Privacy Policy — LottoBase

Last updated: 14 October 2025

This Privacy Policy describes how Approphet ("we", "our", "us") collects, uses, and shares information when you use the LottoBase mobile application (the "App"). Your privacy is important to us, and we are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Data Controller: Approphet
Contact Email: [email protected]
Jurisdiction: United Kingdom

We are the data controller responsible for your personal data collected through the App.

2. Information We Collect

2.1 Information You Provide Directly

Account Information

• Username
• Email address
• Password (stored in encrypted form)
• Account preferences and settings

Subscription & Payment Data

• Subscription status and tier (monthly/yearly)
• Purchase receipts and transaction IDs
• Payment processing is handled by Apple App Store, Google Play Store, and RevenueCat. We do not collect, process, or store payment card details directly.

Saved Lottery Tickets

• Ticket information you manually enter or scan via QR code
• Ticket names, numbers, draw dates, and game types
• Win/loss history and notifications preferences for specific tickets

2.2 Information Collected Automatically

Device & Technical Information

• Device model, manufacturer, and operating system version
• Unique device identifiers (for analytics and app functionality)
• App version and crash reports
• IP address and general location data (country/region level only)

Usage Data

• Features accessed and frequency of use
• Session duration and navigation patterns
• Interaction with notifications
• Anonymised analytics to improve app performance and user experience

Camera Access for QR Scanning

• When you use the ticket scanning feature, the App accesses your device camera to scan lottery ticket QR codes
• The camera feed is processed locally on your device in real-time
• QR code content is decoded on-device and is not recorded, stored, or transmitted unless you explicitly choose to save the scanned ticket to your account
• We do not have access to your camera feed or any images captured

2.3 Information from Third Parties

Lottery Data

• Draw results, jackpot amounts, game statistics, and historical data retrieved from publicly available lottery information sources
• This data is stored in our backend (Supabase) and does not contain any personal information about you

Authentication Providers

• If you sign in using Apple Sign In or Google Sign In, we receive basic profile information (name, email) as permitted by those services

3. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract Performance — to provide the App's services you have subscribed to (Article 6(1)(b))
• Legitimate Interests — to improve the App, prevent fraud, and ensure security (Article 6(1)(f))
• Consent — for optional features such as marketing notifications and camera access (Article 6(1)(a))
• Legal Obligation — to comply with applicable laws and regulations (Article 6(1)(c))

4. How We Use Your Information

Core Functionality

• Provide access to lottery statistics, historical data, and draw results
• Enable account creation, authentication, and management
• Process and validate QR code scans of lottery tickets
• Save and manage your virtual and scanned tickets
• Check your tickets against draw results and notify you of wins

Communications

• Send service-related notifications (account confirmations, subscription updates)
• Deliver optional push notifications when enabled:
  • Draw reminders
  • Jackpot alerts (when thresholds are met)
  • Winning ticket notifications
  • Ticket expiry reminders

Improvement & Analytics

• Analyse app usage to improve features and user experience
• Conduct anonymised statistical analysis
• Debug technical issues and improve app stability
• Develop new features based on user behaviour

Legal & Security

• Comply with legal obligations and requests from authorities
• Prevent fraud, abuse, and security threats
• Enforce our Terms of Service

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share limited data in the following circumstances:

Service Providers

We work with trusted third-party service providers who process data on our behalf:

• Supabase — backend database and authentication (data hosted in EU/UK regions)
• RevenueCat — subscription and payment management
• Apple/Google — authentication services and app distribution
• Analytics providers — anonymised usage analytics

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal Requirements

We may disclose your information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety, or that of our users or the public
• Detect, prevent, or address fraud or security issues

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

6. Data Storage, Retention & Security

Storage Location

Your data is stored on secure servers provided by Supabase, with data centers located in the European Union and/or United Kingdom to ensure UK GDPR compliance.

