Privacy Policy

Effective date: June 10, 2026

WonYet (“WonYet,” “we,” “us”) operates wonyet.com and the WonYet web application. This policy explains what we collect, why, how long we keep it, and the rights you have over it. The short version: we collect the minimum needed to check your lottery tickets, we don’t sell your data, and you can delete everything whenever you want.

1. What we collect

• Account data: your email address and a salted, hashed password (we never store the password itself). Optionally, your U.S. state — used only to personalize tax estimates and game lists.
• Ticket data: photos of lottery tickets you scan, the numbers and game details extracted from them, drawing dates, and outcomes. Ticket photos are stored privately and used solely to read your numbers and let you re-review a scan.
• Pool data: pool names, the display name you choose, and share counts.
• Payment data: handled entirely by Stripe, our payment processor. We receive your subscription status and a Stripe customer reference — never your card number.
• Notification data: if you enable push notifications, a push subscription token issued by your browser.
• Usage data: privacy-preserving product events (e.g., “a ticket was scanned”) stored in our own database, and aggregate traffic analytics from Cloudflare. We do not run third-party analytics scripts, advertising pixels, or fingerprinting.

2. How we use it

• To read your tickets (photos are processed by Anthropic’s Claude API to extract the numbers; Anthropic does not train models on this data under our API agreement);
• To check your tickets against official drawing results and notify you of outcomes;
• To operate pools you create or join, including calculating shares;
• To process subscriptions and prevent abuse (e.g., scan rate limits);
• To send drawing-reminder emails — only if you explicitly opt in, and every email has an unsubscribe link;
• To understand, in aggregate, whether the product works (scans per day, conversion) — never to profile individuals.

We do not sell or rent personal information, and we do not share it with data brokers or advertisers. Period.

3. Who we share it with

Only service providers necessary to run WonYet, each bound to use data solely to provide their service to us:

• Cloudflare — hosting, storage, and delivery of the entire application;
• Anthropic — AI reading of ticket photos you scan;
• Stripe — payments and subscription management.

We may disclose information if required by law, or to protect the rights and safety of users — and if legally permitted, we’ll tell you first.

4. How long we keep it

• Ticket photos: 90 days after upload, then deleted automatically (sooner if you delete the ticket).
• Ticket records: as long as your account exists — your win/loss history is the product.
• Account data: until you delete your account.
• Product events and cost logs: 13 months, then aggregated and deleted.
• Payment records: as required by tax and accounting law (held by Stripe).

5. Your rights

Everyone, regardless of state, can do the following from the app or by emailing privacy@wonyet.com:

• Access — get a copy of the personal information we hold about you;
• Correction — fix anything inaccurate;
• Deletion — delete your account and all associated data. We complete deletion requests within 30 days and confirm by email;
• Portability — export your ticket history in a machine-readable format.

California residents (CCPA/CPRA): you additionally have the right to know the categories of personal information we collect (listed in section 1), the right to opt out of “sale” or “sharing” of personal information (we do neither), the right to limit use of sensitive personal information (we don’t collect any), and the right not to be discriminated against for exercising these rights. We honor Global Privacy Control signals. Authorized agents may submit requests on your behalf with proof of authorization.

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws: you have substantially similar rights of access, correction, deletion, and portability, and the right to appeal a refused request by replying to our decision email; we’ll respond to appeals within 45 days.

6. Security

All traffic is encrypted in transit (TLS). Passwords are hashed with PBKDF2. Ticket photos live in private storage accessible only to your account. Payment credentials never touch our servers. No system is perfect; if a breach affects your data we will notify you promptly and as required by law.

7. Children

WonYet is for users of legal lottery age (18+, 21+ in some jurisdictions) and is not directed to children. We do not knowingly collect data from anyone under 18; if we learn we have, we delete it.

8. Changes

If we change this policy materially, we’ll notify you in the app and by email (if we have yours) at least 14 days before the change takes effect. The changelog of this document lives at /changelog.

9. Contact

Privacy questions, requests, or complaints: privacy@wonyet.com. We answer within 30 days, usually much faster.