Stake IPL
Legal

Privacy Policy

Last updated: 23 March 2026

This Privacy Policy explains how StakeIPL (https://stakeipl.bet) collects, uses, and protects your personal information when you use our service, including when you sign in via Google or Discord OAuth.

Google Sign-In

Public users

Discord Sign-In

Admin access only

  1. 1

    Information We Collect

    When you sign in to StakeIPL using Google or Discord OAuth, we receive and store the following data from those providers:

    • Your name or display name
    • Your email address (Google)
    • Your Discord user ID (Discord login only)
    • Your profile picture URL
    • OAuth account identifiers (provider + account ID)

    We do not collect passwords, payment information, or any data beyond what is listed above.

  2. 2

    How We Use Your Information

    Your data is used solely for the following purposes:

    • Authenticating your identity so you can submit bet entries
    • Linking your bet submissions to your account
    • Displaying your name within the platform
    • Restricting admin access to authorised Discord accounts only

    We do not sell, rent, or share your personal data with any third parties for marketing purposes.

  3. 3

    Google OAuth

    We use Google Sign-In (OAuth 2.0) to allow users to authenticate without creating a separate password. By signing in with Google you agree to Google's Privacy Policy. We only request the openid, email, and profile scopes — we never access your Google Drive, Gmail, Calendar, or any other Google services.

  4. 4

    Discord OAuth

    Discord sign-in is reserved exclusively for admin accounts. By connecting via Discord you agree to Discord's Privacy Policy. We only request the identify and email scopes to verify your Discord user ID against our admin whitelist. We do not access your servers, messages, or friends list.

  5. 5

    Data Storage & Security

    Your account data is stored in a PostgreSQL database hosted on Neon (Neon Tech, Inc.), protected by TLS encryption in transit and encryption at rest. Session tokens are signed with a server-side secret and stored in secure, HTTP-only cookies. We follow OWASP security best practices including CSRF protection and rate limiting on all authenticated endpoints.

  6. 6

    Data Retention

    We retain your account and submission data for the duration of the IPL promotion season. You may request deletion of your account and all associated data at any time by emailing [email protected]. We will process deletion requests within 30 days.

  7. 7

    Cookies & Sessions

    We use a single session cookie (__Secure-next-auth.session-token) to maintain your authenticated session. This is a strictly necessary cookie — no advertising, analytics, or tracking cookies are used on this site.

  8. 8

    Your Rights

    You have the right to:

    • Access the personal data we hold about you
    • Request correction of inaccurate data
    • Request deletion of your data
    • Withdraw consent at any time (by revoking OAuth access in your Google/Discord account settings)
  9. 9

    Changes to This Policy

    We may update this Privacy Policy from time to time. Changes will be reflected by the “Last updated” date at the top of this page. Continued use of the site after changes constitutes acceptance of the updated policy.

  10. 10

    Contact Us

    If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at [email protected] or visit https://stakeipl.bet.

This policy applies exclusively to https://stakeipl.bet and the StakeIPL promotion platform.