credit card number, debit card number, CVV, or other sensitive payment instrument data. We receive from Stripe only a transaction confirmation, payment status, and the last four digits of your card for receipt purposes.

The "Ask CricMind" voice feature uses the Web Speech API, which is a browser-native technology. Voice input is processed locally in your browser and converted to text before being sent to our servers. We do not record, store, or transmit audio data. Only the transcribed text query is sent to our AI engine for processing.

We use technical and analytics data to maintain platform uptime, prevent abuse through rate limiting and bot detection, diagnose and fix bugs, monitor performance and Core Web Vitals, and ensure the security and integrity of the platform. This processing is necessary for the legitimate operation of CricMind.ai.

Your favourite team and player preferences are used to surface relevant match predictions, player profiles, and analysis articles first on your homepage and dashboard. Personalisation data is processed based on your explicit consent (selecting preferences during onboarding or in account settings). You can change or remove your preferences at any time.

Aggregated and anonymised usage data helps us understand which predictions, analyses, and content types are most useful to our audience. This allows us to refine our AI models, improve the Oracle Prediction Engine, prioritise editorial content, and develop new features. Individual user data is never used to train AI models -- only aggregate patterns inform product decisions.

We publicly track our AI prediction accuracy on the leaderboard page (cricmind.ai/leaderboard). Fan prediction votes are aggregated anonymously to show community consensus percentages. Your individual votes are tied to your account for your personal prediction history and accuracy score. This transparency is a core feature of CricMind.ai -- we believe in publicly demonstrating our accuracy, including when we are wrong.

If you provide your email address through account creation or the contact form, we may send you: responses to your enquiries, essential service notifications (e.g., account security alerts), match prediction results (if you opt in to email alerts), and important changes to our Terms of Service or Privacy Policy. We will never send unsolicited marketing emails without your explicit consent.

We may process your data as required to comply with applicable laws, respond to valid legal processes (court orders, subpoenas, regulatory requests), protect our legal rights and interests, and prevent fraud, abuse, or illegal activity on the platform.

We will never sell your personal data to third parties. We will never use your data for targeted advertising or ad personalisation. We will never share your data with betting operators, fantasy gaming platforms, or gambling services. We will never use individual user data to train AI models. We will never share your email address with third-party marketers.

CricMind.ai uses Anthropic Claude (large language model) and the proprietary Oracle Prediction Engine to generate predictions, analysis, and editorial content. When AI generates match predictions, it processes cricket statistical data (team records, player stats, venue history) -- not personal user data. The AI does not have access to individual user information, browsing history, or personal preferences.

When you submit a question through the "Ask CricMind" feature (text or voice), your query text is sent to our AI engine for processing. The query is used solely to generate a response and is not stored permanently or used to train AI models. Query processing happens in real-time, and the query text is discarded after the response is generated.

All AI-generated content on CricMind.ai is clearly labelled with "AI-generated analysis" tags. This labelling is in compliance with emerging AI content disclosure regulations and reflects our commitment to transparency. Users should be aware that AI-generated content may contain errors and should not be treated as authoritative human expert analysis.

Our AI provider, Anthropic, does not use API inputs to train their models. Queries processed through the Claude API are subject to Anthropic's API Terms of Service, which prohibit using customer data for model training. For more information, see Anthropic's privacy policy at anthropic.com/privacy.

CricMind.ai is hosted on Vercel's global edge network. Vercel processes standard HTTP request logs (IP addresses, user agents, request paths) for infrastructure operation. Vercel Analytics provides Core Web Vitals monitoring without collecting personally identifiable information. Privacy policy: vercel.com/legal/privacy-policy.

Supabase provides our PostgreSQL database and authentication services (Google OAuth, email OTP). Account data, fan prediction votes, and user preferences are stored in Supabase with row-level security (RLS) policies ensuring that users can only access their own data. Supabase infrastructure is hosted on AWS. Privacy policy: supabase.com/privacy.

