English · Español
Scorecup — Privacy Policy
Effective date: 2026-05-31
This Privacy Policy describes how the Scorecup mobile application, together with its backend services (collectively, the "Application"), collects, uses, and shares your personal information. The Application is operated by German Ayala (the "Service Provider").
By creating an account or using the Application, you agree to the practices described in this Privacy Policy.
For any privacy-related question or request, contact us at contact@scorecup.net.
1. Information We Collect
1.1 Information you provide
When you register and use the Application, we collect:
- Username
- First name and last name
- Email address
- Password (stored only as a salted cryptographic hash — we never store your password in plain text)
- Avatar selection (an identifier for a profile image you choose; optional)
If you sign in using a third-party identity provider (see Section 4), we receive a unique identifier and the email address associated with your Google or Apple account.
1.2 Information collected automatically
- IP address, processed transiently to enforce rate limiting and protect the Application against abuse. It is not used to build a profile of you.
- Session data, including a session cookie/token used to keep you authenticated.
- Technical and security logs (for example, administrative actions and security events) used to operate, secure, and troubleshoot the Application.
1.3 What we do NOT collect
For clarity, the Application does not:
- Collect your device's geographic location (GPS or otherwise);
- Use advertising, remarketing, or behavioral-tracking technologies;
- Use third-party analytics SDKs (such as Google Analytics, Firebase Analytics, Amplitude, Mixpanel, or similar);
- Display advertising;
- Sell your personal information.
2. How We Use Your Information
We use your information to:
- Create and manage your account;
- Authenticate you and keep your session secure;
- Operate core Application features (tournaments, predictions, brackets, standings, and notifications);
- Send transactional service messages that are necessary to operate your account — specifically: email-verification codes, password-reset codes, and password-change confirmation codes. We do not send marketing or promotional emails.
- Send push notifications related to your activity in the Application;
- Protect the security and integrity of the Application and prevent abuse;
- Comply with legal obligations.
3. Push Notifications
The Application can send push notifications to your device. To deliver them, a push notification token associated with your device is processed through our notification provider (see Section 4). You can disable push notifications at any time from your device's system settings.
4. Third-Party Service Providers
We share personal data only with the service providers listed below, strictly to operate the Application. These providers act as processors on our behalf and are bound to handle your data only as instructed. We do not sell or rent your personal data.
| Provider | Purpose | Data shared | Privacy Policy |
|---|---|---|---|
| Resend | Sends transactional emails (verification, password reset/change) | Email address, name | resend.com/legal/privacy-policy |
| Google (Sign in with Google) | Optional social login | OAuth identifier, email | policies.google.com/privacy |
| Apple (Sign in with Apple) | Optional social login | OAuth identifier, email | apple.com/legal/privacy |
| Expo | Delivers push notifications | Device push token | expo.dev/privacy |
| Render | Application hosting | All account and usage data processed by the Application | render.com/privacy |
| Neon | Database hosting (PostgreSQL) | All account and usage data stored by the Application | neon.tech/privacy-policy |
We may also disclose information when required by law (for example, in response to a subpoena or other legal process), when we believe in good faith that disclosure is necessary to protect our rights or the safety of others, to investigate fraud, or to respond to a lawful government request.
5. International Data Transfers
Our service providers (including Resend, Google, Apple, Expo, Render, and Neon) may process and store data on servers located outside your country of residence, including in the United States. Where required by applicable law, transfers of personal data are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, an adequacy decision, or another legally recognized transfer mechanism.
6. Data Retention
- Account data (username, name, email, password hash, avatar, OAuth identifiers) is retained for as long as your account exists.
- Technical and security logs are retained only for as long as needed to operate and secure the Application, or as required by law.
- When you delete your account, we irreversibly anonymize it: we remove your email address, name, and username, delete your login credentials, and permanently delete any social-login (Google/Apple) identities and push-notification tokens associated with your account. Only anonymized game history (such as predictions and standings), which no longer identifies you, is retained — together with any information we are required to keep to comply with a legal obligation.
Note: If you are the owner of a tournament that has not yet finished, account deletion is blocked until you transfer ownership of that tournament or it ends. This prevents active tournaments from being left without an owner.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you;
- Correct inaccurate or incomplete data;
- Delete your personal data;
- Object to or restrict certain processing;
- Withdraw consent at any time, where processing is based on consent (this does not affect processing carried out before withdrawal);
- Data portability.
To exercise any of these rights, contact us at contact@scorecup.net. You can also delete your account directly from within the Application.
7.1 California privacy rights (CCPA / CPRA)
If you are a California resident, you have the right to know what personal information we collect, to request deletion of your personal information, to opt out of the sale or sharing of personal information (note: we do not sell or share your personal information), and not to be discriminated against for exercising your rights. To exercise these rights, contact us at contact@scorecup.net.
8. Children's Privacy
The Application is not intended for children under 16 years of age (or such higher age as required by applicable law). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@scorecup.net and we will delete it.
9. Security
We apply technical and organizational safeguards to protect your information, including hashing of passwords, encrypted transport (HTTPS), authenticated sessions, and rate limiting. No method of transmission or storage is completely secure, but we work to protect your data using industry-standard practices.
10. Data Breach Notification
If a data breach occurs that affects your personal data, we will notify you and the relevant authorities in accordance with applicable legal requirements, including, where required, the nature of the breach and the measures taken to address it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date, and, where required by law, seek your consent to material changes before they take effect. Previous versions are available upon request at contact@scorecup.net.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, contact the Service Provider at:
German Ayala
Email: contact@scorecup.net