Tychefy
Data protection

Tychefy Privacy Policy

This policy explains how the platform processes personal data, on what legal bases such processing rests, and which safeguards and rights may apply when you use the service.

Last updated: 19/02/2026

This Privacy Policy explains how we process personal data when you use the Tychefy platform (the “Service”). Where the General Data Protection Regulation (GDPR) applies, processing is carried out in accordance with the principles of lawfulness, transparency, data minimisation, and security.

1. Data controller and contact details

The data controller for the operation of Tychefy is Acrossmedia241 LTD, registered at Kyriakou Matsi 3, Roussos Limassol Tower, 3040, Limassol, Cyprus. For privacy-related matters, data protection requests, or questions about this Policy, please contact ds@acrossmedia241.com.

2. Categories of data

  • Account and identification data: email address, user identifier, and authentication-related data handled through an identity provider, such as Clerk.
  • Subscription and billing data: subscription status, transaction identifiers, and payment event records. We do not store full card details, which are handled by the payment provider, such as Stripe.
  • Technical and operational data: IP address, where it appears in logs, user-agent, timestamps, application errors, and diagnostic information used for security and reliability purposes.
  • Usage data and user inputs: inputs that you submit, such as recent draw information or joker number values, as well as operational history files that you update through the Service.

3. Purposes of processing and legal bases

  • Provision of the Service (Article 6(1)(b) GDPR): account creation and management, access to platform features, and presentation of outputs.
  • Legitimate interests (Article 6(1)(f) GDPR): security, prevention of misuse, troubleshooting, and improvement of service reliability.
  • Legal obligation (Article 6(1)(c) GDPR): accounting, tax, and related compliance obligations where required.
  • Consent (Article 6(1)(a) GDPR): non-essential cookies and analytics, where consent is required by applicable law.

4. Cookies and similar technologies

We use technically necessary cookies and similar storage technologies for authentication, session continuity, security, and basic service operation. We also store the user’s cookie-banner choice locally in the browser in order to remember that preference on the same device and browser.

At the present time, Tychefy does not use analytics or marketing cookies on the public website. If non-essential analytics, advertising, or similar technologies are introduced in the future, this Policy and the Cookie Policy will be updated and any required consent mechanism will be applied before such technologies are activated.

5. Recipients and service providers

The Service relies on third-party providers for infrastructure and operational functionality, including Vercel for hosting and deployment, Clerk for authentication and identity services, and Stripe for payment processing and subscription-related billing events.

Depending on the relevant processing activity, such providers may act as processors on our behalf or, for limited parts of their own service operation, as independent controllers under their own legal documentation. Where required, appropriate contractual and transfer safeguards are applied.

6. Transfers outside the EEA

Where personal data are transferred outside the European Economic Area, appropriate safeguards, such as Standard Contractual Clauses, are applied where required.

7. Retention period

We retain data for as long as necessary to provide the Service, to comply with legal obligations, and to address security or incident-resolution needs for a reasonable period. Following an account deletion request, data are deleted or anonymised where feasible, subject to any mandatory retention requirements.

8. Security

We implement technical and organisational measures, including access controls, encryption in transit, event logging, and limitation of privileges. No method of transmission or storage can, however, guarantee absolute security.

9. Data subject rights

Depending on the applicable legal framework, you may exercise rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also lodge a complaint with the competent supervisory authority.

10. Automated decision-making

The Service generates probabilistic outputs for the purpose of supporting the organisation of selections and is not intended to produce legal effects or otherwise bind you. The final decision on whether and how to use any output remains exclusively your own.

11. Minors

The Service is not intended for minors. If we become aware that data relating to a minor have been collected, we will take steps to restrict processing or delete the relevant data.

12. Changes to this Policy

We may update this Privacy Policy from time to time. The current version will be published on this page together with the updated effective date.