Privacy Policy

1. Overview

Lotto Picks (the "Service") is a free random-number picker for Korea's 6/45 lottery, Pension 720, and the US Powerball. This policy describes what personal data the Service collects, how it is used and shared, and the rights you have over it.

2. Information we collect

We collect only the items below; nothing else.

• If you sign in with Google: the Google OAuth identifier (sub), email address, display name, and profile picture URL. Sign-in is optional — every picker feature works without it.
• Server-side request data:IP address, country/region derived from the IP, HTTP User-Agent string, the page path you visited, and a timestamp. Each IP is deduplicated for one hour and forwarded to the operator's private notification channel (Telegram). It is not persisted in a database.
• Cookies: an HttpOnly session cookie (lottopick_session, up to 7 days) used to keep you signed in.
• Advertising identifiers: the Service itself does not collect advertising IDs. If in-app ads are enabled, the third-party ad network may collect device identifiers under its own policy (see Third Parties below).

What we do not collect: location, camera, microphone, contacts, photos or videos, files, call or SMS logs, calendar entries, or health data. The Android app declares no permissions other thanandroid.permission.INTERNET.

3. How we use the data

• To authenticate signed-in users and maintain their session.
• To monitor aggregate service usage and traffic patterns.
• To preserve service stability and security (abuse detection).
• To serve advertisements (when an ad network is integrated).

4. Third parties

• Google LLC— Google Sign-In (OAuth). With your consent, Google provides the profile data above. Google's own privacy policy applies.
• Ad networks — when in-app advertising is enabled (e.g., Kakao AdFit, Adsterra), the network may collect limited device data for ad delivery and measurement. We will update this policy when a network is integrated.
• Hosting infrastructure — cloud/network providers operating the backend host.

We do not sell personal data and do not transfer it for marketing purposes.

5. Retention

• Session cookie: up to 7 days (cleared on expiry or sign-out).
• Visit notifications (Telegram): governed by the operator's channel policy. No long-term database storage.
• Google OAuth profile data: used only to maintain the session, not stored separately.

6. Your rights

You may at any time request access to, correction of, deletion of, or restriction on the processing of your personal data, or withdraw your consent. To exercise these rights, contact us using the email below. You can also disconnect this app from your Google Account directly in your Google Account settings.

7. Security

All client–server traffic is over HTTPS. Session cookies are HttpOnly + Secure + SameSite=Lax and are HMAC-SHA256 signed to detect tampering. Administrative endpoints require separate authentication and per-IP attempt limits.

8. Children

The Service is intended for adults aged 18+ (lottery purchase in Korea is restricted to 19+). It is not directed at children under the age of 13. If we become aware that we have collected personal data from a child under 13, we will delete it.

9. Changes

If this policy changes, the effective date at the top of this page will be updated, and material changes will be highlighted in the app or website.

10. Contact

Privacy enquiries: appnweb8@gmail.com