Privacy Policy for Predictstreet
Effective Date: 27 March, 2026
Last Updated On: 27 March, 2026
1. Introduction
Welcome to Predictstreet ("we," "our," or "us") operated by Predict street Limited ("Company"). The Company is incorporated and registered in Gibraltar with company number 126487 and having its office at Office 226, World Trade Centre, 6 Bayside Road, Gibraltar is licensed and regulated as a betting intermediary by the Gibraltar Licensing Authority under the Gibraltar Gambling Act 2005 (Remote Gambling Licence Number: 167) and it operates the website (the "Site") and the associated prediction market platform (the "Service").
The Company is the data controller responsible for your personal data. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. It also outlines your privacy rights.
We process personal data under the Gibraltar GDPR and the Data Protection Act 2004 ("DPA 2004"). Our supervisory authority is the Gibraltar Regulatory Authority (GRA) (Information Commissioner). You can lodge complaints with the GRA at the contact details set out in Section 6 below.
This Privacy Policy describes how we process your personal data when you access, interact with the Site or use our Service. Please read it carefully. Where we rely on consent as a lawful basis for specific processing activities, we will seek your consent separately at the relevant time.
2. Information We Collect
We collect information that you provide directly to us, as well as information automatically collected through your use of our Service or interaction with our Site.
A. Information You Provide Voluntarily
Identity Data: Full name, date of birth, gender, and other data on government issued identification documents (such as passport, National identity card, driver's license, proof of residence such as utility bill / bank statement).
Contact Data: Includes email address, mailing address and telephone numbers.
Financial Information: Includes bank account and payment card details, financial transaction history, tax information, source of funds, and credit scores.
Communications: Records of your correspondence with us (e.g., support tickets, chat transcripts, emails, calls with customer service).
Profile Data: Includes username, password, interests, and preferences.
User-Generated Content: This includes:
- Market creation details (titles, descriptions, resolution criteria)
- Trades and orders you place (asset, quantity, price)
- Comments, posts, and messages on the platform
- Responses to surveys or feedback requests.
B. Information Collected Automatically
Usage Data: We and our third-party partners automatically collect information about your interactions with the Service, such as your IP address, browser type, device information, pages visited, time spent on pages, and other diagnostic data.
Cookies and Tracking Technologies:
We use cookies and similar tracking technologies on the Site. Full details of the cookies we use, the purposes for which we use them, and the basis on which they are deployed are set out in our separate Cookie Notice, which is available on the Site. A cookie consent panel is also provided on the Site, through which you may manage your cookie preferences at any time. Strictly necessary cookies are deployed without consent. All other cookies (including analytics and marketing cookies) require your prior consent before being placed on your device.
Information from Third Parties: We may receive information about you from other sources, such as:
- Identity verification services to help prevent fraud.
- Publicly available databases or blockchain analytics providers for AML/CTF/CPF purposes.
- Financial institutions and payment processors to confirm transactions.
We also collect, use, and share Aggregated Data such as statistical or demographic data for any purpose. This data is anonymised and is not considered personal data under data protection law.
Consequences of not providing personal data
Some information is required by law or contract (e.g., to comply with the Proceeds of Crime Act 2015 and Gambling Commissioner AML Codes), or is necessary in order for us to enter into or perform a contract with you. If you do not provide required information, we may not be able to open or maintain your account, process your transactions, or continue to provide the Service (or any part of it) to you. Where the provision of data is a statutory requirement, we will make this clear at the point of collection and explain the consequences of not providing it.
