Legal

Privacy Policy

Last updated: May 28, 2026Version: 2026-05-28-v1

Section 01

01Introduction and Controller

This Privacy Policy describes how LottoXray collects, uses, discloses, retains, and protects personal information when you visit lottoxray.com, create an account, use our lottery statistics and analysis tools, contact us, accept legal notices, or use other LottoXray services.

LottoXray is operated as an online service under the LottoXray name. For privacy questions, requests, or notices, contact us at support@lottoxray.com. If a law requires another contact method for your request, email us and we will provide an appropriate method for that request.

This policy explains our privacy practices. It is not a substitute for the LottoXray Terms of Use, Risk Disclaimer, or any checkout terms that may apply if paid access is later made available.

Section 02

02Current Payment Status

LottoXray does not currently collect, store, or process credit card numbers, debit card numbers, bank account numbers, or full payment account credentials. Paid access may be offered in the future through an authorized third-party payment processor.

If a third-party checkout is enabled, LottoXray may receive limited non-card transaction information from that processor, such as checkout email, receipt or order identifier, product or plan selected, payment status, refund status, chargeback status, access status, timestamps, and related transaction metadata. This policy will be updated before or when a specific payment processor is enabled.

Section 03

03Information We Collect

Information you provide directly

Account information: name, email address, account status, profile updates, and account preferences.

Credentials and security information: password hash, email verification token hash, password reset token hash, session identifiers, and security timestamps. LottoXray does not store your plain-text password.

Saved combinations and generated content: lottery game selected, saved number combinations, manually entered combinations, generated combinations, labels, group names, source type, analysis metadata, and related timestamps.

Contact and support information: name, email, subject, message content, source, status, read timestamp, notification timestamp, and similar support handling data.

Legal acceptance records: age confirmation, Terms of Use acceptance, Risk Disclaimer acceptance, document type, document version, accepted-at timestamp, document snapshot, document hash, intent, account status at acceptance, and pseudonymized identifiers after account deletion where retained for legal purposes.

Information from third-party authentication providers

Google sign-in: if you use Google sign-in, we may receive and store your Google account name, email, profile image, provider account identifier, OAuth token data, token expiration data, scopes, ID token data, and session state as needed to authenticate your account and maintain sign-in.

Information collected automatically

Usage and device information: pages viewed, feature usage, page path, page title, approximate location derived from IP address, browser type, operating system, screen information, referrer, interaction events, timestamps, and similar diagnostics.

Cookies, local storage, and session storage: cookie consent choices, site preferences, stats theme and zoom preferences, temporary navigation state, temporary calculator or import state, and similar browser-side storage needed to operate the site.

Google Analytics information: if you accept analytics and no recognized opt-out signal prevents it, Google Analytics may collect analytics identifiers, page and event data, approximate location, device/browser data, and referrer data to help measure traffic and feature usage.

Section 04

04CCPA/CPRA Categories

The following table describes categories of personal information LottoXray has collected or may collect in the preceding twelve (12) months, depending on how you use the service.

Category	Examples	Sources	Purposes	Third parties	Sale/Share	Retention
Identifiers	Name, email address, account ID, provider account ID, IP address, approximate location, support identifiers.	You, your browser, Google sign-in, service providers.	Account creation, login, support, security, legal records, service operation.	Authentication providers, hosting/database providers, email providers, analytics providers where enabled.	Not sold. Not shared for cross-context behavioral advertising.	Account lifetime, then deletion or pseudonymization within 30 days unless retention is required or permitted.
Account Credentials and Security Data	Password hashes, session tokens, verification token hashes, reset token hashes, OAuth token data, age and legal acceptance timestamps.	You, Google sign-in, LottoXray systems.	Authentication, account security, fraud prevention, legal compliance, account recovery.	Authentication providers, hosting/database providers, email providers.	Not sold. Not shared for cross-context behavioral advertising.	Active account lifetime; temporary tokens expire or are replaced; legal acceptance records may be retained as described below.
Commercial or Paid-Access Information	Future checkout email, receipt/order ID, product or plan, access status, refund or chargeback status, transaction timestamps, non-card payment metadata if paid checkout is enabled.	Future authorized payment processor, you, LottoXray systems.	Provide paid access, support purchases, handle refunds, chargebacks, fraud prevention, accounting, compliance.	Future payment processor, hosting/database providers, support providers if needed.	Not sold. Not shared for cross-context behavioral advertising.	As needed for access, accounting, fraud, chargeback, tax, legal, and compliance purposes.
Internet or Network Activity	Pages viewed, feature usage, page path, page title, referrer, browser, device information, interaction events, timestamps.	Your browser, cookies/storage, Google Analytics if accepted.	Operate, secure, debug, improve, measure, and maintain LottoXray.	Hosting providers, analytics providers where enabled.	Not sold. Analytics is optional and not used for cross-context behavioral advertising by LottoXray.	Analytics retention follows Google Analytics settings; operational logs are retained only as reasonably needed.
Approximate Geolocation	Country, region, or state-level location inferred from IP address.	Your browser/network, analytics providers where enabled.	Security, analytics, localization, fraud prevention, legal compliance.	Hosting providers, analytics providers where enabled.	Not sold. Not shared for cross-context behavioral advertising.	Retained only as part of logs or analytics records according to applicable retention settings.
User Content and Saved Data	Saved combinations, generated combinations, manually entered numbers, game keys, group names, labels, analysis metadata.	You and LottoXray tools you use.	Provide favorites, saved games, analysis tools, account features, support, and troubleshooting.	Hosting/database providers and support providers if needed for troubleshooting.	Not sold. Not shared for cross-context behavioral advertising.	Account lifetime, then deleted with the account unless required for security, legal, or dispute purposes.
Contact and Support Content	Name, email, subject, message, source, status, read timestamp, notification timestamp.	You.	Respond to support requests, investigate bugs, resolve data issues, improve the service.	Email/SMTP providers, hosting/database providers.	Not sold. Not shared for cross-context behavioral advertising.	As long as reasonably needed for support, records, legal, security, or abuse-prevention purposes.
Sensitive Personal Information	Account login credentials and security tokens. LottoXray does not intentionally collect precise geolocation, government ID, Social Security number, biometric data, health data, or full payment card data.	You, Google sign-in, LottoXray systems.	Account security, authentication, fraud prevention, legal compliance.	Authentication providers and hosting/database providers as needed.	Not sold. Not shared for cross-context behavioral advertising. Used only for permitted operational purposes.	Only as long as reasonably necessary for security, authentication, legal, or compliance purposes.

