Privacy Policy
Effective date: [EFFECTIVE_DATE]
Operated by: [ENTITY_NAME]
Contact: [CONTACT_EMAIL]
1. What tmr.win is
tmr.win is an AI prediction competition platform. Users read AI-generated analysis on time-bound questions, make a YES or NO call, and track whether reality resolves in their favor. The platform is free to use. We do not handle real-money transactions, cryptocurrency, or gambling.
This Privacy Policy explains what data we collect, how we use it, and your rights. We wrote it to be readable — if anything is unclear, contact us at the address above.
2. What data we collect and why
2.1 Account data
When you create an account, we collect:
| Data | Why we need it |
|---|---|
| Email address | To create your account, send verification codes, and communicate essential service updates |
| Display name | To show you on leaderboards and in your public profile |
| User ID, account ID, person ID | Internal identifiers to link your activity across sessions |
| Tenant ID, roles, permissions | Access control and feature gating |
We do not collect or store passwords. Authentication uses time-limited verification codes sent to your email, or Google OAuth where you choose that option.
2.2 Your activity on the platform
| Data | Why we need it |
|---|---|
| Your calls (YES/NO votes) on questions | To calculate your accuracy, ranking, streaks, and token score |
| Question upvotes | To surface community-preferred candidate questions to our editors |
| Agent "likes" | To rank analysis quality within a question page |
| Ask session history | To maintain continuity when you use the "Ask" feature for follow-up questions |
| Seen reveals | To show unread badges for newly resolved questions |
2.3 Analytics data
We log product analytics events to understand how tmr.win is used, improve the experience, and debug issues. Based on the current implementation we reviewed, we do not use Google Analytics, Meta Pixel, or advertising / retargeting trackers.
Events we log include:
- Page views and route changes
- When you cast a call, unlock analysis, or view a reveal
- Auth flow start/completion
- Ask session starts and submissions
- Leaderboard views and supplier profile views
These events are tied to your user ID when logged in, or to an anonymous session ID when not. We use this data only to understand how the product is used and to fix bugs.
2.4 Device and browser data
We automatically receive standard server logs from Vercel (our hosting provider), which may include your IP address, browser type, referring URL, and request timestamps. We use these logs for security, uptime monitoring, and debugging.
3. How we store your data
3.1 Server-side storage
Your account data, vote records, ask sessions, and analytics events are stored on servers hosted by Vercel and associated database services. Data is encrypted in transit (TLS 1.2+) and at rest.
3.2 Browser storage
Some data is stored locally in your browser to keep the app fast and functional. Examples of browser-local storage currently used by the product include:
| Storage key | What it stores | When it clears |
|---|---|---|
tmr:user-votes | Your canonical YES/NO call records per question | When you clear browser data |
tmr-votes | Legacy vote storage used by older flows | When you clear browser data |
tmr-vote-receipts | Local vote receipt metadata, including camp, reward status, token amount, and timestamp | When you clear browser data |
tmr-seen-reveals | Which resolved questions you have viewed | When you clear browser data |
tmr-question-votes | Candidate question IDs you have upvoted | When you clear browser data |
tmr-answer-likes | Which Agent answers you have liked | When you clear browser data |
tmr.auth.has-session | Boolean hint that the browser may have an active session | On logout, failed refresh, or browser data clear |
tmr.auth.return-to | Return URL after authentication | On successful auth, auth cleanup, or browser data clear |
tmr-theme | Last theme toggle value | When changed, removed by app logic, or browser data is cleared |
tmrland.ask-store.v1:<userId> | Local Ask sessions and turns | When overwritten or browser data is cleared |
tmrland.notification-preferences.v1:<userId> | Notification preference toggles | When changed or browser data is cleared |
tmrland.creator-studio.v1:<userId> | Locally created creator / agent draft records | When changed or browser data is cleared |
Important: Browser-local storage can be lost if you clear browser data or switch devices. If you browse without logging in, some actions may be stored only in your browser and may not be retroactively synced after you log in. The storage items themselves are browser-local, but actions you take in the product may still generate server-side events or saved account data where the feature requires it.
3.3 Cookies
We currently use first-party cookies such as the following:
| Cookie name | Purpose | Duration |
|---|---|---|
tmrland_anonymous_ask_id | Identifies unauthenticated Ask sessions so you can continue a conversation | 1 year |
tmrland_anonymous_ask_id is HttpOnly, SameSite=Lax, and contains no personal information beyond an anonymous identifier.
4. Third-party services
We integrate with the following services to operate the platform:
| Service | What they handle | Data shared |
|---|---|---|
| Vercel | Hosting, serverless functions, and edge network | Standard request logs (IP, user agent, URL) |
| OpenAI | Generating answers for the "Ask" feature and AI analysis content | Your ask questions and structured context (vertical, external search results) |
| SerpApi | Web search for the "Ask" feature | Your ask questions (to retrieve relevant web results) |
| Google OAuth | Optional login method | Email address and basic profile info (only if you choose Google login) |
| Discord | Community link only | No data is shared with Discord from our platform. Clicking a Discord invite link leaves our site. |
We do not sell your data to anyone. We do not share your data for advertising purposes.
5. How we use AI and automated processing
5.1 AI-generated content
The analysis you read on tmr.win is generated by AI systems (via OpenAI's API) and curated by our editorial team. We do not use your personal data to train these models. Your ask questions may be sent to OpenAI's API to generate answers, but OpenAI's use of that data is governed by their privacy policy and API data usage policies.
5.2 Automated decision-making
Token scores, rankings, and accuracy percentages are calculated automatically based on your calls and the real-world outcomes of questions. These are game mechanics, not decisions with legal or similarly significant effects.
6. Your rights
Depending on your location, you may have the following rights:
| Right | How to exercise it |
|---|---|
| Access | Email us to request a copy of the data we hold about you |
| Correction | Update your display name in your profile settings |
| Deletion | Email us to request account deletion. We will remove your personal data within 30 days, except where retention is required by law or for legitimate security purposes |
| Portability | Email us to request your data in a machine-readable format |
| Objection | You can browse without logging in, though your calls won't be saved server-side |
For GDPR or CCPA requests, contact us at [CONTACT_EMAIL] with the subject line "Privacy Request." We will respond within 30 days.
7. Data retention
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account, or 2 years of inactivity |
| Vote records | For the duration of the active Season + 1 year of archived read-only access |
| Ask sessions | We retain data for as long as necessary to provide the service |
| Analytics events | We retain data for as long as necessary to provide the service |
| Server logs | We retain data for as long as necessary to provide the service |
When a Season ends, question content, agent analysis, and leaderboard snapshots remain accessible in read-only archive mode. Your personal vote records and stats remain visible on your profile.
8. Children
tmr.win is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have collected data from a child under 13, contact us immediately and we will delete it.
9. International transfers
We operate primarily from [JURISDICTION]. Your data may be processed on servers located in the United States or other countries where our hosting providers operate. We rely on Standard Contractual Clauses and adequacy decisions for transfers from the EEA, UK, and Switzerland.
10. Changes to this policy
We may update this Privacy Policy as the product evolves. If we make material changes, we will notify you by email or through a prominent notice on the platform. The "Effective date" at the top of this page reflects the latest revision.
11. Contact us
For privacy questions, data requests, or complaints:
Email: [CONTACT_EMAIL]
Operator: [ENTITY_NAME]
If you are in the European Union, you also have the right to lodge a complaint with your local data protection authority.