Privacy policy.

Slay Money ("Slay", "we", "us") is the operator of the Slay Money mobile app and the website at slay.money. For data-protection purposes we are the controller of the personal data described in this policy.

Questions about this policy or your data? Email founders@slay.money.

You give us

• Your email address. We use it to sign you in and to contact you about your account.
• Your name. So the app can address you and so we can keep proper account records.
• Your country. Decides which markets and features are available where you live.
• Anything you send to support. Replies stay with the ticket while it's open.

The app generates as you use it

• Your balance, your sends and receives, your prediction-market positions, and your trades.
• Your wallet identifier. A unique address tied to your account so funds can land in the right place.
• Sign-in sessions, with device type and approximate IP-based location to help us catch suspicious activity.
• Brief server logs (timestamps, endpoint, status code) kept for debugging and abuse detection.

From sign-in providers

• If you sign in with Google, we receive your verified email and name. We don't ask for anything else from your Google account.

Every piece of data has a specific purpose. We don't keep anything "just in case".

• To run the app. Show you your balance, settle your bets and trades, deliver your sign-in codes.
• To keep accounts safe. Verify it's really you, catch unusual activity, alert you to anything off.
• To comply with the law. Some financial-services rules require us to retain certain records of activity.
• To improve the product. Anonymous usage signals so we know what's broken and what to build next.

We use a small number of trusted service providers to run Slay. Each one is contractually bound to handle your data only on our instructions and to keep it secure. They fall into these categories:

• Hosting and infrastructure. Runs the app's servers and serves the website.
• Database. Where account, wallet, and transaction records live, encrypted at rest.
• Email delivery. Sends your sign-in codes and any account emails. Sees only the recipient address and the message itself.
• Sign-in providers. If you choose to sign in with a third-party identity provider (Google, etc.), they verify it's you.

We do not share your data with advertisers, data brokers, or any third party for marketing.

Where the law requires it, we may disclose data in response to a valid legal request. We push back on overreaching requests and, where permitted, tell you before we comply.

Our service providers may process data globally as part of running their services. We use providers that maintain protection equivalent to what your home laws require.

We delete data when we no longer have a reason to keep it. Specifics:

• Active accounts: data is kept while your account is open.
• Deleted accounts: see /account/delete. Profile, balances, and login data are removed within 30 days of request.
• Compliance records: anonymised records of financial activity may be kept for up to 7 years where the law requires it.
• Server logs: discarded within 30 days unless flagged for an active investigation.
• Support email: kept for 12 months after the ticket closes, then deleted.

Depending on where you live, you have some or all of these rights over your data. We honour every request we can verify.

• Access. Get a copy of the personal data we hold about you.
• Correct. Ask us to fix anything inaccurate or incomplete.
• Delete. Ask us to delete your account and your data. The process lives at /account/delete.
• Export. Get a machine-readable copy of your data to take elsewhere.
• Object. Tell us to stop processing your data for a specific purpose, like analytics.
• Withdraw consent. Where we ask for your consent for something specific, you can take it back any time.
• Complain. File a complaint with your local data-protection authority if you think we've handled your data badly.

To use any of these rights, email founders@slay.money from the address registered to your account. We respond within 30 days.

All data we collect travels over TLS. Account data is encrypted at rest. Sign-in sessions and biometric settings on your device are kept in the operating system's secure storage, not in plain preferences.

No system is perfectly secure. If we ever detect a breach affecting your personal data, we will tell you and the relevant authorities within the time the law gives us.

Slay Money is for adults. We don't knowingly collect data from anyone under 18. If you think a child has given us information, email founders@slay.money and we will delete it.

We may update this policy as the product and the law evolve. If we make a meaningful change, we'll tell you in the app and by email at least 30 days before it takes effect. The effective date below tells you when this version was published.