GuessOurBaby is responsible for the personal data this policy describes when we operate the website and service. In practical terms, that means we decide how the platform works, which vendors we use, how payment recovery works, how analytics are logged, and how moderation or abuse-prevention tooling is run.

Hosts also make choices inside their own games, such as the title, passcode, optional questions, uploaded images, reveal details, and who gets invited. If you submit a prediction to a host's game, that host may also decide what information is displayed publicly within that game.

Contact: noreply@contact.guessourbaby.co

• Host purchase and recovery data, such as checkout email address, request IDs, Polar order or checkout references, pricing region, currency, country code, and admin-token recovery details.
• Game setup data, such as pool title, due date, submission deadline, timezone, enabled question fields, custom questions, prize notes, and optional host-uploaded banner images.
• Guest submission data, such as guest name, prediction date, prediction answers, free-text messages, and custom answers entered into host-created questions.
• Reveal and results data, such as actual birth details, reveal message, winner-facing content, and leaderboard information once a host publishes the reveal.
• Support, security, and technical data, such as IP address or proxy headers used for rate limiting, basic request metadata, passcode-validation outcomes, and fraud or abuse-prevention signals.
• Usage data, such as page paths, event names, session identifiers, and limited analytics payloads used to understand feature usage and failures.
• Browser-stored data, such as local draft information in localStorage and first-party session identifiers in sessionStorage so setup can resume if a browser is refreshed or checkout returns later.

We do not ask users to provide special-category data such as health records. Please do not put medical details, government IDs, or other sensitive personal data into custom questions, free-text messages, or uploaded images.

• Directly from hosts when they create a game, upload an image, enter a checkout email, or reveal the results.
• Directly from guests when they submit predictions or messages through a public invite link.
• From payment events and receipts sent by Polar after checkout succeeds.
• Automatically from your browser or device when pages load, analytics events fire, drafts are saved locally, or our abuse-prevention tools inspect request headers.
• From the host who invited you, if they share your game link or include you in their private game flow outside the platform.

• To create and run the service you asked for, including provisioning a paid game, opening the host dashboard, collecting predictions, publishing reveal pages, and calculating leaderboards.
• To process payments, apply regional pricing, keep tax-inclusive pricing labels accurate, and support receipt or admin-link recovery when redirects fail.
• To send transactional emails such as the host admin link and related service messages.
• To store and display public game content chosen by the host, including optional uploaded images, public predictions, leaderboard entries, and reveal details.
• To maintain product quality, understand usage, measure checkout or setup failures, and improve the service through first-party analytics.
• To secure the service, prevent spam, rate-limit prediction submissions, investigate abuse, enforce our terms, and protect users and the platform.
• To comply with legal, tax, accounting, fraud-prevention, and record-keeping obligations.

• Contract: where processing is needed to provide the paid host pass, run the game, recover access, or otherwise deliver the service you asked us to supply.
• Legitimate interests: where we need processing to secure the platform, prevent abuse, measure performance, understand product usage, moderate harmful content, and improve reliability or user experience.
• Legal obligation: where we need to keep records, respond to lawful requests, or satisfy tax, accounting, anti-fraud, or compliance duties.
• Consent: if we add optional consent-based processing in the future, such as non-essential cookies or marketing emails, we will ask for that separately rather than relying on this page alone.

GuessOurBaby is designed so some information is intentionally visible to other people. If a host makes a game live or publishes a reveal, some or all of the following may be visible through the game link or leaderboard: pool title, host-uploaded banner image, guest names, guesses, messages, winner names, reveal details, and other fields the host chose to enable.

Guests should only submit information they are comfortable sharing within the context of a family prediction game. Hosts are responsible for deciding who gets access to their links and passcodes.

• Polar, which handles checkout, payment processing, regional pricing support, billing details, and related payment webhooks.
• Supabase, which we use for application database storage, file storage, and related backend infrastructure.
• Resend, which we use to send transactional emails such as the host admin-link email.
• Hosting, infrastructure, and security providers that help us deliver the website, route traffic, and maintain logs or operational tooling.
• Hosts and guests, where the service is designed to show game content publicly or within a shared family game environment.
• Professional advisers, regulators, law enforcement, courts, or counterparties where disclosure is legally required or necessary to protect rights, safety, or the service.
• A purchaser or successor if GuessOurBaby is involved in a merger, acquisition, financing, or asset sale, subject to the usual confidentiality and transition protections.

We do not sell personal information for money.

Our vendors may process or access personal data outside your home country, including outside the UK or EEA. Where that happens, we aim to rely on recognised transfer mechanisms such as adequacy decisions, standard contractual clauses, the UK addendum, or similar safeguards where required.

If you need more information about cross-border safeguards for a specific transfer, contact us using the details above.

• Game content and predictions are kept for as long as the game remains active and for a reasonable period afterwards so hosts can continue to access, moderate, or revisit their purchased game.
• Payment, invoicing, and tax-related records may be kept longer where accounting, fraud-prevention, or legal obligations require it.
• Analytics records are kept only for as long as they remain useful for product, security, and service-improvement purposes.
• Our application-level IP-based rate-limiting data is kept only briefly in memory; however, infrastructure providers may retain request logs for longer under their own operational schedules.
• Browser localStorage and sessionStorage remain on your device until they expire, are overwritten, or you clear them through your browser.

GuessOurBaby currently relies mainly on first-party browser storage rather than advertising cookies. For example, we use localStorage to preserve setup drafts and sessionStorage to create a temporary session ID for product analytics.

We also log first-party analytics events such as page views, checkout flow events, setup completion events, sharing clicks, prediction submissions, recovery attempts, and similar service interactions. At the time of writing, we do not use those analytics for targeted advertising or cross-context behavioural advertising.

If we introduce non-essential cookies or consent-based tracking later, we will update this notice and, where required, ask for consent before enabling them.

If you are in the UK or EEA, you may have the right to ask us for:

• access to the personal data we hold about you;
• correction of inaccurate or incomplete data;
• erasure of your data in some situations;
• restriction of processing in some situations;
• objection to processing based on legitimate interests;
• data portability where the law applies; and
• withdrawal of consent where we rely on consent.

You may also complain to the UK Information Commissioner's Office or your local data protection authority.

If you are a resident of a US state with privacy rights, you may also have rights to know, access, correct, delete, or appeal. GuessOurBaby does not currently sell personal information or share it for cross-context behavioural advertising. To exercise rights, contact us and describe the game, email address, or link involved so we can locate the relevant records.

GuessOurBaby is meant for adults organising or joining family games. It is not intended for children under 13, or under the higher age required by local law. If you believe a child has provided personal data through the service without appropriate permission, contact us so we can review and delete it where appropriate.

We use reasonable technical and organisational measures designed to protect personal data, including access controls, token-based host access, hashed passcodes for game entry, and restricted server-side operations for sensitive updates. No online service is perfectly secure, so we cannot guarantee absolute security.

We may update this policy from time to time as the product, vendors, or legal requirements change. When we do, we will post the updated version here and change the "Last updated" date above. Material changes may also be highlighted in product communications where appropriate.

This policy should be read alongside our Terms of Use, which explain the rules for buying, creating, sharing, and using GuessOurBaby games.