MatchBook
Sign in

Privacy Policy

Last updated: 17 June 2026

MatchBook (operated by Bury Technologies) ("we", "us") provides a matched-betting assistant tool. This policy explains what personal data we collect, why, how we protect it, and your rights under UK GDPR. Questions or requests: alex@tilleybury.io.

What we collect

  • Account — your email address, optional display name, and a securely hashed password.
  • Betting activity you record — bets, profit/loss entries, balances, and the per-bookmaker "account health" signals derived from them.
  • Exchange connection — if you connect Betfair, we store an encrypted access/refresh token so we can place the lay bet you instruct. We never see or store your Betfair password.
  • Email connection (optional) — if you connect Gmail, we store an encrypted refresh token and read your bookmaker promotional emails read-only to extract offer details (bookmaker, offer type, stake, reward, minimum odds, expiry). See "Gmail data" below.

Gmail data (Google API Limited Use)

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We request gmail.readonly access solely to identify and summarise bookmaker offers in your inbox. We do not sell this data, use it for advertising, or use it to train generalised AI/ML models. We do not retain the raw email content beyond what is needed to derive an offer record; only the structured offer facts are stored. You can disconnect Gmail at any time, which removes the stored token.

Why we use it (legal basis)

  • Performance of our contract with you — to run the tool, track your profit, and place the lay bets you instruct.
  • Consent — for connecting Gmail and Betfair. You can withdraw consent at any time by disconnecting the account.

Who processes your data (sub-processors)

  • Supabase — managed PostgreSQL database hosting (EU region).
  • DigitalOcean — application server hosting.
  • Google — Gmail API (only if you connect Gmail).
  • Betfair — exchange API (only if you connect Betfair).

Security

Exchange and email tokens are encrypted at rest (AES-256-GCM). Each account's data is isolated at the database level (row-level security). Access is restricted to the running application.

Retention

We keep your account and activity data while your account is active. When you ask us to close your account (email us), we delete your personal data, except where we must retain limited records to meet a legal obligation. Disconnecting Betfair or Gmail deletes the associated stored token.

Your rights

Under UK GDPR you can request access to, correction of, deletion of, or a copy (portability) of your data, and you can object to or restrict processing. To exercise any right, email alex@tilleybury.io. You can also complain to the UK Information Commissioner's Office (ico.org.uk).

Cookies

We use a single essential cookie to keep you signed in. We do not use advertising or third-party tracking cookies.

Age

This service is for adults aged 18 or over only.

Changes

We may update this policy; we'll change the "last updated" date above and, for material changes, notify you in the app.