1. Who we are
BYN ("Bet Your Nuts") is a play-money sports prediction platform operated by SouthScale (in incorporation) ("we", "us", "our"). BYN is accessible at bynapp.online and through our mobile applications.
Data Controller:
SouthScale (in incorporation)
privacy@southscale.co.uk
If you have any questions about this Privacy Policy or how we handle your data, please contact us at privacy@southscale.co.uk.
2. What BYN is — and what it is not
BYN is a play-money only platform. No real money is ever staked, wagered, or paid out. All credits ("nuts") are virtual and have no monetary value. BYN is not a gambling service and is not regulated as one.
3. What data we collect and why
3.1 Account data — from Google Sign In
| Data | Purpose | Legal basis |
|---|---|---|
| Full name | Your display name on BYN | Contract |
| Email address | Account identification, notifications | Contract |
| Google user ID | Securely linking your account | Contract |
| Profile photo URL | Not used or stored | N/A |
3.2 Profile data — provided by you
| Data | Purpose | Legal basis |
|---|---|---|
| Display name | Shown on leaderboards | Contract |
| Country | Country leaderboard filtering | Contract |
| Age confirmation (17+) | App store compliance | Legal obligation |
| Referral code used | Awarding referral bonuses | Legitimate interest |
3.3 Game data
| Data | Purpose | Legal basis |
|---|---|---|
| Bets placed | Running the prediction market | Contract |
| Wallet balances | Tracking your nuts per competition | Contract |
| Round standings | Leaderboards and season history | Contract |
| Favourite teams | Leaderboard filtering | Contract |
3.4 Usage data
We collect standard server logs including IP address, browser and device type, pages visited, and timestamps. Used for security monitoring and improving the platform. Legal basis: legitimate interest.
3.5 Advertising data (if applicable)
If you choose to watch ads to earn nuts ("ad boost"), our advertising partners may collect ad impression data and device identifiers for ad delivery. This is subject to the privacy policies of the relevant ad network. We will always inform you before displaying ads.
4. How we use your data
We use your data to:
- Create and maintain your account
- Run the prediction market (process bets, calculate payouts, maintain leaderboards)
- Send transactional emails (lockout reminders, round settlement notifications)
- Detect and prevent fraud or abuse
- Comply with legal obligations
- Improve the platform
We do not sell your personal data to third parties, use your data for automated decision-making, or share your data with advertisers beyond what is necessary for ad delivery.
5. Who we share your data with
| Recipient | Purpose | Location |
|---|---|---|
| Supabase Inc | Database and authentication infrastructure | EU (Ireland) |
| Vercel Inc | Web hosting and content delivery | EU/US |
| Google LLC | Authentication (Google Sign In) | US |
| Resend Inc | Transactional email delivery | US |
| Stripe Inc (future) | Payment processing for premium features | US/EU |
Where data is transferred outside the UK or EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Account data (name, email, country) | Until you delete your account, or 3 years of inactivity |
| Game data (bets, standings) | 3 years after the season recorded |
| Server logs | 90 days |
| Ad view records | 12 months |
When you delete your account, we delete all personal data within 30 days, except where required by law.
7. Your rights under UK GDPR
Right of access — Request a copy of all personal data we hold about you.
Right to rectification — Ask us to correct inaccurate data.
Right to erasure — Ask us to delete your account and all associated data.
Right to restriction — Ask us to stop processing your data in certain circumstances.
Right to data portability — Request your data in a machine-readable format.
Right to object — Object to processing based on legitimate interest.
Right to withdraw consent — Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@southscale.co.uk. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Cookies
BYN uses essential cookies only:
| Cookie | Purpose | Duration |
|---|---|---|
| Authentication session | Keeps you logged in | Session / 7 days |
| Supabase auth token | Secure session management | 7 days |
We do not use advertising cookies, analytics cookies, or tracking pixels without your explicit consent.
9. Children and age restrictions
BYN is rated 17+ in line with Apple App Store and Google Play Store guidelines for apps containing simulated gambling content. We do not knowingly collect data from anyone under 17. If you believe a child has registered, please contact us at privacy@southscale.co.uk and we will delete the account immediately.
10. Security
- All data transmitted over HTTPS/TLS
- Passwords are never stored — authentication is handled entirely via OAuth
- Database access is protected by Row Level Security (RLS)
- API keys and credentials are stored as environment variables, never in source code
11. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the app. The "last updated" date at the top of this page will always reflect the most recent version.
12. Contact
Email: privacy@southscale.co.uk