Stripe handles all payment processing for CricMind Pro subscriptions. We never store credit card details directly. All payment instrument data is collected, processed, and stored exclusively by Stripe in accordance with PCI DSS Level 1 standards. We receive only transaction confirmations and the last four digits of your card. Privacy policy: stripe.com/privacy.

Google Firebase Realtime Database is used to push live match score updates to connected clients via WebSocket connections. Firebase processes connection metadata (IP address, connection timestamps) but does not receive or store personal user data. Live match state data (scores, ball results, win probabilities) is written to Firebase and is publicly readable. Privacy policy: firebase.google.com/support/privacy.

Anthropic's Claude AI powers all AI-generated predictions, analysis, and editorial content. User queries submitted through "Ask CricMind" are processed by Claude. Anthropic does not use API inputs to train their models. Privacy policy: anthropic.com/privacy.

Roanuz provides live cricket scores, ball-by-ball data, and match statistics. No personal user data is shared with Roanuz. Our API calls to Roanuz contain only match identifiers and authentication tokens. Privacy policy: roanuz.com/privacy-policy.

PostHog provides product analytics for understanding feature usage, user funnels, and engagement patterns. PostHog tracking is only activated with your explicit cookie consent. Data collected includes page views, feature interactions, session duration, and device/browser information. You may opt out at any time via cookie preferences or browser settings. Privacy policy: posthog.com/privacy.

Resend handles transactional email delivery for contact form responses, account notifications, and match alerts. Email addresses and message content processed through Resend are subject to Resend's privacy policy. We use Resend solely for transactional communications, not marketing. Privacy policy: resend.com/legal/privacy-policy.

Cloudinary is used for social media image compositing (logo overlay on share cards). No personal user data is shared with Cloudinary. Only generated images and CricMind brand assets are processed. Privacy policy: cloudinary.com/privacy.

xAI's Grok model is used to generate social media post images. No personal user data is included in image generation prompts. Generated images are cached on Supabase Storage before use. Privacy policy: x.ai/legal/privacy-policy.

Required for authentication, session management, and core platform functionality. These cookies are set by Supabase for auth token management and cannot be disabled without breaking login functionality. Essential cookies do not track your behaviour across other websites. They expire when your session ends or after 7 days of inactivity.

PostHog analytics cookies are only enabled with your explicit consent via the cookie consent banner. These cookies track page views, feature usage, and session information to help us improve the platform. You can manage your cookie preferences at any time through the cookie banner (accessible via the footer) or through your browser settings.

CricMind.ai uses browser localStorage (not cookies) for the following non-sensitive preferences: cricmind_onboarded_v1 (boolean indicating whether you have seen the onboarding overlay), cricmind_fav_team (your selected favourite team code, e.g., "MI" or "CSK"), and cookie consent preferences. localStorage data never leaves your device and is not transmitted to our servers.

By default, only essential cookies are active when you first visit CricMind.ai. We do not set analytics or tracking cookies until you provide explicit consent through the cookie consent banner. This approach complies with GDPR and Indian data protection requirements.

CricMind.ai does not set third-party advertising cookies, retargeting pixels, or cross-site tracking mechanisms. We do not participate in ad networks or data exchanges. If you interact with embedded social media content or follow external links from our platform, those third-party sites may set their own cookies subject to their own privacy policies.

You can manage cookies through: the CricMind.ai cookie consent banner (accessible anytime via the footer link), your browser settings (most browsers allow you to block or delete cookies), and browser extensions designed for cookie management. Note that blocking essential cookies may prevent you from logging in or accessing authenticated features.

Your account data (email, display name, preferences) is retained for as long as your account remains active. You may request deletion of your account and all associated data at any time by contacting us at legal@cricmind.ai. Account deletion requests are processed within 30 days, and all personal data is permanently removed from our systems within 90 days (to account for backup rotation).

Raw analytics events in PostHog are anonymised after 90 days. After anonymisation, individual event data cannot be linked back to any user. Only aggregate statistics (total page views, feature usage counts, conversion rates) are retained beyond the 90-day window for long-term trend analysis.

