Information the service may process
Request and security data
Hosting infrastructure may process an IP address, request time, requested URL, browser information and security signals to deliver pages, prevent abuse and diagnose failures.
Kito session data
Deterministic evidence mode runs in the browser from the locked record and does not create a Kito session or call an external model. When optional AI response planning is enabled, the browser stores an opaque session ID. Only the fixed prompt, locked public record context (including its server-authored evidence answer) and a privacy-preserving pseudonymous safety identifier are sent to OpenAI. The external model can select only a full or compact view; it does not write the answer.
Messages you choose to send
If a public email is available and you write to it, the message, address and attachments are processed so the request can be read and answered.
Feeds and downloads
RSS, calendar and CSV endpoints contain model records, not user profiles. Requests may still appear in ordinary infrastructure logs like any other page request.
Saved matches
If you save a match, this browser keeps a small receipt made only from already-public match data: the permanent slug, teams, league, kick-off, publication and saving times, probability split, model version, Demo/official record kind and public record hash when one exists. If a later page at the same address conflicts with a saved official hash or is replaced by Demo content, the local snapshot is preserved and an integrity warning is shown instead of silently substituting it. The receipt stays in local site storage; it is not sent to create an account or advertising profile, and clearing site storage removes it. A separate bounded local list remembers only the saved match slug, settlement revision and whether that revision was reviewed, so refreshing the Saved page cannot report the same result as newly discovered again. Those fingerprint details are never included in the aggregate event request.
Anonymous aggregate actions
Primary product-page views and explicit actions such as saving, sharing, opening a feed, using a scenario, or saving and later reviewing a personal probability call can increment a daily aggregate counter. The selected match and probability split are not part of that counter. Browsers that enable Global Privacy Control or Do Not Track send no product signals. The event payload contains only an allowlisted action, page surface and broad device class. It contains no IP address, cookie, user or session ID, match ID, raw URL, referrer or free text.
My Call probability splits
If you use My Call, the browser stores the home, draw and away percentages you selected, the public model split and record identity, and local creation and update times. The selected probabilities are used only on this device to compare your Brier score with the public model after settlement. They are excluded from official accuracy, APIs, structured data and public prediction receipts. Saving a call also adds the public match receipt to the Saved desk so you have a return path.
How the information is used
- Deliver the site and its public prediction records.
- Protect endpoints, apply rate limits and investigate abuse.
- Calculate a requested Kito evidence explanation and, when enabled, let the external model select its full or compact server-authored view.
- Diagnose data, accessibility and reliability problems.
- Compare anonymous aggregate interaction totals so important paths can be improved.
- Respond to a message you voluntarily send.
The current product has no public user account, deposit, wager or checkout flow, so it does not ask for account passwords, betting balances or payment-card data.
Service providers and AI processing
The site relies on hosting and network infrastructure to serve and secure requests. Deterministic Kito evidence mode does not send its calculation to OpenAI. If optional AI response planning is enabled, only the fixed prompt, locked public record context (including the server-authored evidence answer) and a privacy-preserving pseudonymous safety identifier are sent to OpenAI. The model may return only "full" or "compact". The implementation requests that the response is not stored through the API, while local abuse-control counters remain separate from the public prediction ledger.
Football data providers supply fixture and result information; that integration fetches sports data and is not used to create a visitor advertising profile. See Data sourcesfor product-data provenance.
Retention, choices and requests
Operational records are retained only as needed for security, reliability and legal obligations. Aggregate interaction counters are stored by UTC day and cannot be used to reconstruct an individual journey; correspondence can be retained while the underlying request is handled. No fixed retention period is claimed where the production configuration does not establish one.
You can clear saved matches, My Call probability splits and any optional Kito session identifier using your browser's site storage controls. To ask about access, correction or deletion of personal information, check the contact pagefor the current monitored channel. Some security records may need to be retained where deletion would undermine abuse prevention or a legal obligation.
If accounts, payments, identity-linked analytics, advertising technology or a materially different AI workflow is introduced, this notice should be revised before that feature is represented as covered by the current text.