Section 05

05Sources of Personal Information

You: account registration, contact forms, saved games, preferences, support requests, legal acceptances, and profile updates.

Your browser or device: cookies, local storage, session storage, usage data, device data, referrer, IP address, and approximate location.

Third-party authentication providers: Google sign-in data when you choose to use Google authentication.

Service providers: hosting, database, email, analytics, security, and future payment processors when enabled.

Public sources: public lottery draw data and publicly available lottery information used to operate LottoXray tools.

Section 06

06How We Use Information

Create, authenticate, secure, and manage accounts.

Provide saved games, favorites, analysis tools, statistics, calculators, and account features.

Record legal acceptance of Terms of Use, Risk Disclaimer, age confirmation, and similar notices.

Send transactional emails, including email verification, password reset, account, legal, security, and support messages.

Respond to contact messages, support requests, bug reports, data issues, and payment-access questions.

Measure traffic and feature usage with Google Analytics only when analytics is accepted and not blocked by a recognized opt-out signal.

Debug, secure, monitor, maintain, improve, and protect LottoXray.

Comply with legal obligations, enforce our terms, prevent fraud or abuse, handle disputes, and protect rights and safety.

Section 07

07How We Disclose Information

Hosting, database, and infrastructure providers: to host the website, database, application, backups, logs, and operational systems.

Google Analytics:to measure traffic and feature usage only when analytics is accepted and not blocked by a recognized opt-out signal. You can also use Google's browser opt-out at tools.google.com/dlpage/gaoptout.

Google sign-in:when you use Google authentication, Google processes sign-in information according to Google's own terms and privacy policy.

Email/SMTP providers: to send account verification, password reset, account, security, support, and other transactional service emails.

Future payment processors: if paid checkout is enabled, limited purchase and access information may be exchanged with an authorized third-party processor. LottoXray does not collect full payment card or bank account details.

Legal, security, and compliance: if required by law, legal process, court order, government authority, fraud prevention, security investigation, chargeback or dispute handling, or to protect the rights and safety of LottoXray, users, or others.

LottoXray does not sell personal information. LottoXray does not share personal information for cross-context behavioral advertising. LottoXray processes recognized opt-out preference signals, including Global Privacy Control, where required by law.

Section 08

08Cookies, Storage, Analytics, and Opt-Out Signals

LottoXray uses cookies, local storage, session storage, and similar browser technologies to operate the site, keep account features working, remember preferences, store cookie consent, preserve temporary workflow state, and measure optional analytics.

Necessary technologies: account sessions, security, legal acceptance flow, cookie preferences, site preferences, temporary navigation state, calculator/import state, theme settings, and core site behavior.

Analytics: Google Analytics is loaded only after you accept analytics and no recognized opt-out signal prevents it. Analytics may collect page views, feature usage, event data, approximate location, device/browser data, referrers, and similar usage information.

Global Privacy Control: if your browser sends a recognized Global Privacy Control signal, LottoXray treats it as an opt-out from optional analytics where required by law.

Do Not Track: there is no uniform legal or technical standard for Do Not Track signals. LottoXray does not respond to DNT signals, but it provides cookie preferences and honors recognized Global Privacy Control signals where required.

No session replay or advertising pixels: at this time, LottoXray does not use Meta Pixel, TikTok Pixel, Hotjar, FullStory, Microsoft Clarity, session replay tools, or heatmap recording tools.

You can manage optional analytics through the LottoXray cookie preferences banner or your browser settings. Disabling necessary technologies may prevent some site features from working.

Section 09

09U.S. State Privacy Rights

Depending on where you live, you may have privacy rights under state laws such as California's CCPA/CPRA and similar laws in Colorado, Connecticut, Delaware, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and other states as they become effective. Where required by applicable law, LottoXray will honor the rights that apply to you.