Fan prediction votes are retained for the duration of the IPL season for leaderboard calculation and accuracy tracking purposes. After the IPL season concludes, individual vote records are anonymised within 60 days. Aggregate voting statistics (community consensus percentages) are retained indefinitely as part of our historical accuracy records.

Voice input is processed in real-time via the Web Speech API in your browser. Audio is never recorded, transmitted, or stored on our servers. The transcribed text query is processed by our AI engine and discarded after the response is generated. No voice or text query data is retained.

Messages submitted through the contact form are retained in our email system for up to 12 months to maintain correspondence history and resolve any ongoing enquiries. After 12 months, contact form data is deleted unless it is part of an active legal or compliance matter.

Transaction records for CricMind Pro purchases are retained for 7 years as required by Indian tax and financial regulations. These records include transaction ID, amount, date, and payment status. Sensitive payment instrument data (card numbers) is never stored by CricMind.ai and is held exclusively by Stripe.

Vercel server logs containing IP addresses, request paths, and response codes are retained for 30 days for security monitoring and abuse prevention, after which they are automatically deleted.

You have the right to request a copy of all personal data we hold about you. We will provide this data in a structured, machine-readable format (JSON) within 30 days of receiving your request. There is no fee for this service.

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. You can update your display name, favourite team, and favourite players directly through your account settings. For corrections to other data, please contact us.

You may request complete deletion of your account and all associated personal data at any time. Upon receiving a deletion request, we will: delete your account and profile data within 30 days, anonymise your fan prediction votes within 30 days, remove your data from all backups within 90 days, and confirm deletion via email. Note that we may retain certain data where required by law (e.g., payment records for tax compliance).

You have the right to request your personal data in a structured, commonly used, machine-readable format (JSON). This includes your account data, prediction history, and preferences. We will fulfil portability requests within 30 days.

You may withdraw consent for non-essential data processing (such as analytics tracking) at any time without affecting the lawfulness of prior processing. You can withdraw consent by: changing your cookie preferences via the consent banner, contacting us at legal@cricmind.ai, or deleting your account entirely.

You have the right to object to the processing of your personal data for specific purposes, including analytics and personalisation. If you object, we will cease the specific processing unless we can demonstrate compelling legitimate grounds that override your interests.

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of data or when processing is unlawful but you prefer restriction over deletion.

To exercise any of these rights, email us at legal@cricmind.ai with the subject line "Data Rights Request" and specify which right you wish to exercise. Please include your account email address for identity verification. We will acknowledge your request within 3 business days and fulfil it within 30 days. If we need additional time (up to 60 additional days for complex requests), we will notify you of the delay and the reason.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the appropriate data protection authority. For users in India, this is the Data Protection Board of India (once established under the DPDPA 2023). For users in the EU/EEA, you may contact your local supervisory authority.

CricMind.ai processes data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA). As a Data Fiduciary under the DPDPA, we: process personal data only for lawful purposes, obtain consent before collecting personal data (or rely on legitimate interests where applicable), provide clear notice about data collection and usage, implement reasonable security safeguards, respect data principal rights (access, correction, erasure), and do not transfer data to jurisdictions that do not ensure adequate protection without appropriate safeguards.

For users accessing CricMind.ai from the European Economic Area (EEA), United Kingdom, or Switzerland, we comply with GDPR requirements. Our legal bases for processing include: Consent (for analytics cookies and optional personalisation), Legitimate Interest (for platform security, fraud prevention, and service improvement), Contract Performance (for providing services you have requested, including Premium access), and Legal Obligation (for retaining payment records and complying with court orders).

For all data protection enquiries, including GDPR and DPDPA requests, please contact our designated data protection point of contact at legal@cricmind.ai. We will respond to all data protection requests within the timeframes mandated by applicable law.

