Privacy Policy

UnitLocker ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sports prop picks service (the "Service"). By using the Service you agree to the practices described here.

If you have questions or concerns, contact us at [email protected].

Information you provide directly

• Account information — your full name and email address when you register.
• Payment information — subscription payments are processed by Stripe. We do not store your full card number, CVV, or banking details. Stripe handles all payment data in accordance with PCI-DSS standards. We receive only a tokenized customer reference and high-level billing details (e.g. last 4 digits, card type, subscription status, and renewal date).

Information collected automatically

• Device and browser information — browser type, operating system, and device type.
• Usage data — pages visited, picks viewed, features used, and time spent in the app.
• IP address — collected for security and fraud prevention.
• Authentication tokens — we use HTTP-only JWT cookies to maintain your session. These are not accessible to client-side scripts and expire after 7 days.

We use the information we collect to:

• Create and maintain your account.
• Provide access to the picks feed based on your subscription status.
• Process and manage subscriptions securely via Stripe.
• Send transactional emails (account creation, subscription confirmation, cancellation).
• Respond to your support requests.
• Monitor usage patterns to fix bugs and improve the Service.
• Detect, investigate, and prevent fraudulent or unauthorized activity.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

We do not sell, trade, or rent your personal information. We share information only in these limited circumstances:

• Stripe — for subscription payment processing. Stripe operates as an independent data controller for payment data. Their privacy policy is available at stripe.com/privacy.
• MongoDB Atlas — our database infrastructure provider, used to store account and subscription data. Data is stored securely and access-controlled.
• Legal requirements — if required by law, court order, or governmental authority.
• Protection of rights — if we believe disclosure is necessary to protect the rights, property, or safety of UnitLocker, our users, or the public.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email prior to any such transfer.

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes (for example, Stripe may retain billing records for tax purposes).

Aggregated, anonymized usage data may be retained indefinitely as it cannot be used to identify you.

We implement industry-standard security measures to protect your information, including:

• Encrypted data transmission via HTTPS/TLS.
• JWT-based authentication stored in HTTP-only cookies, preventing client-side access.
• Passwords stored as bcrypt hashes — we never store plaintext passwords.
• Access controls limiting internal access to user data.

No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

We use a single HTTP-only session cookie to keep you logged in. This cookie does not track you across third-party websites and is automatically cleared when it expires (after 7 days) or when you log out.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that send data to external services.

You have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — request that we correct inaccurate or incomplete data.
• Deletion — request that we delete your account and personal data.
• Subscription management — cancel your subscription at any time by contacting us.
• Opt-out of communications — unsubscribe from non-transactional emails by contacting us directly.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

UnitLocker is not directed to anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will promptly delete it.

The Service may contain links to third-party websites such as our Discord community or sportsbook partners. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If changes are material, we will notify you via email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or data requests regarding this Privacy Policy, please contact us: