← Back
Draft — subject to change before public launch.

Privacy Policy

Called it ("we," "us," "our") is operated from Hamilton, Ontario, Canada. Called it is a play-money prediction market platform for McMaster University students. It is not affiliated with or endorsed by McMaster University.

Contact: support@calledit.ca

Last updated: April 17, 2026

What information we collect

You provide directly

  • McMaster email address. Required to create an account. Used to verify McMaster affiliation and deliver one-time login codes.
  • Username. Publicly visible on your profile, contracts, and markets.
  • Full name, program, and year of study. Collected at account setup. Optional.
  • Backup email address. Collected at account setup. Optional. Not used for login.
  • Market content. Titles, resolution criteria, source URLs, and context you include when creating a market.
  • Betting activity. Every contract you sign, including side, amount, and time.
  • How you heard about Called it. Collected at account setup. Optional.
  • Communications. If you email us, we store your message.

Collected automatically

  • Session and authentication data (login codes, session tokens).
  • Device and usage data — browser type, operating system, pages viewed. Used to operate and improve the service.
  • IP address. Logged for security and fraud prevention.
  • Cookies and local storage. Only essential cookies for authentication. No advertising or cross-site tracking cookies.

How we use your information

| Purpose | Basis | |---|---| | Verify McMaster affiliation and authenticate logins | Service operation | | Display your public profile, contracts, and markets | Core product function | | Operate the Cache economy | Service operation | | Moderate markets and enforce community guidelines | Legitimate interest | | Detect fraud, manipulation, and multi-account abuse | Legitimate interest | | Improve the product based on aggregate usage | Legitimate interest | | Communicate with you about your account | Service operation | | Share or sell profile data to third parties | Your consent (opt-out) |

Data sharing and sale

We may share or sell your profile information — including your name, program, year of study, backup email, and usage data — with third-party organisations for research and marketing purposes.

You control this. At account setup and in Settings → Privacy, you can opt out at any time. When you opt out, we will not share or sell your identifiable profile data going forward.

If you do not opt out, you are consenting to this use under PIPEDA.

We share data with service providers who process it on our behalf (Supabase for database and authentication, Vercel for hosting, Cloudflare for CDN). These providers do not receive your data for their own purposes.

We will also disclose information when required by Canadian law or a valid court order.

Public information on the platform

The following are publicly visible to all users:

  • Your username
  • Your betting history (markets, sides, amounts, time)
  • Your accuracy and net-profit statistics
  • Markets you have created
  • Any comments you post

We do not publicly display your email address, full name, program, or year of study.

Data storage

Your data is stored on Supabase infrastructure. Data may be processed in the United States or other jurisdictions. Data processed outside Canada may be subject to the laws of that jurisdiction, including lawful access by foreign authorities.

Retention

| Data | Retention | |---|---| | Account and profile | Until account deletion | | Transaction ledger | Indefinitely (platform integrity) | | Contract history | Indefinitely as part of public leaderboard record | | Session tokens | 30 days from last use | | IP logs | 90 days, then deleted | | Email correspondence | 2 years |

When you delete your account, your profile is removed and your username on historical records is replaced with an anonymous pseudonym to preserve market integrity.

Your rights under PIPEDA

You have the right to:

  • Access personal information we hold about you
  • Correct inaccurate information
  • Withdraw consent for data sharing and sale (Settings → Privacy)
  • Delete your account — email support@calledit.ca; your data will be removed within 30 days
  • Complain to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca

To exercise any right, email support@calledit.ca from the address on your account. We will respond within 30 days.

Security

We use TLS for all data in transit, at-rest encryption on the database, row-level security, rate limits on authentication endpoints, and restricted admin access. No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you and the Office of the Privacy Commissioner of Canada as required by law.

Children

Called it is intended for McMaster University students. We do not knowingly collect information from anyone under 13. If you believe a child under 13 has created an account, email support@calledit.ca.

Changes to this policy

Material changes will be announced in-app and by email to active users. Changes will never be applied retroactively in a way that reduces your protections.