CricMind.ai is not directed at children under the age of 13. We do not knowingly collect, store, or process personal information from children under 13. If you are under 13, you must not create an account or submit any personal information to CricMind.ai.

Users between the ages of 13 and 18 may use CricMind.ai with verifiable parental or guardian consent. Parents or guardians are responsible for monitoring their children's use of the platform and ensuring compliance with these terms.

If we discover that we have inadvertently collected personal data from a child under 13, we will delete that data promptly and terminate any associated account. If you believe a child under 13 has provided us with personal data, please contact us immediately at legal@cricmind.ai and we will take appropriate action within 48 hours.

CricMind.ai's infrastructure spans multiple geographic regions. Your data may be processed in: India (primary operations), the United States (Vercel hosting, Stripe payments, Supabase database), the European Union (Vercel edge nodes), and other regions served by our CDN (Vercel Edge Network). Data is routed to the nearest edge location for optimal performance.

When personal data is transferred outside India or the EEA, we ensure adequate protection through: contractual safeguards (Standard Contractual Clauses or equivalent) with our service providers, selecting service providers who maintain certifications such as SOC 2 Type II, ISO 27001, or PCI DSS, and ensuring that data is encrypted in transit (TLS 1.2+) and at rest. All our third-party service providers (Vercel, Supabase, Stripe, Anthropic) maintain their own compliance certifications and data protection commitments.

CricMind.ai currently does not offer data localisation (storing data exclusively within a specific country). If Indian data localisation requirements become mandatory under the DPDPA or successor regulations, we will implement the necessary measures to comply within the mandated timeframes.

All data transmitted between your browser and CricMind.ai is encrypted using TLS 1.2 or higher (HTTPS). Data at rest in our database (Supabase/PostgreSQL) is encrypted using AES-256. API keys, authentication tokens, and other sensitive credentials are stored as encrypted environment variables and are never exposed in client-side code.

Our database implements row-level security (RLS) policies ensuring that authenticated users can only access their own data. Administrative access to infrastructure and databases is restricted to authorised personnel with multi-factor authentication (MFA). API endpoints are protected by rate limiting (Upstash Redis) to prevent abuse and brute-force attacks.

CricMind.ai uses Supabase Auth with Google OAuth and email OTP -- we do not store passwords. QR tokens for the event check-in system are HMAC-SHA256 signed to prevent forgery. All authentication tokens have expiration times and are rotated regularly.

We use Sentry for real-time error tracking and Vercel monitoring for infrastructure health. In the event of a security breach affecting personal data, we will: notify affected users within 72 hours of discovery (as required by GDPR and DPDPA), report the breach to relevant data protection authorities, conduct a thorough investigation and implement remediation measures, and publish a post-incident report (redacted as necessary to protect user privacy and security).

While we implement industry-standard security measures, no method of electronic transmission or data storage is 100% secure. We cannot guarantee absolute security against all possible threats. Users are responsible for maintaining the security of their own devices, accounts, and credentials.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes: we will update the "Last updated" date at the top of this page; for material changes, we will post a prominent notice on the Platform for at least 14 days; where feasible and for significant changes, we will notify registered users via email; and we will maintain an archive of previous versions upon request.

Continued use of CricMind.ai after changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree with any changes, you should discontinue use of the Platform and, if applicable, request deletion of your account and personal data.

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data. This page is accessible at any time via the footer links on every page of CricMind.ai.

For all privacy-related enquiries, data rights requests, or concerns about our data handling practices, please contact us at legal@cricmind.ai with the subject line "Privacy Enquiry". We will acknowledge receipt within 3 business days and provide a substantive response within 30 days.

For general platform enquiries: hello@cricmind.ai. For press and media: press@cricmind.ai. For API partnerships: api@cricmind.ai. Website: https://www.cricmind.ai/contact.

CricMind.ai is operated by CricMind Technologies, supported by Unified Investments LLC, Dubai. By using this platform, you consent to the processing of your data in accordance with this Privacy Policy, our Terms of Service, and applicable law.