3. Purposes and Legal Bases for Processing
We process your personal data only where we have a valid legal basis to do so under applicable data protection laws. The purposes for which we process your personal data, and the corresponding legal bases (including the DPA 2004 ) are set out below:
| Purpose of Processing | Primary Lawful Basis | Additional Information |
|---|---|---|
| Providing products/services & managing your account | Performance of a Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. | This applies when you create an account, or request a service from us. |
| Necessary service communications | Performance of a Contract / Legal Obligation: Service communications that form part of the contractual service (e.g., transaction confirmations, account notifications) are processed on the basis of performance of a contract. Communications required by law (e.g., tax invoices, regulatory notices) are processed on the basis of legal obligation. | These bases are stated separately to ensure transparency as required by Article 13(1)(c) of the Gibraltar GDPR. |
| Marketing and Prospecting | Consent: We will only send direct marketing communications if you have given us your clear, specific, and freely given consent. | You have the right to withdraw your consent at any time by clicking the "unsubscribe" link in any email or by contacting us. |
| Website Improvement & Analytics | Legitimate Interests: It is in our legitimate interest to analyse how our website is used to improve our services and user experience. | We ensure this processing is minimal and, where applicable, we will seek your consent for non-essential cookies used for analytics (see our separate Cookie Notice for further details). |
| Service improvement, personalization, and development (including new features and markets) | Legitimate Interests: It is in our legitimate interest to improve, personalize, and expand our Service, including by developing new features and markets, in order to enhance the experience we offer to users. | We have considered the impact of this processing on data subjects and are satisfied that our legitimate interests are not overridden by data subjects' interests or fundamental rights and freedoms. |
| Enforcing our Terms of Service, preventing fraudulent transactions, market manipulation, and other unauthorized activities | Legitimate Interests: It is in our legitimate interest, and in the interest of our users, to enforce our Terms of Service and to detect, investigate, and prevent fraud, market manipulation, and other unauthorized or unlawful activities on our platform. | We have conducted a legitimate interests assessment in respect of this processing. This purpose overlaps with our fraud prevention and security processing where relevant. |
| Legal & Regulatory Compliance | Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject. | This is based on Gibraltar laws and regulations applicable to our business , including the Proceeds of Crime Act 2015, the Gambling Act 2005, and associated regulatory codes of practice . |
| Establishing Legal Claims | Legitimate Interests: Processing is necessary for the establishment, exercise, or defence of legal claims. | This applies in the context of actual or potential legal proceedings. |
| Service performance monitoring and threat mitigation | Legitimate Interests: It is in our legitimate interest, and in the interest of our users, to monitor the performance of our Service and to identify and mitigate technical issues and threats to service stability and integrity. | Where this processing overlaps with fraud prevention or security activities, it should be read alongside the Fraud Prevention & Security row below. |
| Service-wide analytics and trend analysis | Legitimate Interests: It is in our legitimate interest to analyse trends and how users interact with our Service in order to understand usage patterns, improve service delivery, and inform business decisions. | This covers analytics beyond website usage, including in-app behaviour and broader service interaction data. Where consent is required for non-essential analytics cookies or tracking tools, we will obtain it in accordance with our Cookie Notice. |
| Customer communications (non-marketing) | Performance of a Contract / Legitimate Interests / Consent: Communications directly related to your account or transactions are processed on the basis of performance of a contract. Communications in our legitimate interest (such as surveys and service feedback requests) are processed on the basis of legitimate interests. Newsletters and other optional content communications are processed on the basis of your consent. | You may withdraw your consent to receiving newsletter or optional content communications at any time by clicking the "unsubscribe" link in any such communication or by contacting us. Surveys conducted on the basis of legitimate interests will be kept to a reasonable frequency and you may opt out on request. |
Special Category Data
We do not routinely process "special category data" (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data).
However, certain of our processing activities — in particular, AML/CTF/CPF screening, sanctions screening, fraud prevention, and politically exposed persons ("PEP") checks — may involve the incidental processing of special category data (for example, data that may reveal political opinions in the context of PEP screening). Where this occurs, we rely on: (i) a lawful basis under Article 6 of the Gibraltar GDPR (legal obligation and/or legitimate interests, as applicable); and (ii) a condition under Article 9(2)(g) of the Gibraltar GDPR (substantial public interest), as met by the conditions in Part 2 of Schedule 1 to the DPA 2004, in particular:
- paragraph 10 (preventing or detecting unlawful acts);
- paragraph 11 (protecting the public against dishonesty etc.);
- paragraph 12 (regulatory requirements relating to unlawful acts and dishonesty etc.); and
- paragraph 14 (preventing fraud).
We maintain an appropriate policy document as required by paragraph 39 of Part 4 of Schedule 1 to the DPA 2004 in connection with any such processing.
