cookedaf
Start cooking
Legal

Privacy Policy

How CookedAF collects, uses, shares, and protects your information, and the privacy rights you can exercise.

Last updated June 9, 2026

Introduction and Scope

Effective date / last updated: June 9, 2026.

This Privacy Policy explains how [registered entity name], operator of CookedAF ("CookedAF," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit cookedaf.ai or use our services (collectively, the "Service").

CookedAF is an informational AI sports-betting analytics tool and parlay builder. We compute no-vig (de-vigged) fair odds, expected value (EV), estimated true hit probability, and best-price line shopping across sportsbooks, and we use AI to flag potentially mispriced legs. NBA is our first supported sport.

Important: CookedAF is not a sportsbook, not a broker or exchange, and not a financial or investment adviser. We accept no wagers and hold no customer funds. The Service is informational only and does not provide betting, financial, or investment advice. EV and probability figures are model-based estimates, not certainties; there is no guarantee of winning, and gambling involves a real risk of loss.

The Service is intended only for adults 21 years of age or older, primarily located in the United States. By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

For questions or to exercise your rights, contact us at privacy@cookedaf.ai.

Information We Collect

We collect the following categories of personal information, depending on how you interact with the Service:

Information you provide to us

  • Account information. When you create an account, we collect your email address and authentication credentials (for example, a hashed password or a third-party sign-in identifier).
  • Subscription information. If you purchase a Pro subscription, our payment processor (Stripe) collects and processes your payment details. We do not collect or store full payment card numbers ourselves. We may receive limited billing metadata from Stripe, such as your subscription status, plan, billing country, the last four digits of a card, and transaction identifiers.
  • Communications. If you contact us at support@cookedaf.ai or privacy@cookedaf.ai, we collect the contents of your message and any information you choose to include.

Information we collect automatically

  • Authentication and session data. Session tokens, sign-in timestamps, and similar data used to keep you logged in and to secure your account.
  • Usage data. Features you use, parlays and legs you build, queries you run, pages viewed, clicks, click-outs to operators, and timestamps.
  • Device and analytics data. IP address, approximate location derived from IP (used among other things for geofencing sportsbook links to legal states), browser type, operating system, device identifiers, referring/exit URLs, and similar diagnostic data.
  • Cookies and similar technologies. Including analytics cookies and affiliate-attribution cookies/identifiers ("subids"), described in the next section.

We do not intentionally collect special categories of sensitive personal data, and we ask that you not submit such data to us.

Cookies and Tracking Technologies

We and our service providers use cookies, local storage, pixels, and similar technologies. We use two main categories that are important to understand:

Strictly necessary cookies

These keep you logged in, maintain your session, support security, and remember basic preferences. The Service does not function properly without them.

Analytics cookies

We use analytics cookies and similar identifiers to understand how the Service is used — for example, which features are popular, how users navigate, and where errors occur. This helps us measure performance and improve the Service. Analytics data may be aggregated or pseudonymized, but it can constitute personal information in some jurisdictions.

Affiliate-attribution cookies and subids

Because we earn affiliate commissions when users click out to third-party operators, we use affiliate-attribution cookies and identifiers, commonly called "subids." A subid is a tracking parameter (often a random or pseudonymous identifier) that we attach to a click-out link or store in a cookie. When you click a link to a sportsbook or prediction market and later take an action there (such as registering or depositing), the operator or affiliate network can match that action back to the subid and tell us that a referral occurred. This is how affiliate commissions are attributed and paid.

Affiliate-attribution cookies generally allow us to know that a referral and qualifying event happened and to reconcile commissions; they are not used by us to receive your wagering details or account balances from operators.

Managing cookies

Where required by law (for example, in the EEA, UK, and similar jurisdictions), we present a consent banner and obtain consent before setting non-essential cookies (including analytics and affiliate-attribution cookies). You can also manage cookies through your browser settings and, where offered, through our cookie-preferences control. Disabling certain cookies may affect Service functionality, and disabling affiliate-attribution cookies may prevent referrals from being attributed.

