Privacy
policy.

WeySabi //bet is a product of WeySabi Tech, a Nigerian-registered technology company. Brand site: weysabi.com. Contact: glexdev@gmail.com.

This policy covers two products: the web app at bet.weysabi.com and the Chrome extension, sideloaded as an unpacked build (invite-only, no Chrome Web Store distribution).

• Telegram ID (numeric) — to identify your account.
• Display name + optional username — shown in the dashboard.
• Photo URL from your Telegram profile (optional, scrubbed if you opt out).
• JWT auth token + refresh token — stored in your browser's localStorage. Used to authenticate API calls to our engine.
• Script library records — which scripts you've saved to your account.
• Role (member / pro / admin) — set manually by the admin after a Pro upgrade.

• Your API token — pasted into the popup. Stored in chrome.storage.local on your device. Sent only to our engine over HTTPS.
• Your active bot script — the Lua / JavaScript source you're editing, stored in chrome.storage.local. Never transmitted unless you choose to save it to your library.
• UI preferences — selected currency, game type, sound on/off — local only.

The extension only activates on casino domains it's built to support — currently stake.com (all 7 mirrors) and wolf.bet. On any other site it stays dormant.

On a supported casino tab, the extension:

• Reads your balance, currency, and round results from the casino's own API responses (visible in the same tab as you).
• Places bets from your browser, using your existing casino session cookie. We never store, see, or proxy your casino credentials. The casino never sees our servers.
• Runs your selected Lua / JavaScript script in a CSP-isolated iframe sandbox with no access to fetch, the casino DOM, or your browser's storage outside the extension's own slot.

• Cloudflare D1 (Western Europe region) — your account record + script library. Encrypted at rest by Cloudflare.
• Cloudflare Workers logs — request access logs auto-expire in 24 hours. We do not export them anywhere else.
• Your browser — localStorage (web app JWT) and chrome.storage.local (extension API token + working script). Cleared when you uninstall or run logout.

We use the minimum third parties required to run the service. Each is listed below with what they see.

• Telegram (auth) — your Telegram ID + display name when you sign in via their Login Widget or OTP. Telegram's privacy policy: telegram.org/privacy.
• Cloudflare (hosting + D1 database + Workers) — all our infrastructure. Their privacy policy: cloudflare.com/privacypolicy.
• Anthropic (Script Genie only, admin-beta) — when you generate a script via the Genie endpoint, your prompt is sent to Claude. Anthropic's policy: anthropic.com/legal/privacy.
• Solana RPC (mainnet, public-beta nodes) — read-only queries to confirm purchase transfers. No private data.
• Google Fonts (Fraunces, Geist, JetBrains Mono, Montserrat) — bundled at build time via Next.js, no runtime CDN call from the user's browser.

Email glexdev@gmail.com from the email tied to your account, with the subject DELETE MY ACCOUNT. We will:

• Delete your account row, ownership records, and purchase orders from D1 within 7 days.
• Confirm the deletion by reply.

On-chain Solana transactions cannot be deleted (this is true of all blockchains, not specific to us). They remain visible on chain but no longer linked to a WeySabi account.

To purge local data yourself: clear browser storage for bet.weysabi.com and uninstall the extension at chrome://extensions.

We'll update the date stamp at the top of this page on every change. Material changes (new third party, expanded data collection, new permissions on the extension) will be announced in the dashboard banner at least 14 days before the change takes effect, so you can review or delete your account before they apply.

Questions, deletion requests, abuse reports, or legal notices: glexdev@gmail.com.

WEYSABI TECH · LAGOS, NIGERIA · 2026