Criminal Offence Data
Our AML/CTF/CPF, sanctions screening, and fraud prevention activities may also involve the processing of personal data relating to criminal convictions and offences or related security measures within the meaning of Article 10 of the Gibraltar GDPR and section 12 of the DPA 2004 (including data relating to the alleged commission of offences, and proceedings for offences, as defined in section 13(2) of the DPA 2004). This processing is authorised by Gibraltar law within the meaning of Article 10 of the Gibraltar GDPR, as it meets a condition in Part 1, Part 2, or Part 3 of Schedule 1 to the DPA 2004, in particular:
- paragraph 10 of Part 2 (preventing or detecting unlawful acts);
- paragraph 14 of Part 2 (preventing fraud);
- paragraph 15 of Part 2 (suspicion of terrorist financing or money laundering, including disclosures under section 4H of the Proceeds of Crime Act 2015); and
- paragraph 33 of Part 3 (legal claims).
We maintain an appropriate policy document as required by Part 4 of Schedule 1 to the DPA 2004 in connection with any such processing.
For the avoidance of doubt, photographs contained on identity documents (such as passports or driving licences) that are collected as part of our identity verification procedures are treated as standard personal data and are not processed as biometric data for the purpose of uniquely identifying a natural person. We do not carry out biometric processing of such photographs.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you by email or by an updated privacy notice published on the Site and explain the legal basis which allows us to do so.
4. How We Use Your Information
We use the collected information for the following purposes:
- To create, maintain, and secure your user account.
- To facilitate and manage your transactions and handle billing and account management.
- To provide, operate, and maintain our Service.
- To communicate with you, including sending service-related announcements, technical notices, updates, security alerts, and support messages.
- To enforce our Terms of Service, including investigating and preventing fraudulent transactions, market manipulation, and other unauthorized activities.
- To comply with legal and regulatory obligations, including anti-money laundering (AML), counter-terrorism financing (CTF) and counter-proliferation financing (CPF) laws, in particular our obligations under the Proceeds of Crime Act 2015 and applicable regulatory codes of practice issued by the Gambling Commissioner.
- To improve, personalize, and expand our Service, including developing new features and markets.
- To analyse trends and how users interact with our Service (analytics).
- To communicate with you, such as responding to your comments, questions, delivering newsletters or other content we believe you may be interested in, provide customer service or feedback, contact you about amounts owed, conduct surveys, notify about upcoming events or for other purposes in connection with the Services.
- To comply with applicable laws and legal obligations.
- To monitor performance of Services and mitigate issues / threats.
Where we process personal data for any purpose not described above, we will inform you of that purpose and the applicable lawful basis at or before the time the data is collected, and where the lawful basis is consent, we will obtain your specific consent before carrying out that processing.
5. How We Share Your Information
We may share your personal information with:
Service Providers: Trusted third-party vendors who perform services on our behalf (e.g., identity verification, data storage, customer support, analytics).
Regulators and Law Enforcement: When required by law, subpoena, court order, or to comply with a legal process or proceedings. We may also disclose information to assist in preventing fraud, money laundering, or other illicit or deceptive activity. We may disclose information to other governmental bodies should the same be legally required.
Business Transfers: In connection with a merger, acquisition, sale of company assets, or transition of service to another provider, your information may be transferred as a business asset.
We may also share data with our subsidiaries / affiliates / group companies for business / operational needs.
Legal and audit partners: We may be required to share personal information with our legal and external audit partners for compliance or other legitimate purposes.
With Your Consent: For any other purpose disclosed by us when you provide the information.
Some of these third parties may be based outside Gibraltar. Where we transfer personal data outside Gibraltar, we rely on: (i) adequacy regulations (including transfers to United Kingdom, United Arab Emirates the EEA, and other jurisdictions recognised as adequate under the Gibraltar GDPR framework); or (ii) appropriate safeguards under Article 46 of the Gibraltar GDPR, such as the Gibraltar International Data Transfer Agreement (IDTA) or the Gibraltar Addendum to the EU Standard Contractual Clauses, with transfer risk assessments and supplementary measures as needed.
You may obtain a copy of the transfer safeguards we have put in place by contacting our Data Protection Manager using the details set out in Section 12 below.
