How we protect your data

User accounts are protected with email and password sign-in, with optional Google single sign-on. Passwords are never stored in plain text — they are hashed by our authentication provider. Administrative areas of the site are gated by a server-side role check. Roles cannot be self-assigned from the browser.

Every database table that holds user data has row-level security enabled. Customers can only read and modify their own bookings and profile information. Administrative actions require an explicit admin role granted by an existing administrator. Sensitive operations such as creating a booking or confirming a payment are processed by server functions so that prices and booking status cannot be modified from the browser.

Application data is stored in a managed Postgres database operated by our backend provider. Data is encrypted in transit using HTTPS/TLS, and the database is encrypted at rest by the provider. We collect only the information needed to run the service: your account email and name, the bookings you make, and operational logs needed for security and debugging.

Intent Odds is responsible for the application code, access policies, and the data we store. Our hosting and authentication providers are responsible for the underlying infrastructure, network, and platform security. You are responsible for keeping your account credentials safe, using a strong unique password, and signing out on shared devices.