Retention Period

• Active accounts: Data is retained for as long as your account is active
• Deleted accounts: Data is permanently deleted within 30 days of account deletion
• Legal obligations: Some data may be retained longer if required by law
• Analytics data: Anonymised usage data may be retained indefinitely for statistical purposes

Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication protocols (password hashing, OAuth)
• Regular security audits and updates
• Access controls and monitoring
• Secure backup procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Camera & Device Permissions

Camera Access

The App requests camera permission solely for the lottery ticket QR code scanning feature:

• Camera access is requested only when you choose to scan a ticket
• The camera feed is processed locally on your device in real-time
• No images or video are recorded, stored, or transmitted
• You can revoke camera permission at any time through your device settings (this will disable QR scanning)

Push Notifications

The App requests notification permission to send you:

• Draw result alerts
• Winning ticket notifications
• Jackpot threshold alerts
• Ticket expiry reminders

You can manage notification preferences in the App's Settings or through your device settings.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data when it is no longer necessary or if you withdraw consent

Right to Restrict Processing

Request limitation on how we use your data in certain circumstances

Right to Data Portability

Receive your data in a structured, commonly used format to transfer to another service

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes

Right to Withdraw Consent

Withdraw consent at any time for processing based on consent (e.g., marketing notifications)

Right to Lodge a Complaint

Lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk

To exercise these rights, contact us at [email protected]

9. Your Choices & Controls

Account Management

• Update your account information, username, or email in the App's Settings
• Change your password or reset it if forgotten
• Delete your account at any time via Settings (this permanently deletes all associated data)

Notifications

• Enable or disable specific notification types in the App's Settings
• Manage push notification permissions through your device settings
• Unsubscribe from promotional emails via the unsubscribe link in each email

Camera Access

• Grant or revoke camera permission through your device settings
• Camera is only activated when you choose to use the QR scanning feature

Subscription Management

• View, modify, or cancel your subscription through the App Store (iOS) or Google Play Store (Android)
• Manage subscription preferences via RevenueCat links in the App

10. Age Restrictions

The App is intended for users aged 18 and over only.

In compliance with UK National Lottery regulations and gambling laws, we do not knowingly collect information from individuals under 18 years of age. If we become aware that a user is under 18, we will immediately delete their account and associated data.

If you believe a minor has created an account, please contact us at [email protected].

11. International Data Transfers

Your data is primarily stored within the United Kingdom and European Union. If data is transferred outside these regions, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK ICO
• Adequacy decisions recognising equivalent data protection standards
• Other legally recognised transfer mechanisms

12. Cookies & Tracking Technologies

The App does not use browser cookies. We may use mobile analytics SDKs and similar technologies to collect usage data. These technologies:

• Help us understand how the App is used
• Enable us to improve functionality and performance
• Provide anonymised aggregate statistics

You can limit tracking through your device settings (e.g., "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).

13. Third-Party Links & Services

The App may contain links to external websites or reference third-party lottery services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

Important: LottoBase is not affiliated with, endorsed by, or connected to the UK National Lottery or Allwyn Entertainment.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App features.

We will notify you of significant changes by:

• Displaying a prominent notice within the App
• Sending an email to the address associated with your account
• Updating the "Last updated" date at the top of this policy

Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

15. Contact Us & Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Subject Line: Privacy Inquiry - LottoBase

We will respond to your inquiry within 30 days as required by UK GDPR.

For complaints or concerns about how we handle your data, you may also contact the UK Information Commissioner's Office:

ICO Website: https://ico.org.uk
ICO Helpline: 0303 123 1113

Additional Information for App Store Compliance

For users in the United Kingdom

This App complies with the UK GDPR and the Data Protection Act 2018. Your personal data is processed lawfully, fairly, and transparently. You have the right to access, correct, delete, restrict, or object to the processing of your personal data.

Disclaimer: This App is for entertainment and educational purposes only. We do not facilitate gambling, ticket purchases, or real-money wagering. Always verify winning numbers with official lottery sources. Past results do not predict future outcomes. Lottery drawings are random events.

Terms of Use: Apple Standard EULA

Copyright © 2025 Approphet. All rights reserved.