Privacy Policy

Updated April 2026
  • TipStrike (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information from users worldwide who access our website https://tipstrike.com ("Website") or purchase a subscription.

  • 1. Data Controller

    The data controller responsible for your personal data is:

    • Legal name: TIPSTRIKE SRL
    • Registered office: 88 Calea Mosilor, Romania
    • Trade Register number: J2026032230004
    • Fiscal code (CUI/CIF): 54701734
    • EUID: ROONRC.J2026032230004
    • Privacy contact: office@tipstrike.com
  • 2. What We Collect

    a) Visitors (no account):

    • IP address and approximate geolocation derived from it
    • Browser and device type, operating system
    • Referring pages, pages visited, time spent
    • Cookie identifiers (subject to your consent — see Cookie Policy)

    b) Registered users:

    • Email address, password (stored hashed and salted)
    • Display name, avatar (optional)
    • Country, timezone
    • Authentication tokens for "Remember me" sessions
    • Identifiers from social login providers (e.g. Google) where applicable
    • Consent records (age, terms, newsletter, cookie, subscription waiver) with timestamps and IP
    • Account activity such as last login, favorites, predictions viewed

    c) Newsletter subscribers:

    • Your email address, in order to deliver the newsletter to you.
    • Metadata about your browser and IP address, including approximate geolocation, in order to prevent fraudulent signups and provide analytics about where readers are located.
    • Any information you input into a survey or poll we send you.
    • Which links you click in emails you receive from us.

    If you would like to be removed from our service, you can submit a request to office@tipstrike.com. This will remove you from all newsletters delivered via the TipStrike platform.

    d) Paying subscribers:

    • Billing name and address, country, postal code
    • Tax/VAT identification number (if you provide one at checkout)
    • Card brand, last 4 digits and expiry month/year (returned by Stripe; we never receive the full PAN or CVC)
    • Stripe customer ID, subscription ID, payment-intent IDs
    • Transaction history, invoices, refunds
    • Subscription consent record (timestamp, IP, user agent, plan, express waiver of right of withdrawal)

    Full card numbers, CVC, and other sensitive cardholder data are collected directly by Stripe on Stripe-controlled pages. We never see, transmit, or store this data. Stripe is certified to PCI-DSS Level 1.

  • 3. How We Use Information

    We use information we collect or that you provide to us, including any Personal Data:

    • to provide our Website, its functionality, content, and services;
    • to register and authenticate your user account;
    • to process subscription payments, issue invoices, manage renewals and cancellations;
    • to provide notices about your account, billing, security, and material changes to our services;
    • to respond to your requests and support enquiries;
    • to enforce our rights and obligations under our Terms and Conditions, including for billing, dispute resolution, and fraud prevention;
    • to comply with legal obligations (e.g. tax, accounting, anti-fraud, ANPC enquiries);
    • with your consent, to send you newsletters, promotional offers, or product updates — you can unsubscribe at any time via the link in those emails or your Profile Settings;
    • for any other purpose with your consent.

    We do not sell personal data to third parties, and we do not use your data for automated decision-making with legal or similarly significant effects.

  • 4. Legal Basis for Processing (GDPR Art. 6)

    Purpose Legal basis
    Operating the public website, security, fraud prevention Legitimate interest
    Account creation and authentication Performance of a contract
    Subscription payments, renewals, refunds Performance of a contract
    Issuing invoices, retaining accounting records Legal obligation (Romanian Accounting Law no. 82/1991, Fiscal Code)
    Marketing emails / newsletter Consent
    Non-essential cookies / analytics / affiliate tracking Consent
    Responding to legal requests, defending claims Legal obligation / legitimate interest
  • 5. Subprocessors and Recipients

    We share personal data with carefully selected service providers who process it on our behalf and only on our instructions:

    Provider Purpose Location
    Stripe Payments Europe, Ltd. Payment processing, subscription billing, fraud prevention, tax calculation, invoicing Ireland / United States (privacy notice)
    Hosting / infrastructure provider Application hosting, databases, backups European Union
    Amazon Web Services (S3) Object storage for static and user-uploaded assets European Union / United States
    Cloudflare, Inc. CDN, DDoS protection, traffic security Global, headquartered in the United States
    Google LLC (Analytics, OAuth) Audience analytics (with your consent), social login United States
    MaxMind, Inc. (GeoIP2) Approximate geolocation from IP for content localisation United States
    OpenAI, L.L.C. AI-assisted prediction generation (no user-account data is sent) United States
    Email delivery provider Sending transactional and marketing emails European Union / United States
    Affiliate networks (e.g. ShareASale, CJ) Tracking referrals from affiliate links United States

    We may also disclose information when required by law, court order, or to protect our rights or the safety of others.

  • 6. International Data Transfers

    Some of our subprocessors are located outside the European Economic Area, in particular in the United States. Where data is transferred outside the EEA we rely on appropriate safeguards under GDPR Articles 44–49, including:

    • the EU–U.S. Data Privacy Framework, where the recipient is certified;
    • the European Commission's Standard Contractual Clauses (SCCs);
    • supplementary technical and organisational measures where appropriate.

    You may request a copy of the relevant safeguards by contacting office@tipstrike.com.

  • 7. International Compliance

    Depending on where you access TipStrike from, your data may be subject to different privacy laws. We aim to comply with major data protection regulations, including:

    • GDPR (European Union) and Romanian Law no. 190/2018
    • UK GDPR (United Kingdom)
    • CCPA / CPRA (California, United States)
    • LGPD (Brazil)
    • PDPA (Singapore, Thailand, etc.)

    We do not sell personal data to third parties.

  • 8. Cookies

    We use cookies for essential site functions, analytics, preferences, and affiliate tracking. When you first visit the site, you are prompted to accept or decline non-essential cookies. You can change your choice at any time on the Cookie Policy page or in your browser settings. Disabling essential cookies may impact functionality.

  • 9. Data Retention

    • Account data: kept for as long as your account exists, plus 6 months after deletion to handle disputes and abuse cases.
    • Subscription consent records (terms / privacy / digital-content waiver): kept for the duration of the subscription relationship plus 3 years (limitation period for consumer claims).
    • Invoices and accounting records: retained 10 years, as required by Romanian Accounting Law no. 82/1991 and the Fiscal Code.
    • Analytics and affiliate tracking data: up to 26 months.
    • Marketing consent: until you withdraw it.
    • Server logs (security): typically up to 12 months.

    Longer retention may apply where required by law or to defend legal claims.

  • 10. Security

    We apply technical and organisational measures appropriate to the risk, including TLS encryption in transit, hashed passwords, role-based access controls, encrypted backups, regular dependency updates, and access logging. Card data is handled exclusively by Stripe under PCI-DSS Level 1. No system can be guaranteed 100% secure; in the unlikely event of a personal-data breach affecting you, we will notify the relevant supervisory authority and, where required, you, in line with GDPR Articles 33–34.

  • 11. Your Rights

    Depending on your country of residence, you may have the right to:

    • access your data and obtain a copy
    • correct or update inaccurate data
    • request erasure ("right to be forgotten") subject to legal retention obligations
    • restrict or object to processing
    • data portability
    • withdraw consent at any time, without affecting processing already carried out
    • lodge a complaint with your local data protection authority — in Romania, the National Supervisory Authority for Personal Data Processing (ANSPDCP)

    To exercise any of these rights, contact us at office@tipstrike.com. We respond within 30 days (extendable by 60 days for complex requests, with notice).

  • 12. Children's Privacy

    TipStrike is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a child has provided data, please contact us and we will delete it.

  • 13. Changes to This Policy

    We may update this policy as the site evolves. Material changes will be notified to active subscribers by email and posted on this page. Your continued use of the site after the effective date implies acceptance.