Privacy Policy

Last updated:

This Privacy Policy explains how Ball ("we", "us", "our") collects, uses, and shares information when you access our websites, web and mobile applications, widgets, and related services (collectively, the "Service").

1) Scope & Controller

Ball is the data controller for personal information processed through the Service. This Policy applies to all users of the Service worldwide. Additional rights for certain regions are outlined below.

2) Information We Collect

2.1 Account & Profile

• Identifiers such as email address, display name, password (stored using strong hashing), and your selected club in My Team.
• Optional profile details you choose to provide (e.g., avatar, bio).

2.2 Gameplay & App Data

• Predictions and picks (W‑D‑L or exact scores), timestamps, and lock status for fair‑play.
• Leaderboard metrics and performance history (e.g., 7‑day, 30‑day, all‑time form).
• Preferences such as dark mode, language, timezone, and notification settings.

2.3 Usage, Device & Log Data

• Basic HTTP logs: IP address, user‑agent, referrer, date/time, pages or screens viewed, and the URL requested.
• Approximate location derived from IP (city/region level) for fraud prevention and schedule localization.
• Crash/diagnostics and performance telemetry.

2.4 Cookies & Local Storage

We keep cookies to a minimum. We may use:

• Essential cookies (e.g., session, CSRF) to keep you signed in and secure.
• Functional storage (e.g., localStorage) for theme (dark mode) and UI preferences.
• Analytics (first‑party or privacy‑centric) to understand aggregate usage. We do not use third‑party advertising cookies.

2.5 Communications

• Content of messages you send to Support and our replies.
• Your preferences for receiving product updates or marketing (where applicable).

2.6 Payment Information (if applicable)

If you purchase a paid plan, payments are processed by our third‑party payment processor. We do not store full payment card numbers. The processor provides us with limited billing metadata (e.g., last 4 digits, expiration month/year, transaction IDs).

3) Sources of Information

• You provide data directly (e.g., account creation, predictions, messages).
• Automated collection via your device and browser (e.g., logs, telemetry, cookies/local storage).
• Third parties such as authentication providers, payment processors, and sports data suppliers.

4) How We Use Information

• Provide, secure, and maintain the Service (e.g., account, sessions, predictions lock, leaderboards).
• Personalize experiences (e.g., My Team feed, timezone, dark mode).
• Generate and improve AI insights and probabilities using aggregate/anonymized signals where feasible.
• Monitor, prevent, and investigate fraud, cheating, and abuse (e.g., multi‑accounting, late edits).
• Understand product performance and plan new features via analytics and telemetry.
• Communicate with you about the Service, including security alerts and administrative messages.
• Comply with legal obligations and enforce our Terms.

5) Legal Bases (EEA/UK users)

• Contract (Art. 6(1)(b)): to provide the Service you request.
• Legitimate interests (Art. 6(1)(f)): security, fraud prevention, product analytics, and personalization consistent with your expectations.
• Consent (Art. 6(1)(a)): where required for optional analytics or marketing. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): to comply with applicable laws and requests from authorities.

6) How We Share Information

• Service providers/processors that host infrastructure, deliver analytics/telemetry, process payments, send emails, or provide customer support—bound by confidentiality and data‑processing terms.
• Sports data suppliers that provide fixtures, results, and related stats; we may share minimal technical data (e.g., IP or request headers) when you access their content via our Service.
• Public features such as leaderboards where your display name, avatar, and performance stats are visible to other users.
• Legal & safety: to comply with law, protect rights, or investigate abuse.
• Business transfers: in connection with a merger, acquisition, or asset sale.

We do not sell your personal information and we do not share it for cross‑context behavioral advertising as defined by applicable U.S. state laws.

7) International Data Transfers

Your information may be transferred to and processed in countries other than your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses to protect your information.

8) Data Retention

• Account data: kept while your account is active. If you delete your account, we delete or anonymize within a reasonable period, subject to legal retention obligations.
• Predictions & leaderboards: retained for historical stats and integrity; we may anonymize after account deletion.
• Logs & telemetry: typically kept for 30–180 days unless needed longer for security or legal reasons.
• Support messages: retained as long as necessary to address your request and maintain service records.

9) Security

We use technical and organizational measures appropriate to the risk (e.g., encryption in transit, hashed passwords, access controls, backups). No security is perfect; we cannot guarantee absolute security.

10) Your Rights & Choices

10.1 General

• Access, correct, or delete certain information in your account settings (where available) or by contacting Support.
• Cookie/Storage controls via your browser or system settings.
• Opt out of non‑essential emails using the unsubscribe link within those emails.

10.2 EEA/UK

You may have the right to request access, rectification, erasure, restriction, portability, and to object to processing, as well as the right to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.

10.3 U.S. State Privacy (e.g., CA/CPRA)

Residents of certain U.S. states may have rights to know/access, delete, correct, and opt‑out of sale/sharing and certain profiling. We do not sell or share personal information for cross‑context behavioral advertising. To exercise rights, contact Support. We will verify your request as required by law and will not discriminate for exercising your rights.

11) Automated Decisions & AI

We use models to generate probabilities and insights. These outputs may be imperfect and are intended for information and entertainment only. We do not make decisions with legal or similarly significant effects on individuals solely using automated processing.

12) Children

The Service is not directed to children under 13 (or the age of digital consent in your region, e.g., 16 in parts of the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact Support and we will take appropriate steps.

13) Do Not Track & Global Privacy Control

Browsers may send a "Do Not Track" signal; there is no common industry response. We limit tracking and do not run third‑party ads. Where required, we treat a valid Global Privacy Control (GPC) signal as a request to opt‑out of any sale/sharing (which we do not perform).

14) Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, if changes are material, provide additional notice (e.g., in‑app banner or email, where feasible).

15) Contact Us

If you have questions or requests about this Policy or our data practices, please visit Support.

← Back to Home