We do not sell your personal information to third parties.
6. Your Data Rights and Choices
We recognise your rights to your personal information. Accordingly, you may:
Access and Information: Request a copy of the personal data we hold about you and be informed about how your personal data is being used.
Rectification: Correct inaccurate or incomplete data.
Restriction of Processing: Request we temporarily or permanently stop processing all or some of your personal data.
Objection to Processing: Object to our processing of your personal data where we are processing it on the basis of legitimate interests (Article 6(1)(f)) or the performance of a task in the public interest (Article 6(1)(e)) of the Gibraltar GDPR. Where you object, we must stop processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Data portability: Request the transfer of your personal data to you or a third party in a structured, commonly used and machine-readable format. This right applies only where the processing is based on your consent or on a contract, and is carried out by automated means.
Opt-out of Marketing: Unsubscribe from our marketing emails by clicking the "unsubscribe" link they contain.
Erasure ("Right to be Forgotten"): Request the deletion of your personal data, subject to legal limitations (e.g., we are required by law to keep certain financial records).
Withdrawal of consent: Withdraw your consent any time for the way your data is being processed / dealt with. Please note that such withdrawal will not make any of our actions prior to the withdrawal unlawful.
Rights in relation to Automated Decision Making and Profiling: Right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
We use automated tools to detect fraud, AML/CTF/CPF and sanctions risks, and market manipulation. These tools evaluate activity (e.g., device, geolocation, behavioural and transactional patterns) and may temporarily restrict features or require verification. You have the right to obtain human intervention, express your view and contest decisions.
Right to lodge a complaint: You have the right to lodge a complaint with the Gibraltar Regulatory Authority (GRA), which is the competent supervisory authority for data protection in Gibraltar. The GRA can be contacted at:
Gibraltar Regulatory Authority2nd Floor, Eurotowers 4
1 Europort Road
Gibraltar
Email: privacy@gra.gi
Website: www.gra.gi
To exercise any of these rights or lodge a complaint with how your data is being processed, please contact us at compliance@predictstreet.io. We will respond to your request within the timeframe required by applicable law. To protect your privacy, we will need to verify your identity before fulfilling your request.
7. Data Retention
We will retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, operational requirements as well as to comply with our legal obligations (such as AML/KYC record-keeping requirements under the Proceeds of Crime Act 2015, which can be 5 years, or such longer period as may be required by applicable law or regulation). After the legally required period, we will securely delete or anonymise your data. Retention periods are set out in Appendix A.
8. Where Data is Stored
The personal data that we collect from you may be securely transferred to and securely stored on our databases which are located on our secure servers and in backup locations in Gibraltar or United Arab Emirates or in the jurisdictions identified in Section 5 above.
9. Data Security
We implement robust technical and organizational measures to protect your personal information, including encryption, access controls, and secure servers. However, no method of transmission over the Internet or electronic storage is 100% secure or fool proof. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.
10. Minor's Privacy
Our Services are not intended for individuals under the age of 18 ("Minors"). We do not knowingly collect personal information from Minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will delete it.
11. Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically for any changes.
12. Contact Us
If you have any questions, concerns or complaints about this Privacy Policy or our data practices, please contact our Data Protection Manager at: compliance@predictstreet.io.
Appendix A: Data Retention Schedule
| Data Category | Retention Period |
|---|---|
| AML/CFT/CPF CDD records; transaction records; SAR documentation | 5 years from end of relationship or transaction |
| Customer identity verification data (KYC documents) | 5 years from end of business relationship |
| Customer account data (non-AML) | Duration of account + 5 years |
| Off-chain transaction records | 5 years |
| On-chain pseudonymised records | Immutable - off-chain identity mapping deleted per erasure schedule; on-chain data treated as anonymised thereafter |
| Complaints and dispute records | 5 years from closure |
| Data subject rights request records | 3 years from closure |
| Personal data breach records | 5 years from resolution |
| DPIA records | Life of processing activity + 3 years |
| Employee and contractor records, including background verification clearance log records | Duration of employment + 6 years |
| Marketing consent records | Until withdrawal + 3 years |
| Cookie consent records | 3 years from consent |
| Security log records | 5 years |