Privacy Policy

1. Information We Collect

We collect different types of information depending on how you interact with the Service:

• Account Information: When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (e.g., Google), we receive your name and email from that provider.
• Usage Data: We automatically collect information about your interactions with the Service, including pages viewed, features used, search queries, time spent on pages, and referring URLs.
• Device & Technical Data: We collect your IP address, browser type and version, operating system, device type, screen resolution, and language preferences. On mobile devices, we may collect push notification tokens (Expo push tokens) to deliver notifications you have opted into. This data helps us optimize the Service for different devices.
• Preference Data: Your selected language, theme preference (light/dark mode), pinned leagues, and other in-app settings stored locally on your device or in your account.

2. How We Use Your Information

We use the collected information for the following purposes:

• To provide, operate, and maintain the Service and its features
• To authenticate your identity and manage your account
• To personalize your experience (e.g., language, theme, favorite leagues)
• To analyze usage patterns and improve the Service's performance and features
• To communicate with you about service updates, security alerts, and support inquiries
• To detect, prevent, and respond to fraud, abuse, and security incidents
• To process subscriptions and in-app purchases, manage billing, and deliver push notifications you have opted into

3. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share your data only in these limited circumstances:

• Service Providers: We use trusted third-party services for hosting (Google Cloud Platform), authentication (Clerk), analytics (Google Analytics), payment processing (Stripe), mobile in-app purchase management (RevenueCat), push notifications (Expo), and email delivery. These providers process data on our behalf under contractual obligations to protect your information. Stripe and RevenueCat process payment and subscription data; they do not have access to your full payment card details, which are handled directly by Apple App Store or Google Play Store.
• Legal Obligations: We may disclose your information when required by law, court order, or governmental regulation, or when necessary to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change.
• With Your Consent: We may share your information for purposes not described in this policy only with your explicit consent.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Service. Specifically, we use: (a) essential cookies for authentication and session management; (b) preference cookies to store your language and theme settings; (c) analytics cookies (Google Analytics) to understand how visitors use the Service. Google Analytics collects anonymized usage data and is subject to Google's Privacy Policy.

You can control cookies through your browser settings. Blocking essential cookies may prevent some features from functioning. We do not use cookies for advertising or cross-site tracking. We do not participate in ad networks or serve third-party advertisements.

5. Your Rights (GDPR & Global Privacy)

Regardless of your location, you have the following rights regarding your personal data:

• Right of Access — request a copy of the personal data we hold about you
• Right to Rectification — request correction of inaccurate or incomplete data
• Right to Erasure — request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing — request that we limit how we use your data
• Right to Data Portability — receive your data in a structured, machine-readable format
• Right to Object — object to processing of your data for certain purposes

To exercise any of these rights, email us at contact@statof.com. We will respond to verified requests within 30 days. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

6. Data Security & Retention

We implement industry-standard security measures to protect your data, including HTTPS encryption in transit, secure server infrastructure on Google Cloud Platform, and access controls limiting who can access personal data. We retain your personal data only as long as necessary to provide the Service and fulfill the purposes described in this policy. Account data is retained until you delete your account. Usage and analytics data is retained in anonymized form. You may request deletion of your data at any time by contacting us.

7. International Data Transfers

The Service is hosted on Google Cloud Platform and your data may be processed in jurisdictions outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and compliance with applicable data protection frameworks.

8. Children's Privacy

The Service is not intended for users under the age of 16 (or the minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on this page and update the "Last updated" date. For material changes, we will provide prominent notice (such as a banner on the Service or an email notification). We encourage you to review this page periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at contact@statof.com or visit our Contact page. We aim to respond to all inquiries within 30 days.