How We Use Your Information

We use personal information for the following purposes:

  • Provide and operate the Service — create and manage your account, authenticate you, maintain sessions, and deliver analytics features such as de-vigged odds, EV, true-probability estimates, line shopping, and AI-flagged legs.
  • Process subscriptions — manage Free and Pro tiers, process payments through Stripe, and handle billing, renewals, and cancellations.
  • Power AI features — send relevant inputs to our AI provider (Anthropic) to generate analytics and flag potentially mispriced legs.
  • Geofencing and compliance — use approximate location to restrict sportsbook deep links to U.S. states with legal online sports betting and to enforce our 21+ eligibility requirement.
  • Affiliate attribution and monetization — set and read affiliate-attribution cookies/subids, attribute click-outs and qualifying events, and reconcile commissions with operators and affiliate networks.
  • Analytics and improvement — understand usage, debug, measure performance, and develop new features.
  • Communications — respond to support and privacy requests and send service-related messages (and, where permitted, optional marketing you can opt out of).
  • Security and fraud prevention — protect the Service, detect and prevent abuse, and maintain integrity of accounts.
  • Legal compliance — comply with applicable laws, respond to lawful requests, and enforce our terms.

We do not use your information to place bets, and we do not provide individualized betting, financial, or investment advice.

Legal Bases for Processing (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases of the GDPR (and UK GDPR):

  • Performance of a contract — to create and operate your account, provide the Service, and process your subscription, including authentication, session management, and core analytics features you request.
  • Consent — for non-essential cookies and similar technologies (including analytics and affiliate-attribution cookies/subids) where required, and for any optional marketing communications. You may withdraw consent at any time, without affecting processing already carried out.
  • Legitimate interests — to secure the Service, prevent fraud and abuse, understand and improve how the Service is used, and operate our affiliate monetization model, where such interests are not overridden by your rights and freedoms.
  • Legal obligation — to comply with applicable laws and respond to lawful requests.

Where we rely on legitimate interests, you may object to that processing as described in "Your GDPR Rights." You can contact us at privacy@cookedaf.ai for more information about the balancing tests we apply.

How We Share Information; Service Providers and Partners

We share personal information only as described below. We do not sell payment card data, and we do not collect full card numbers (Stripe handles card data directly).

Service providers (processors)

We share information with vendors that process data on our behalf under contractual confidentiality and data-protection obligations:

  • Stripe — payment and subscription processing. Stripe collects and processes your payment details directly under its own privacy policy.
  • Anthropic — AI provider used to generate analytics and flag potentially mispriced legs. We send relevant inputs needed to produce these features.
  • Odds data provider (e.g., The Odds API) — supplies market odds used to compute fair odds, EV, and line shopping. We generally send query-related data rather than your identity.
  • Analytics provider(s) — measure usage and performance of the Service.
  • Cloud hosting and infrastructure provider(s) — host the Service and store data securely.

Affiliate and advertising partners (click-outs)

When you click a link to a third-party operator — sportsbooks such as Hard Rock Bet, BetMGM, and DraftKings (geofenced to U.S. states with legal online sports betting) and prediction markets such as Kalshi and Polymarket — you leave CookedAF and are subject to that operator's own terms and privacy policy.

On click-out, the operator or affiliate network typically receives the affiliate-attribution identifier (subid) and standard referral/click metadata (such as the referring link, timestamp, and technical data like IP address and user-agent that any website receives when you visit it). This allows the referral and any qualifying event (for example, a registration or deposit you complete on the operator) to be attributed back to us so that commissions can be calculated and paid. We do not transfer your CookedAF account email to operators for this attribution purpose.

Other disclosures

We may disclose information to comply with law or lawful requests, to enforce our terms, to protect rights, property, and safety, and in connection with a merger, acquisition, financing, or sale of assets (subject to this Policy).

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

  • Account and authentication data — retained while your account is active and for a reasonable period afterward to handle reactivation, disputes, and legal obligations.
  • Subscription and billing metadata — retained as needed for accounting, tax, and audit obligations (often several years under applicable law).
  • Usage, device, and analytics data — retained for a limited period for analytics, security, and improvement, then deleted or aggregated/anonymized.
  • Cookies and subids — retained for the lifetime set on each cookie or as needed to attribute referrals and reconcile commissions, after which they expire.
  • Communications — retained as long as needed to address your inquiry and for recordkeeping.

When we no longer need personal information, we delete it or anonymize it. You may request deletion as described in "Your Privacy Rights," subject to legal retention requirements.

Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, and alteration. These measures may include encryption in transit, access controls, hashed credentials, segregation of sensitive functions (for example, delegating card processing to Stripe), logging, and monitoring.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for using a strong, unique password. If you believe your account has been compromised, contact us immediately at support@cookedaf.ai.

International Data Transfers

We are based in, and primarily operate in, the United States. If you access the Service from outside the United States, your personal information may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. These countries may have data-protection laws that differ from those in your jurisdiction.

Where we transfer personal data from the EEA, UK, or Switzerland to countries that have not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable) and supplementary measures as needed. You may contact privacy@cookedaf.ai to request more information about these safeguards.

Your GDPR / UK and EEA Rights

If you are in the EEA or UK, you have the following rights, subject to conditions and exceptions under applicable law:

  • Access — obtain confirmation of whether we process your data and a copy of it.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your data in certain circumstances.
  • Restriction — request that we limit processing in certain circumstances.
  • Portability — receive certain data in a structured, commonly used, machine-readable format and, where feasible, have it transmitted to another controller.
  • Objection — object to processing based on legitimate interests, and to direct marketing at any time.
  • Withdraw consent — where we rely on consent (including for non-essential cookies), withdraw it at any time without affecting prior processing.
  • Lodge a complaint — with your local supervisory authority (and, in the UK, the Information Commissioner's Office).

To exercise these rights, email privacy@cookedaf.ai. We may need to verify your identity before responding. We will respond within the timeframes required by law.

Your California / U.S. State Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended (CCPA/CPRA), provides you the following rights, subject to exceptions:

  • Right to know — the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it.
  • Right to delete — request deletion of personal information we collected from you.
  • Right to correct — request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — see below.
  • Right to limit use of sensitive personal information — to the extent we process any such information.
  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

"Do Not Sell or Share My Personal Information" and affiliate sharing

We do not sell your personal information for money. However, under the broad definitions of "sell" and "share" (sharing for cross-context behavioral advertising) in California law, some of our analytics and affiliate-attribution activities — including the use of affiliate-attribution cookies/subids and the disclosure of click-out and referral identifiers to operators and affiliate networks — may be considered a "sale" or "share."

To opt out, you can use the "Do Not Sell or Share My Personal Information" link/control provided on the Service, adjust your cookie preferences, or send a request to privacy@cookedaf.ai. Where supported, we honor opt-out preference signals such as Global Privacy Control (GPC). Opting out may prevent referrals from being attributed and may limit certain analytics.

We do not knowingly sell or share the personal information of individuals under the age required by applicable law. Residents of other U.S. states with comprehensive privacy laws may have similar rights; contact us at privacy@cookedaf.ai to exercise them.

Authorized agents may submit requests on your behalf with proof of authorization, and we may take steps to verify your identity.

Children and Age Restrictions

The Service is intended only for adults who are 21 years of age or older, primarily in the United States. It is not directed to anyone under 21, and we do not knowingly collect personal information from anyone under 21 (and, in all cases, not from children under 13 within the meaning of the U.S. Children's Online Privacy Protection Act).

If you are under 21, do not use the Service or provide us any information. If we learn that we have collected personal information from someone under the applicable age, we will delete it. If you believe a minor has provided us with personal information, contact us at privacy@cookedaf.ai.

Responsible gambling

Gambling involves real risk of loss. If you or someone you know may have a gambling problem, help is available:

  • 1-800-GAMBLER
  • National Council on Problem Gambling (NCPG) — ncpgambling.org
  • State self-exclusion programs, and operator-level deposit/time limits and self-exclusion tools.

CookedAF provides informational analytics only and does not guarantee outcomes.

Changes to This Policy; How to Contact Us

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "last updated" date above and, where appropriate, provide additional notice (for example, by email or an in-Service notice). Your continued use of the Service after an update takes effect constitutes acceptance of the revised Policy, except where additional consent is required by law.

How to exercise your rights and contact us

  • Privacy requests and rights: privacy@cookedaf.ai
  • General support: support@cookedaf.ai
  • Operating entity: [registered entity name]
  • Mailing address: [registered business address]

This Privacy Policy is governed by the laws of the State of Delaware, USA [adjustable], without regard to its conflict-of-laws principles, except where mandatory local data-protection law applies to you.