FINAL
1
1
0
1
5
5
4
5
SCORE
Sign In
arrow_backBack

Legal

Privacy Policy

Last updated: May 2026  ·  Governing law: India

This policy explains what data FinalScore collects, why, and how it is used. It applies to all users of the Service and is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and rules made thereunder.

1. Data We Collect

We collect only what is necessary to operate the Service:

Email addressUsed for account creation, login, and service communications.
Username / display nameShown on leaderboards and within private leagues.
Prediction dataYour score and goalscorer predictions, timestamps, and earned points.
XP and badge historyYour progression data derived from prediction outcomes.
Device / browser infoIP address and user-agent, collected automatically via server logs for security and abuse prevention.

We do not collect payment information, phone numbers, or government ID of any kind.

2. How We Use Your Data

Your data is used solely to:

  • Create and authenticate your account
  • Record and score your predictions
  • Display leaderboards and league standings
  • Award XP and badges
  • Detect and prevent abuse, cheating, or unauthorised access
  • Send service-related communications (e.g. account verification)

We do not use your data for advertising, profiling, or sale to third parties.

3. Data Sharing

We share data only in these limited cases:

  • Supabase — our database and auth infrastructure provider. Data is stored on Supabase servers. Their privacy policy governs their handling of data at rest.
  • Vercel — our hosting and edge network provider. Vercel may collect IP addresses and request metadata via edge logs for performance and security purposes. Their privacy policy governs this data.
  • Legal obligation — if required by Indian law, court order, or government authority.

Your username and prediction results may be visible to other users on leaderboards and within leagues you join.

4. Data Retention

Your account data is retained for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate security purposes (e.g. abuse prevention logs).

Aggregated, anonymised statistics (e.g. total predictions on a match) may be retained indefinitely as they cannot be linked to any individual.

5. Security

Passwords are never stored in plaintext. Sessions are managed via short-lived JWTs stored in HttpOnly cookies, not accessible to browser scripts. All data in transit is encrypted via HTTPS.

No security system is infallible. In the event of a personal data breach:

  • We will notify affected users without undue delay if the breach is likely to result in a high risk to their rights or freedoms.
  • For users in the EU/EEA, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, as required under GDPR Art. 33.
  • Notifications will be sent to the email address associated with your account and/or posted prominently within the Service.

6. Your Rights

Under the DPDP Act 2023 and applicable Indian law, you (as a “Data Principal”) have the right to:

  • Access a summary of the personal data we hold about you and the purposes for which it is processed
  • Correct or update inaccurate or incomplete personal data
  • Request erasure of your personal data when it is no longer necessary for the purposes it was collected, subject to any legal retention obligations
  • Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity
  • Withdraw consent — you may withdraw consent to data processing at any time by deleting your account. Withdrawal does not affect the lawfulness of processing before withdrawal, and does not apply to data we are required to retain by law.
  • Raise a grievance with our Grievance Officer (see Section 10)

Account deletion is available from your profile settings. For all other requests, contact our Grievance Officer at hello@finalscore.app. We will respond within 30 days.

7. Cookies

We use cookies strictly for session management (HttpOnly auth cookie) and CSRF protection. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If we become aware that a user under 13 has registered, we will delete their account.

9. Changes to This Policy

We may update this policy at any time. We will notify users of material changes via the app. Continued use after changes are posted constitutes acceptance of the updated policy.

10. European Users (GDPR)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (“GDPR”) applies to our processing of your personal data in addition to the Indian law framework described above.

Lawful basis for processing

  • Contract performance (Art. 6(1)(b)) — processing your email, username, and prediction data is necessary to provide the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — IP address and user-agent logging for security, abuse prevention, and fraud detection. These interests are not overridden by your rights given the limited scope of data collected.

Additional rights under GDPR

In addition to the rights in Section 6, EU/EEA residents also have:

  • Right to data portability (Art. 20) — receive your personal data in a structured, machine-readable format and transfer it to another controller where processing is based on contract or consent.
  • Right to restriction of processing (Art. 18) — request that we limit processing of your data in certain circumstances (e.g. while accuracy is contested).
  • Right to object (Art. 21) — object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.

To exercise these rights, contact us at hello@finalscore.app. We will respond within 30 days.

International data transfers

Your data is stored and processed using Supabase and Vercel, both of which are US-based providers. Transfers to the US are covered by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. Both providers maintain GDPR-compliant Data Processing Agreements available on their respective websites.

Right to lodge a complaint

You have the right to lodge a complaint with your national data protection supervisory authority. A list of EU/EEA supervisory authorities is available at edpb.europa.eu.

11. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address complaints and data-related requests.

Grievance OfficerFinalScorehello@finalscore.app

Complaints will be acknowledged within 48 hours and resolved within 30 days of receipt. If you are not satisfied with our response, you may escalate to the relevant authority under the DPDP Act 2023 once such authority is established by the Government of India.

12. Contact

Privacy questions or data requests: hello@finalscore.app

Privacy Policy — FinalScore | FinalScore