Privacy Policy

Last updated: February 2026

1. Data Controller

Sports Predictor, operating as a sole proprietorship (JDG) registered in Poland, is the data controller for the personal data collected through this Service. Our contact email is privacy@sportspredictor.pl.

2. Data We Collect

  • Account data: Email address, name, password (hashed)
  • Payment data: Processed by Stripe; we store only the last 4 digits and card brand
  • Usage data: Pages visited, features used, predictions viewed
  • Device data: Browser type, IP address, device type

3. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to provide the Service
  • Consent: Marketing communications (you can opt out)
  • Legitimate Interest: Security, fraud prevention, analytics

4. How We Use Your Data

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To send transactional emails (payment receipts, account updates)
  • To improve our predictions and features
  • To detect and prevent fraud

5. Data Sharing

We share data only with:

  • Stripe: Payment processing (PCI DSS compliant)
  • Clerk: Authentication services
  • Analytics providers: Anonymous usage statistics
  • Legal authorities: When required by law

6. International Transfers

Some of our service providers may process data outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

7. Data Retention

We retain your data for as long as your account is active. After account deletion, we retain data for up to 30 days to handle potential disputes, then permanently delete it. Financial records are kept for 5 years as required by Polish tax law.

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interest
  • Withdraw consent: Opt out of marketing at any time

To exercise these rights, email privacy@sportspredictor.pl. We respond within 30 days.

9. Cookies

We use essential cookies for authentication and security. We may use analytics cookies (which you can disable). See our cookie banner for preferences.

10. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, regular security audits, and access controls. However, no method of transmission over the Internet is 100% secure.

11. Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us immediately.

12. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email. Continued use constitutes acceptance.

13. Supervisory Authority

If you believe your GDPR rights have been violated, you have the right to lodge a complaint with the Polish Data Protection Authority (UODO - Urząd Ochrony Danych Osobowych).

14. Contact

For privacy inquiries or to exercise your rights, contact us at privacy@sportspredictor.pl