Balla StatsBalla Stats

Privacy Policy

Last Updated: October 26, 2025

Effective Date: October 12, 2025

Your Privacy Matters: This policy explains how Balla Stats ("we", "us", "our") collects, uses, and protects your personal information when you use our football statistics platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, password
  • Profile Information: Avatar/photo, preferences, notification settings
  • Player Information: Player names, positions, jersey numbers, statistics
  • Group & Team Information: Group names, team details, match data
  • Payment Information: Billing details processed securely by Stripe (we do not store full credit card numbers)
  • Communications: Feedback, support requests, emails

1.2 Information Automatically Collected

  • Usage Data: Pages viewed, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies & Tracking: Session cookies, analytics cookies (with your consent)
  • Performance Data: Error logs, crash reports (via Sentry)

2. How We Use Your Information

2.1 Service Provision

  • Create and manage your account
  • Process match statistics and generate reports
  • Enable real-time match tracking and notifications
  • Manage subscriptions and billing
  • Provide customer support

2.2 Communication

  • Send service-related notifications (match reminders, updates)
  • Respond to your inquiries and support requests
  • Send marketing emails (only with your consent)
  • Notify you of platform updates and new features

2.3 Improvement & Analytics

  • Analyze platform usage to improve features
  • Monitor performance and identify bugs
  • Conduct research and development
  • Generate anonymous aggregate statistics

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide our services
  • Consent: You have given explicit consent (e.g., marketing emails)
  • Legitimate Interests: Our business interests that don't override your rights (e.g., fraud prevention, analytics)
  • Legal Obligation: Compliance with applicable laws

4. Data Sharing & Third Parties

4.1 Service Providers

We share data with trusted third-party services:

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing (PCI-DSS compliant)
  • Sentry: Error tracking and monitoring
  • Resend/SendGrid: Email delivery
  • Vercel: Website hosting and CDN

4.2 Data Not Sold

We do not sell your personal data to third parties.

4.3 Legal Requirements

We may disclose data if required by law, court order, or government request.

5. Your GDPR Rights

If you are in the European Union, you have the following rights:

5.1 Right to Access (Article 15)

Request a copy of all your personal data. Use the "Download My Data" feature in your account settings.

5.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data in your account settings.

5.3 Right to Erasure (Article 17)

Request deletion of your account and all associated data. Available in account settings.

5.4 Right to Data Portability (Article 20)

Export your data in JSON or CSV format for transfer to another service.

5.5 Right to Object (Article 21)

Object to processing of your data for direct marketing purposes.

5.6 Right to Withdraw Consent (Article 7)

Withdraw consent for marketing emails or analytics cookies at any time.

5.7 Right to Lodge a Complaint

You may file a complaint with your local data protection authority if you believe we have violated your rights.

6. Data Security

We implement industry-standard security measures:

  • Encryption: All data transmitted over HTTPS (TLS 1.3)
  • Password Security: Passwords hashed with bcrypt
  • Two-Factor Authentication: Optional 2FA for enhanced security
  • Access Controls: Role-based permissions (OWNER, ADMIN, MEMBER, VIEWER)
  • Database Security: Row-level security policies on Supabase
  • Monitoring: Real-time error tracking and security monitoring
  • Backups: Automatic daily backups with encryption

7. Data Retention

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Data permanently deleted within 30 days (grace period)
  • Backups: Backup retention for 90 days
  • Legal Requirements: Some data may be retained longer if required by law
  • Anonymized Data: Aggregate statistics (non-identifiable) may be retained indefinitely

8. Cookies & Tracking

8.1 Essential Cookies

Required for platform functionality (authentication, sessions). Cannot be disabled.

8.2 Analytics Cookies

Google Analytics 4 for usage analytics. You can opt-out via cookie banner.

8.3 Managing Cookies

Control cookie preferences via the cookie banner or browser settings.

9. Children's Privacy

Balla Stats is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect your data.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or in-app notification. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

  • Email: privacy@ballastats.com
  • Support Email: support@ballastats.com
  • Data Protection Officer: dpo@ballastats.com

Exercise Your Rights

Ready to download your data or delete your account? Visit your Account Settings to exercise your GDPR rights.

Version: 1.0 | Last Updated: October 12, 2025