Access / Know: request information about the personal information we collect, use, disclose, sell, or share.

Delete: request deletion of personal information, subject to legal, security, fraud, accounting, dispute, and operational exceptions.

Correct: request correction of inaccurate personal information.

Portability: request a portable copy of personal information where required by law.

Opt out of sale or sharing: LottoXray does not sell personal information or share it for cross-context behavioral advertising.

Opt out of targeted advertising: LottoXray does not use personal information for targeted advertising at this time.

Limit sensitive personal information: LottoXray uses sensitive personal information only for permitted operational, security, authentication, legal, and compliance purposes.

Appeal: if your state law provides an appeal right and we deny your request, you may appeal by replying to our decision email or contacting support@lottoxray.com with "Privacy Appeal" in the subject line.

Non-discrimination: LottoXray will not discriminate against you for exercising legally protected privacy rights.

Section 10

10How to Exercise Rights

To exercise privacy rights, email support@lottoxray.com with a clear description of your request. If you have an account, use the email address associated with that account so we can verify your identity.

Verification: we may ask for information reasonably necessary to verify your identity, protect your account, and prevent unauthorized disclosure or deletion.

Authorized agents: where required by law, you may use an authorized agent. We may require proof of authorization and may ask you to verify your identity directly unless prohibited by law.

Response timing: we aim to respond within 45 days where that period is required by law. If more time is needed, we may extend the response period where permitted and will explain the extension.

Account tools: account settings may allow you to update profile information, change password, manage preferences, or delete your account directly.

Section 11

11Retention

LottoXray retains personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law, security, fraud prevention, dispute handling, chargeback handling, investigation, tax, accounting, or legal defense needs.

Category	Typical retention
Account information	For the life of the account, then deleted or deidentified within 30 days after account deletion unless an exception applies.
Password, session, verification, and reset data	For the life of the account or until tokens expire, are used, are replaced, or are no longer needed for security.
Google sign-in account records	For the life of the account or until disconnected, deleted, expired, or no longer needed for authentication and security.
Saved combinations and favorites	For the life of the account, then deleted with the account unless retention is required for security, legal, or dispute purposes.
Contact and support messages	As long as reasonably needed to respond, maintain records, investigate issues, prevent abuse, or comply with legal obligations.
Legal acceptance records	A minimal pseudonymized record may be retained for up to three (3) years after account deletion, unless a longer period is required or reasonably necessary.
Future payment or paid-access records	If paid checkout is enabled, non-card transaction records may be retained as needed for access, refund, chargeback, fraud, accounting, tax, legal, and compliance purposes.
Cookie consent and browser preferences	Stored in your browser until you clear storage, change preferences, or the storage is replaced.
Analytics and operational logs	Retained according to analytics and operational settings, and only as reasonably needed for measurement, security, debugging, and service maintenance.

Section 12

12Emails and Communications

LottoXray sends transactional and service emails, such as email verification, password reset, security, account, legal, support, and service-related messages. These are not marketing emails and may be necessary to provide or secure the service.

LottoXray does not currently send marketing newsletters or unsolicited marketing emails. If marketing emails are introduced later, LottoXray will provide an unsubscribe method as required by law.

Section 13

13Data Security

LottoXray uses reasonable administrative, technical, and organizational safeguards designed to protect personal information. These measures include password hashing, HTTPS for data in transit, access controls, token-based security flows, database controls, and limiting access to personal information based on operational need.

No internet, email, hosting, database, or storage system can be guaranteed to be completely secure. If we become aware of a security incident affecting personal information, we will investigate and provide notices required by applicable law.

Section 14

14Children and Minors

LottoXray is intended for users who are 18 years of age or older. The service is not directed to children under 13 or to minors under 18.

We do not knowingly collect personal information from children under 13 or minors under 18. If we learn that a child or minor has provided personal information, we will delete or disable the account as soon as reasonably practicable, subject to legal, security, fraud-prevention, or compliance requirements.

Section 15

15International Processing

LottoXray is an online service intended for a U.S. audience, but personal information may be processed in the United States and other countries where LottoXray, hosting providers, analytics providers, authentication providers, email providers, or other service providers operate. These countries may have privacy laws different from the laws where you live.

Section 16

16Third-Party Links

LottoXray may link to third-party websites, lottery information sources, payment processors if enabled, Google services, or other external services. Those services are governed by their own privacy policies and terms. LottoXray is not responsible for third-party privacy practices.

Section 17

17Changes and Version History

LottoXray may update this Privacy Policy from time to time to reflect product changes, payment processor changes, analytics changes, legal requirements, security needs, or operational changes. When we update the policy, we will update the version number and last updated date shown at the top of this page.

Material changes may be communicated through the website, account flow, email, legal notice flow, or another reasonable method. Changes are effective when posted unless a later effective date is stated. If you do not agree to an updated policy, you should stop using LottoXray.

Section 18

18Contact Us

If you have questions about this Privacy Policy or wish to exercise privacy rights, contact us:

support@lottoxray.com

Back to Home