Privacy Policy

1. Introduction

Welcome to QuinPick ("Service", "we", "us", or "our"). We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your information.

By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

When you create an account using Google OAuth, we collect:

• Name: Your display name from your Google account
• Email Address: Your email address from your Google account
• Profile Picture: Your Google profile picture (if available)
• Google User ID: A unique identifier from Google

When you use the Service, we also collect:

• Predictions: Your match predictions and tournament selections
• Scores: Your prediction accuracy and points earned
• Activity Data: Timestamps of when you make or update predictions

2.2 Automatically Collected Information

When you access the Service, we automatically collect:

• Device Information: Browser type, operating system, device type
• Usage Data: Pages visited, time spent on pages, navigation patterns
• IP Address: Your IP address for security and analytics purposes
• Cookies: Session cookies and authentication tokens (see Section 8)

2.3 Information We Do NOT Collect

We do not collect:

• Payment or financial information (the Service is free)
• Social Security Numbers or government IDs
• Precise geolocation data
• Biometric data
• Health or medical information

3. How We Use Your Information

We use your personal information for the following purposes:

• Account Management: To create and maintain your user account
• Service Delivery: To provide prediction game functionality and leaderboards
• Personalization: To display your name, predictions, and scores
• Communication: To send service updates, match results, and notifications (if you opt in)
• Analytics: To understand how users interact with the Service and improve features
• Security: To detect fraud, abuse, and unauthorized access
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

For users in the European Union (EU), European Economic Area (EEA), and United Kingdom (UK), we process your personal data under the following legal bases:

• Consent: You have given explicit consent for us to process your data (e.g., creating an account)
• Contract Performance: Processing is necessary to provide the Service you requested
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data in the following limited circumstances:

5.1 Public Information

The following information is displayed publicly on leaderboards and may be visible to other users:

• Your display name
• Your profile picture (if provided)
• Your prediction scores and rankings
• Your prediction accuracy statistics

5.2 Third-Party Service Providers

We share data with trusted third-party services that help us operate:

• Google (OAuth): For authentication and login services
• Vercel: For hosting and deployment infrastructure
• Database Provider: For secure data storage (e.g., PostgreSQL/Supabase)
• Analytics Services: For understanding usage patterns (if implemented)

These providers are contractually obligated to protect your data and may only use it for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law, such as:

• In response to valid legal requests (subpoenas, court orders)
• To protect our rights, property, or safety
• To enforce our Terms of Service
• To comply with regulatory obligations

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained until you delete your account
• Predictions: Retained for historical leaderboard purposes unless you request deletion
• Logs & Analytics: Retained for up to 12 months for security and improvement purposes

After account deletion, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory reasons.

7. Your Privacy Rights

7.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Opt-Out: Unsubscribe from email notifications

7.2 Additional GDPR Rights (EU/EEA/UK Users)

If you are located in the EU, EEA, or UK, you have additional rights:

• Right to Restriction: Limit how we process your data
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (this may limit Service functionality)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know: Request disclosure of what personal information we collect, use, and share
• Delete: Request deletion of your personal information
• Opt-Out of Sale: We do not sell personal information, so no opt-out is necessary
• Non-Discrimination: You will not be discriminated against for exercising your rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@[yourdomain].com. We will respond within 30 days (or as required by applicable law).

8. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve the Service:

8.1 Essential Cookies

Required for the Service to function:

• Authentication: Session tokens to keep you logged in
• Security: CSRF protection and fraud prevention

8.2 Analytics Cookies (Optional)

If implemented, we may use analytics cookies to understand how users interact with the Service. You can opt out of analytics tracking through your browser settings.

8.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

9. Data Security

We implement industry-standard security measures to protect your personal data:

• Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
• Authentication: Secure OAuth 2.0 authentication via Google
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Audits: Periodic security reviews and updates

However, no system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. Please report any security concerns to security@[yourdomain].com.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

For users between 13 and 18, we recommend obtaining parental consent before using the Service.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

For EU/EEA/UK users, we ensure appropriate safeguards are in place for international transfers, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Reliance on adequacy decisions where applicable
• Explicit consent where required

12. Third-Party Links

The Service may contain links to third-party websites or services (e.g., official FIFA sites, team websites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this page
• Sending an email notification (if you have opted in)
• Displaying a prominent notice on the Service

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

For EU/EEA users, you may also contact your local data protection authority if you have concerns about how we handle your personal data.