PIZZIPIZZI

Legal

Privacy Policy

Effective date: May 3, 2026

This Privacy Policy explains what information PIZZI collects from you, how we use it, and the choices you have. We aim to keep this short, plain, and honest.

1. Who we are

“PIZZI”, “we”, “us”, and “our” refer to the PIZZI application and the team that operates it. PIZZI provides a free-to-play Pick 7 prediction game on the web and on mobile.

If you have any privacy questions, contact us at support@pizzi.app.

2. Information you give us

When you create an account or use PIZZI, you give us:

  • Account data: your name, email address, a chosen username, and a password (stored only as a salted hash).
  • Profile data: optional avatar URL, display name updates.
  • Game activity: the numbers you pick, draws you enter, your wins, and any rewards earned.
  • Support messages: anything you send us through email or in-app support.
  • Payout information: the details required to send you a prize, only if and when you redeem one (for example, your payout method, account or wallet identifier, and a delivery address where applicable).
  • Identity verification (“KYC”) data: when prize values, regulatory rules, or anti-fraud signals require it, we collect and verify identity documents (such as a government-issued ID), proof of address, and date of birth so that we can confirm eligibility, age (18+), and that the person claiming a prize is the person who entered the draw.
  • Tax information: where required by law (for example, U.S. recipients of certain prize values), we collect tax forms (e.g. W-9 / W-8BEN) and a tax identifier so that we can report and withhold as required.
  • Self-exclusion preferences: if you choose to self-exclude from PIZZI, we keep a record of your request and the period it covers so that we can enforce it.

3. Information collected automatically

To run the service safely and reliably, we collect some information automatically when you use PIZZI:

  • Device and connection data: IP address, device model, operating system, app version, browser, language, and timezone.
  • Approximate location: derived from your IP address to determine eligibility and prevent fraud (e.g. country, region, city). We do not collect precise GPS location.
  • Device identifier: a fingerprint of your device used for fraud prevention and to keep multi-account abuse out of the game.
  • Usage logs: pages and features you visit, errors you hit, and the time of each request.
  • Cookies and local storage: used to keep you signed in, remember preferences, and run the app. See the Cookies section below.

4. Information from third parties

  • Google Sign-In: if you sign in with Google, Google shares your name, email, profile picture, and a Google account identifier with us.
  • reCAPTCHA: we use Google reCAPTCHA on sign-in, sign-up, and other sensitive actions to detect abuse. reCAPTCHA may collect device and behavioral signals subject to Google’s Privacy Policy.
  • Push notifications: if you enable them, we use Firebase Cloud Messaging (FCM) to deliver them. FCM receives a token tied to your device.

5. How we use your information

  • To create your account, sign you in, and operate the game.
  • To verify that you are old enough (18+) and located in an eligible region to participate.
  • To run draws, settle predictions, and credit any winnings.
  • To process and deliver prize payouts, perform identity verification (KYC) where required, and meet tax-reporting obligations.
  • To enforce self-exclusion and responsible-play limits you set, and to honor them across devices.
  • To detect, investigate, and prevent fraud, abuse, multi-accounting, and security incidents.
  • To send transactional emails (verification, password reset, receipts, important account notices).
  • To improve PIZZI: diagnose bugs, improve performance, and refine features.
  • To comply with applicable laws and respond to legal requests, including requests from gaming, consumer-protection, or financial regulators in the regions where we operate.

We do not sell your personal information. We do not run third-party advertising networks inside PIZZI, and we do not share your data with advertisers.

6. Legal bases (where applicable)

Where the GDPR or similar laws apply, we rely on the following legal bases: performing our contract with you (running your account and the game), our legitimate interests (security, fraud prevention, improving the service), your consent (e.g. for push notifications), and compliance with legal obligations.

7. Sharing your information

We share your information only in the limited cases below:

  • Service providers who run our infrastructure (cloud hosting, database, transactional email delivery, push messaging, fraud and CAPTCHA services). They process data on our instructions.
  • Identity verification (KYC) providers: when we must verify your identity, age, or address before paying out a prize, we share the documents and information you provide for that purpose with our verification provider, who returns a pass/fail result and supporting flags.
  • Payment and payout providers: when we deliver a prize, we share the minimum information needed (such as your payout method and identifier, and any tax information required by law) with the payment processor or wallet provider that delivers the payout.
  • Tax and regulatory authorities: where required by law, we report prize payouts and tax-relevant information to the appropriate authority (for example, the IRS in the United States).
  • Legal and safety: to comply with valid legal requests, to enforce our Terms, or to protect the rights, property, or safety of PIZZI, our users, or the public.
  • Business transfers: if PIZZI is involved in a merger, acquisition, or asset sale, your data may transfer to the new entity, subject to this policy.

8. Data retention

We keep account data while your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where we must keep some records to comply with law. In particular:

  • KYC and tax records: where we are required to verify identity or report payouts, we retain those records for the period required by applicable anti-money-laundering and tax law (typically 5–7 years from the date of the related transaction).
  • Fraud and security logs: signals used to detect abuse (such as device fingerprints and IP history associated with confirmed abuse) may be retained for up to 24 months after account closure to protect other users.
  • Self-exclusion records: when you self-exclude or we exclude you for safety reasons, we retain the minimum information needed (such as a hashed identifier, exclusion period, and country) to enforce that exclusion.
  • Aggregated analytics: non-identifying analytics may be retained without time limit.

9. Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete the personal information we hold about you, and to object to certain processing. You can:

  • Access and edit most of your data from the Profile page.
  • Delete your account at any time from the Profile page (when signed in) or from our public account deletion page.
  • Email us at support@pizzi.app to exercise any other rights you may have.

10. Security

We use industry-standard safeguards: TLS in transit, encryption of sensitive fields at rest, hashed passwords, restricted access to production systems, and continuous logging. No system is perfectly secure, so please use a unique password and enable Quick Sign-In or biometric protection on your device where supported.

11. Children

PIZZI is not intended for and may not be used by anyone under the age required by their jurisdiction (typically 18 years). We do not knowingly collect personal data from minors. If you believe a minor has used PIZZI, contact us and we will remove the account.

12. International transfers

We may process and store information in countries other than the one you live in. Where required, we put appropriate safeguards in place (such as standard contractual clauses) to protect your data when it moves across borders.

13. Cookies and local storage

PIZZI uses cookies and browser storage to keep you signed in, remember preferences, and operate security features (e.g. CSRF protection, reCAPTCHA, fraud detection). We do not use third-party advertising cookies. You can clear storage from your browser at any time, but the app may not work correctly afterward until you sign in again.

14. Changes to this policy

If we make material changes, we’ll update the effective date at the top of this page and, where appropriate, notify you in-app or by email. Continued use of PIZZI after the change means you accept the revised policy.

15. Contact

Questions, requests, or concerns? Email support@pizzi.app. We aim to respond within 30 days.