Privacy.

Lotworth is operated by the founder out of Canberra, ACT, Australia. The product is a free Sydney auction-prediction game at lotworth.com.au. For privacy questions, contact hi@lotworth.com.au.

The minimum we need to run a free game and tell you how you went. Specifically:

• Email address — so we can send you the magic sign-in link, your weekly results, and account-related notices. Required.
• Display name — chosen by you at signup, shown on leaderboards and post-auction results pages. Required, and public-by-design.
• Sign-in method — magic-link via email, or Google OAuth. With Google we receive your email address, your Google profile name, and your Google profile-picture URL. We never see your Google password. By default we don’t display your Google profile picture anywhere — your account dropdown shows a letter-avatar from your display name. You can opt in to seeing your Google picture in your own account dropdown via /settings; even when opted in, it’s rendered live from Google and never stored on our servers, and never shown to other players.
• Predictions and picks — the dollar estimates you submit on individual auctions, with timestamps. These tie to your account so we can score you and build a calibration history over time.
• Calibration record — derived from your picks: your overall mean accuracy (MAPE), per-LGA accuracy where you have enough volume, and a log of your tier transitions (Unrated → Bronze → Silver → Gold → Platinum). Used to weight you in the calibrated crowd estimate and to display your tier badge.
• Tipster contributions — when you submit a post-auction sale-price tip, we store the tip and maintain a per-account credibility multiplier based on how your tips back-test against authoritative records over time.
• Submission integrity hash — for each prediction we compute a one-way SHA-256 hash that combines your IP address, a device fingerprint, your browser’s user-agent string, and your session ID at the moment of submission. We do not store any of those underlying values — only the resulting hash, which can’t be reversed. Used to detect coordinated manipulation of the crowd estimate (e.g. one person submitting from many accounts) and to anchor each prediction to the moment you submitted it.
• Email-send log — for every email we send you (magic-link, weekly cadence emails, account notices) we keep a record of when it was sent, whether it delivered, and which cadence it belongs to, so we don’t accidentally send the same one twice.
• Email preferences — your individual on/off toggles for each weekly cadence (slate-open notice, last-call, Saturday recap, final scores, pending-resolution, tier-change, plus a master “all emails” switch). Editable from /settings.
• In-product feedback — anything you submit via the feedback widget (the message text, the page you were on, and your browser’s user-agent string). You can submit feedback signed-in or anonymously.
• Anonymous product analytics — when you visit Lotworth, we record page views and key product events (e.g. signing in, submitting a pick) so we can understand what’s working and what isn’t. Each event includes the page URL, your browser type, and an anonymous identifier set by an analytics cookie. After you sign in, events are tied to your Lotworth account ID (an internal UUID — never your email or display name) so we can compute simple funnels (e.g. how many sign-ups complete a first pick). We do not record what you type, capture form contents, replay your sessions, or run heatmaps.
• Basic web logs — the standard request data our hosting provider records (IP address, user agent, timestamp). Used for security and abuse mitigation.

Lotworth v1.0 has no payment surface, so we do not collect or store credit-card details, billing addresses, or anything similar.

• To run the game (sign you in, save your picks, score them).
• To compute your calibration over time and assign you a tier badge.
• To compute aggregate prediction signal across all players for each auction — the “calibrated crowd estimate.” This is built from many people’s predictions and is not personally identifiable in the output.
• To send you transactional and weekly emails — your magic sign-in link, Sunday-morning results, and account notices. You can unsubscribe from non-essential emails at any time via /settings or the link in every footer.
• To detect coordinated manipulation of the crowd estimate (multi-accounting, bot submissions) and to anchor each prediction to the moment you submitted it. The submission-integrity hash is used here.
• To improve the product based on the feedback you send us.

We use third-party processors to actually run the service. As of 9 May 2026:

• Database and authentication providers — your account row, profile, predictions and picks live here. Hosted on Australian servers where possible; some auth metadata may transit overseas infrastructure.
• Web hosting and edge providers — serve the website and process web requests. Logs may be stored briefly in overseas edge locations.
• Email delivery providers — send transactional and weekly emails from updates.lotworth.com.au. They hold your email address and the contents of messages we send you.
• Product analytics providers — receive the anonymous page-view and event data described in §2. Configured to minimise collection: no session replay, no heatmaps, IP addresses anonymised, and the tracker honours the browser’s “Do Not Track” signal — when DNT is on, no events are sent.
• Google (only if you use Google sign-in) — the OAuth handshake passes through Google so it can confirm your identity. Google’s own privacy policy applies to anything that happens on their side.

Some of these providers are based outside Australia, which means your data may be processed overseas. We’ve picked providers with reasonable security and privacy postures, but you should know cross-border processing is part of using Lotworth.

• Other players see your display name on leaderboards and on post-auction results pages where your pick is listed, along with your tier badge and your point totals. They never see your email, your IP address, your Google profile picture, or any setting you keep in /settings.
• Your Google profile picture is off by default. If you signed in with Google, your profile picture is not displayed anywhere unless you opt in via /settings. When opted in, it appears only in your own account dropdown (top-right masthead). It is never displayed on leaderboards, results pages, or any other public surface.
• The aggregate signal derived from all players’ predictions may be published or sold to third parties (e.g. property professionals) in future, but only as aggregated, anonymised numbers — never tied to identifiable individuals.
• We do not sell your personal data. Email addresses, IP addresses, profile fields, and individual picks are not shared with advertisers or marketers.
• We may disclose information if required by Australian law (e.g. valid court order or law-enforcement request).

Cookies set by Lotworth:

• Authentication session cookies — keep you signed in across page loads, plus a temporary cookie set during sign-in only that’s discarded once you’re signed in.
• Analytics cookie — stores an anonymous identifier so we can stitch your visits into a single user journey. Per-browser; deleting it gives you a fresh anonymous identity. Not set if your browser sends the “Do Not Track” signal.

We do not run advertising trackers, social-media pixels, or third-party analytics that build a cross-site profile of you.

You can delete your Lotworth account at any time from /settings. When you do:

• Your email, display name, and any profile fields are permanently removed.
• Your calibration record (overall MAPE, per-LGA accuracy, tier-transition history) and your tipster credibility score are permanently removed.
• Your email preferences and any pending email subscriptions are wiped.
• Your individual predictions, tips, email-send history, and any feedback you’ve submitted remain in our database (so historical leaderboards and the calibrated crowd estimate stay stable), but they are disconnected from your identity. On historical leaderboards, your name is replaced with a generic anonymised label.

Web-server logs are kept for up to 90 days for security purposes, then discarded. Backups containing personal data are rotated within 30 days of deletion.

The Australian Privacy Principles (under the Privacy Act 1988) apply to how we handle your personal information. You can:

• Access the personal information we hold about you — email hi@lotworth.com.au and we’ll send it within 30 days.
• Correct anything that’s wrong — most of it you can edit yourself in /settings; for anything else, email us.
• Complain if you think we’ve mishandled your data — first to us at the email above, then if unresolved, to the Office of the Australian Information Commissioner.

Lotworth is intended for adults thinking about Australian property. We don’t knowingly collect information from anyone under 16. If you believe a minor has signed up, contact hi@lotworth.com.au and we’ll delete the account.

If we change anything material — what we collect, who we share it with, where it’s stored — we’ll update this page and notify signed-in users by email at least 14 days before the change takes effect. The “Last updated” date at the top reflects the most recent revision.